You can use filters for handling such scenario.Filters are classes which are used to intercept request from a client before they access a resource at back end. You can also use filters the other way round i.e.intercept response before it reaches client. Here you can use former one.
Steps can be as below:
1.When user logs in successfully you can set some session attribute to indicate that user is logged in
session.setAttribute("isUserLoggedIn",true);
2.You can write a class which implements javax.servlet.filter interface and override the doFilter method.In the doFilter method you can check whether "isUserLoggedIn" attribute is already set.If its already set ,you can allow the request to go ahead ,or else you can forward the user to login page or any custom page you want.
You can decide which URL patterns you want this filter to get invoked.If you want this filter to be invoked for each request i.e. for each URL pattern ,you can say soemthing like below in web.xml:
<url-pattern>/*</url-pattern>
You can get idea of how filters work @
http://www.oracle.com/technetwork/java/filters-137243.html
Hope this helps!