How to prevent from directly loading javascript file from browser URL?

Because existing application did not have JAAS set up and it uses comtomized authantication and authorization.
I give up to use role-name and URL mapping to configure the permission in web.xml file.
Instead I try to set up one filter or servlet to authanticate the URL for javascript file loading.
If user account is in the http session, then javascript file can be loaded. Otherwise, send the error.
in web.xml, I add
<servlet-mapping>
<servlet-name>AccessCheckServlet</servlet-name>
<url-pattern>/scripts/*</url-pattern>
</servlet-mapping>

in the servlet doGet method, I wrote:
HttpSession session = request.getSession();
User user = (User) session.getAttribute(USER_KEY);
if(user == null){response.setStatus(400);}
else{
super.doGet(request, response); // problem code, I tried some other way}

no matter how I try, the javascript can not load to browser properly after login
if the jsp file head has javascript included.

Can someone help me out how to use servlet to load javascript file?

A JavaScript file can be streamed to a client just like any other file.

Where can I find the source code for streaming the js file?
Is there a way, servlet only checks the authentication, leave the loading file to web server?
Cause originally, web server does the js file loading.

try doing authentication in the filter instead.

Filter works. I made a mistake and thought filter has to combine with a servlet.
Thanks.