This week's book giveaway is in the OCMJEA forum. We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line! See this thread for details.
Definitely! Actually, for convenience and out of its familiarity to most developers, we use Tomcat for all the examples in this book. The application is a (purposely) very simple "e-commerce" site (see this thread for a more detailed explanation of the design choices), and we start with conceptual building blocks (what is authentication? what is authorization?) as well as technical building blocks (how does a servlet filter chain work?) as we progressively secure the example site.
I certainly intended for this book to be very accessible to beginners (although we assume you know something about Spring, we don't use any advanced features of it), and I haven't (yet) had any feedback from readers that it's not - in fact, quite the opposite, all the feedback I've personally received thus far has been very positive
Based on the needs you list for your application (URL restriction, database validation), it sounds like Spring Security would replace a lot of your code with (most likely) a much simpler out of the box solution - if you're using Spring already, you should definitely check it out
I hope that answers your question!
Author, Spring Security 3 (the Book), Packt Publishing, 2010