I'm not entirely sure what the problem is. The way this usually works is that users going to a secure application would have a start page, in your case presumably 'secureUser/pageU.jsp'. Your welcome file list would include that.
Since pageU.jsp would require authentication, the container will catch a request for that page, and present LoginA.jsp instead. Once you've logged in the container will take you to the requested page, namely pageU.jsp. At that point request.getUserPrincipal() will be the authenticated principal. There is no need to do anything in a web page to redirect or what have you.
Arved Sandstrom
[Message sent by forum member 'arveds' (arveds)]
http://forums.java.net/jive/thread.jspa?messageID=324329