I finished for you the servlet spec summary document this morning by adding Filters ans Security sections. It IS a summary as you can see, but points out key points about each subject. Feedback appreciated if you feel some points are missing. Link to this new doc is in my signature.
I also had to correct my scwcd_notes document because i found one mistake while working on the security section of servlet spec. I wrote this about auth-constraint combos : if one security-constraint refering to a request (resource/http method pair) has NO auth-constraint for the specified request, then NO user is allowed. Which is false, in this case ALL users are allowed.
Page 48 :
Doc is corrected and uploaded, you can get the latest version in my signature.