A few things. You can use the container managed security features of your app server (
tomcat, Weblogic,
JBoss, Resin, etc) to lock down your pages. You can also create a filter (SecurityFilter) that makes sure whoever has the right privileges can only view the pages.
If it's a matter of the order in which the pages are viewed in the sense that you don't want someone to view results without being at the prior page first, that's probably something you'll need to configure in your managed bean.