In the admin console, open the Applications option and select Enterprise Applications. In the right pane, click on the application you want to do this for. Scroll the resulting page down until you see "Map security roles to users/groups".
I haven't done this for any of my applications but my guess is that this is what you are looking for.
I am posting here a part of my web.xml that enforce the authentication and security. But it is not working as I wanted. Do I have to do anything else for the login.jsp to jump in when I access the restricted servlet?