(and it certainly didn't look like the 'simple' solution I was hoping for !)
Apache web server thinks in terms of serving or executing files in directories. JEE servers map url-patterns to defined resource but can also serve up static resources and execute JSP files in directories. It would be difficult, in a more complex environment to do something as simple as htaccess.
If you're not averse to some coding, it would be fairly simple to write a filter to restrict access to specified directories.
subject: password protecting directories under Tomcat