Hi mohammad enamul haque welcome to Javaranch Firstly as suggested by Bear, use a descriptive subject line.
regarding your question, why dont you make secret.jsp instead of secret.html, so that you can check in the JSP if the user accessing it is authenticated. Another option is container managed security, but I am unsure how it works.
Not really, it would be better to use declarative security, since what you have described is Form Based Authentication (look in the documentation for your container)
This allows you to put member resources (like your file) in a /member/ directory and the container makes sure that people have that role before they are allowed to access the resource. Applying security to each resource is error-prone.
Hello Friend, If you could give me little more detail then it could be helpful for me to help you.Any way if you are using just jsp pages then then give form action to first page and make first page also jsp page. If you are using servlet then redirect the control from servlet to the first page.
Since you are using form based authentication, you just have to name your user name field as j_username and your password field as j_password and the form action as j_security_check. Then you server will automatically manage redirecting to login.jsp for login. After successfull login the user will automatically be redirected to secret.html. Here's the code for login.jsp
This should do it. But this will only work if you have defined form based security for the secret.html file in the deployment descriptor (web.xml) for your web application.