This can be done in different ways.
You can create a Filter that verifies every request if the user is logged in and redirect the user to a page if it is not logged in.
You can authorize acces to the pages through the web.xml in which you define which roles can access which pages, but for this you should read about JAAS
here.
I think the best way to do this is through JAAS, is cleaner and is not reaaly hard to use it.
If you have any questions don't hesitate to ask.
[ July 15, 2008: Message edited by: Andres Quinones ]