If you use the security system that is defined as part of the J2EE standard, the server itself will automatically require the user to log in as soon as a secured URL is requested.
And, unlike user-defined login systems, the J2EE container security standard is well-documented, well-tested, integrated with the J2EE API, and not easily defeated by non-technical users in under 15 minutes (which is about the upper limit for most of the user-designed login systems I've seen).
An IDE is no substitute for an Intelligent Developer.
It will give me the powers of the gods. Not bad for a tiny ad: