How can I create a protected, "restricted" website? I.e., where someone can only access the site by e.g., entering a password.

JIA Java Italian Association

Normally web servers have their own protection system already in place. If you are running Apache, for example, or anothe NCSA compliant web server, you can rely on the standard basic authentication. You can take a look ath this interesting article for Apache, and eventually check the documentation of your web server to see if they have something similar.

In addition, on the Servlet-Container side, I'll suggest you to take a look at the Servlet 2.2 Specification. Chapter 11 is entirely dedicated to the "Security" topic and can give you a clear understanding of what you can achieve with a Servlet Container. In addition, take a look at the DTD of web.xml, the Web Application Descriptor, Paragraph 3.12 and a security example at Paragraph 13.3.2.