if I've got your question right: you want to authenticate the user & have the login info before anything else.
authenticate the user making the request by any of the four authentication methods:
Basic authentication.
Client Certificate authentication.
Digest authentication.
Form authentication.
Once the user authenticated you can obtain the login of the user from the request object:
java.lang.String httpServletRequest.getRemoteUser().
There is more to
Java security, authentication / authorization; have barely scratched the surface n you've set me on the trail. have experimented with Basic and Form authentication.
am requesting the ranch rangers to suggest resources n hard books to start off with.