You can use servlet filter say "SecondAuth" in which you can check if user has already authenticated second time or not by referring a session flag; and if not, you can redirect to second authentication page. Remember to store the requested URL in session variable. Once user successfully authenticate again you can redirect to the requested page.
You can protect multiple pages using web.xml configuration as below:
web.xml
<filter>
<filter-name>secondauth</filter-name>
<filter-class>com.auth.SecondAuth</filter-class>
</filter>
<filter-mapping>
<filter-name>secondauth</filter-name>
<url-pattern>/app/secure1.jsp</url-pattern>
<url-pattern>/app/secure2.jsp</url-pattern>
</filter-mapping>
For how to use servlet filter you can refer to How to use a servlet filter in Java to change an incoming servlet request url?