Hello,
I have a servlet and I want that no one should access the same. How to provide the declarative security for the same. I mean it should promp for login and password while accessing the same servlet/jsp. Do I need to code something in my servlet/jsp file for validation or declaring the security constraint in web.xml file is enough. Moreover tell me where to keep this web.xml file.
My directory structure is as follows:

JBOSS_HOME\server\default\deploy\client.war
client.war contains
|-- jsp (this directory has all the jsp)
|--WEB-INF(contains web.xml file and Classes directory )
|-- classes(contains servlets directory)
|-- servlets(all the servlet classes here)

More over do we need user.properties and role.properties file. If so where should I keep those.

At present my web.xml file is as follows:

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>

<servlet-name>MyServlet</servlet-name>
<servlet-class>servlets.MyServlet</servlet-class>

</web-app>

Can any one give me the complete xml file considering I have one servlet above.
Context root starts from /client directory.

Hope you got my problem.

Thanks & Regards
Sanjay