A couple of ideas
(1) If you can modify the web.xml of your webapps, just put in a few lines into the web.xml to require basic authentication. The trick is to make sure that the user has been designated a role in the tomcat-users.xml that matches the role defined in the auth-constraint section of the web.xml:
web.xml:
<auth-constraint>
<role-name>protected</role-name>
</auth-constraint>
tomcat-users.xml:
<tomcat-users>
<user name="theuser" password="pas" roles="protected" />
</tomcat-users>
(2) If your Tomcat server has an APache httpd server in front of it, it's pretty easy to do this in Apache. In your configuration file, you'll just need to set up something like this:
<Location /webappname>
AuthType Basic
AuthName "Protected site"
AuthUserFile /etc/apache2/passwords
Require user theuser
</Location>