You'll need to tell us which app server you're using, some of them behave slightly differently. The short answer is that you need to set up 'declarative security' in your web application by changing settings in your web.xml
To echo what David said, Web App containers (Tomcat and others) use a form of security called 'declaritive security.' What this means is that you 'declare' a web resource (servlet or jsp) to be inside your security perimeter usally in web.xml. If an unauthenticated or unauthorized (two different things) user attempts to access that page (by clicking a link or typing in their URL bar) they get redirected to your login page or a login window pops up. After sucessful login they get forwarded to the original requested resource.
I hope that helps. I attached the code from the web.xml for the project I am currently working on.