Hi Chgrimm, I got working with the attached files you have given. But the thing is that I was able to restrict only jsps and not the servlet. in your login.war's web-inf directory I created my CLASSES directory and placed my servlet classes under the packge servlets under CLASSES. So was getting confused what directory name should i restrict in <url-pattern> tag in order to secure the servlet. Following is the directory structure given by you.
LOGINTEST.WAR |--META-INF |--RESTRICTED(restricted jsps here) |--WEB-INF(web.xml & jboss.xml here) |-- CLASSES |-- SERVLETS(Here are my servlet class files)