how to stop user to acces directly inner page of a website

suppose a user enters directly inner page uri without authentication, then by default it displays that page.

how can i disable this action, means anybody without login should not be able to see the inner pages...

Are you validating the session on each page? I guess internal page means the pages hosted as part of your web application.

You can use servlet to set a session attribute of a request say "login" to true or false by using the password check mehtod you created. Every inner jsp page should get the login attribute and check whether it is true or false. if the login attribute is false or null redirect the page to login page of your application.

Any better idea on this topic???

Try setting up the <security-constraint> and <web-resource-collection> in your web descriptor. That should work just fine.

The other efficient way of achieving this is by using filters. As any incoming request should and must go through the filter, In the filter you can have the authentication logic which prevents the illegal access of secured pages.