Hi there,
To echo what David said, Web App containers (
Tomcat and others) use a form of security called 'declaritive security.' What this means is that you 'declare' a web resource (
servlet or
jsp) to be inside your security perimeter usally in web.xml.
If an unauthenticated or unauthorized (two different things) user attempts to access that page (by clicking a link or typing in their URL bar) they get redirected to your login page or a login window pops up. After sucessful login they get forwarded to the original requested resource.
I hope that helps. I attached the code from the web.xml for the project I am currently working on.
I hope that is helpful.
Tom
SCJP '02, SCWCD '02, SCJD '08, SCSNB '09, SCEA '10