Juniper devices do not have an equivilent to the Cisco VTY. I'm not sure what you mean when you say the device isn't using a loopback interface, as it is the connection between the data plane and control plane. It exists by default on all Juniper devices even if it isn't configured, and does not require an address.
The standard way to control access to a Juniper device is with a firewall filter applied to the loopback interface, as in your example. This filter will restrict all traffic to the control plane, including management traffic like SSH, telnet, or NTP, as well as all routing protocol traffic - so this filter must take into account all possible traffic the control plane needs, or it needs to restrict the specific traffic you want to limit and allow all other traffic.
Once applied to the loopback interface, this filter will limit all traffic to the device itself on any IP address configured on the device regardless of what interface the IP may be assigned to. The filter could also be applied to the individual interfaces, but would only apply to traffic on that specific interface (EDIT: this approach could also impact any transit traffic on that interface as well). The loopback filter approach is a more comprehensive way to protect the device.
EDIT: yes, you could apply the same filter to the vlan interface as you stated. However, this would cause all traffic on that vlan to be evaluated against the filter, potentially impacting transit traffic flow. Also, if any other IP addresses are configured on other interfaces on the device, the filter on the vlan would not block traffic to the new IP - remember that Juniper devices are full L3 devices, and can have multiple IPs configured on the box. Best practice is to apply to the loopback interface, both to eliminate potential impact to transit traffic and for complete protection in the future as IPs may be changed.