Hi mohammad enamul haque welcome to Javaranch
Firstly as suggested by Bear, use a descriptive subject line.
regarding your question, why dont you make secret.jsp instead of secret.html, so that you can check in the
JSP if the user accessing it is authenticated.
Another option is container managed security, but I am unsure how it works.
Hope this helps