How can I create a protected, "restricted" website? I.e., where someone can only access the site by e.g., entering a password.
In addition, on the Servlet-Container side, I'll suggest you to take a look at the Servlet 2.2 Specification. Chapter 11 is entirely dedicated to the "Security" topic and can give you a clear understanding of what you can achieve with a Servlet Container. In addition, take a look at the DTD of web.xml, the Web Application Descriptor, Paragraph 3.12 and a security example at Paragraph 13.3.2.