Hello!
I have created 2 html pages and 2 GWT modules. The first page is a login page. If the login is successful, i open the second page with Window.Location.assign("URL"). I can still open the second webpage without logging in just by typing the correct URL in the browser.
How to prevent this second page from displaying if user is not logged in?
This is best done using server side technology (it's up to you which one you choose, Java EE is the only one I'm really familiar with, and it's almost trivial if you use that).
Alternatively, if what you're building is very Javascript heavy (you're using GWT after all), you could always add some Javascript on the second page to detect if the user is logged in, and redirect them to the first (login) page if they are not. This is far less robust though.
Authenticating on the server-side is a MUST. Any client-side authentication checks can and will fail if someone really wants to get in.
.NET, Java, PHP, Ruby. Any of these will handle authentication functionality.
Like Jason said - use one GWT module and handle authentication from your app (of course, you should check if the user is really logged in with the server - never rely on the client side only). There are many questions about that on SO already - for example, this one.
And if you want to show different pages based on whether the user is logged in or not, the Decorator pattern might be of (immense) help :)