WebSphere Application Server can only secure components that it owns. Any static pages that are served from the Web server cannot be protected by WebSphere tools. They will require using Web server related security mechanisms and will be transparent to WebSphere.
Most Web servers are able to secure the files that they serve. For example, IBMHTTP Server can protect its own resources, in the following ways:
HTTP basic authentication uses user identity in the network or the user ID and password the user submits. The authentication can also be made based on a combination of these elements.
HTTP digest authentication uses MD5 ...