A very simple approach would be to place a flag of some sort in his session when a user logs on. One could then write a filter which checks for the flag and forwards the request to the desired page only if present and an error page if not.
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com
subject: authentication before accessing resources