In your web.xml file for your web app you could define that all servlet/JSP pages require a particular 'role' which you would assign to all users of your system. This will force the system to authenticate when it receives any request (and hence bring up the j_security_check FORM page). Is this what you want ?
It's not exactly what I need, though currently that's what I did. What happens if my login page contains other links which does not require logging in, or links to other sites? What happens if the user selects this links, regarding Tomcat which is on hold with the original "forced protected" page?