I'm with Bear.
Sabarish Venkat wrote:I don't want to add security in a simple application. Consider i have a login page and a inner page. After login am showing the inner page
It sounds like you do have security, it's just poorly implemented. You
can create your own security scheme, perhaps by creating a custom interceptor and/or
JSP tag that checks for the session and redirects to the login page if there is none. Of course, whether this is easier than simply configuring the web.xml to restrict resources is debatable. It
will be less secure and less portable than the well-tested and debugged
JEE security mechanism.