I did try using filter Marc.
But here is the scenario.
Since Tomcat 6.x did not kick off filter for j_security_check,
I made my own
servlet (AppGroupInit) that adds additional session variable to the successful logins and forwards it to the defaut.jsp
<filter>
<filter-name>AppGroupSwitch</filter-name>
<filter-class>AppGroupSwitch </filter-class>
</filter>
<filter-mapping>
<filter-name>AppGroupSwitch </filter-name>
<url-pattern>/AppGroupInit</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>AppGroupInit</welcome-file>
</welcome-file-list>
Since I have only one file referenced in welcome-file-list, everything is smooth when uses do not use bookmarked link.
But my problem is if uses has bookmarked other pages then AppGroupInit servlet never runs and uses is directly forwarded to whatever page they had bookmarked.