How can I deny a Servlet forwarding if this component should be protected by a login form? I mean, I have a jsp which is denied in the web.xml. If I call the jsp by link, the login form will be displayed - that works. However, if I call the jsp by my Controller Servlet, I get the jsp without any login-form...
Does anyone has a solution?
[ December 03, 2008: Message edited by: Michael Knaus ]
The default target is already index.jsp. So, target = "myprofil.jsp"; would be just set if the choice is "profil". I don't want to check the user in my Servlet by request.isUserInRole("user") to forward. I'm just looking for a declartive way in the web.xml.