Hey Ramu,
I'm no Tomcat guru, but here's how I did it:
The manager is protected by basic authentication (handled by the browser). The popup window you thought was javascript is actually the browser itself prompting for authentication for Tomcat's manager app because it's using BASIC authentication.
To gain access to your manager and admin sites, you need to edit your tomcat-users.xml file and add a role for "manager" and a role for "admin". Once you have done this, you can either add those new roles to an existing user, or create your own.
Here is a
link that shows it with screen shots.
You can enable container based security on a web-app by modifying its web.xml and inputing the correct syntax for how you want it to authenticate (eg: FORM,BASIC, etc). If you notice that the Tomcat Admin doesn't have the popup, but an actual page, that's FORM based authentication.
More Info Hope that helps!