attachements in jsp application

In My application I want to send attachements
along with plain message(just like yahoo).
But how do i protect folders(in appache-tomcat server) which will contain this attachements.what i mean user can type URL of this folder and see this attachements.One more problem folders also will be dynamic that is each time user is added to my application folders will also be added for each user(which will contain his attachements).
please give some advice regarding this. :roll:

Have a main folder that contains the users folders and protect it and everything underneath using a security constraint that you specify in the deployment descriptor.

thank Calina Cazangiu
But where to find deployment descriptor
how to specify security constarint.
if security constraint is specified
how users can read their individual attachement
Basically i want to hide url of folder in all
my jsps so that user does not type directly type url in address bar see other users attachements

A common way to do this is to place the files away from the web root. Then users request the file from a Servlet, the Servlet decides if the user is allowed to see the file. If they are, it loads the file from the directory structuure and streams it to the client.
This also supports dynamic folders.
The servlet maps to (for example) "/download/*", then files that are requested via /download/Dave/myFile gets routed through the servlet. If I'm not logged in as Dave, the servlet doesn't allow the operation.
Is this more or less what you were looking for?
Dave

Thank you David O'Meara
This solved my problem