This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Servlet security and the web.xml file are both big topics - too big to cover in a post here. My advice would be to get an introductory servlet/JSP book, e.g. Head First Servlets/JSP. You could also read up on these concepts in the servlet specification, and study the examples that come with a servlet container like Tomcat.