This week's book giveaway is in the Programmer Certification forum. We're giving away four copies of OCP Oracle Certified Professional Java SE 11 Programmer I Study Guide: Exam 1Z0-815 and have Jeanne Boyarsky & Scott Selikoff on-line! See this thread for details.
The simplest way (as Saulius has mentioned) is to leverage the session handling capability in the servlet spec.
When a user logs in, bind an object to their session. It can be anyting but for conversation sake, we'll call it "userBean".
Have every component in your app first check for the existence of the userBean in session before processing a request. If userBean is null, then the session has expired. Redirect the user to the login screen.
If you're using a Servlet Spec 2.3 or higher container you can do this checking quite easily with a filter.