This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Pretty much any decent book on J2EE that covers JSPs and servlets will have a chapter on configuring the container-managed security system and FORM-based authentication.
They then usually ruin all their good work by presenting demos that have a "login page" done as user code instead of using the container security system. Long experience has taught me that the technical term for user-code logins is "hacked". The container-managed security system has its own pre-debugged login code which is much more secure.
Customer surveys are for companies who didn't pay proper attention to begin with.