What you want is a unified log in? So the user logs in to the web server, is challenged by a login screen, and after providing credentials, those credentials will mitigate access to J2EE resources, and to resources running on the web server?
Remember, normal J2EE security only deals with resources on the application server, aka WebSphere. The Http server is not considered to be part of the secured J2EE zone. Now, having said that, WebSphere has done some interesting things with IHS.
Quite often, extra tools, such as WebSeal or Tivoli Access Manager are used to create a single-sign on zone.