Thank you, Martin.
That was very clear and helpful.
Additionally, that information can also be generated by NetBeans via the Security Tab when I double-click on the web.xml file.
The granularity of ctrl is quite fine. I can even apply the security constraint based on a per-HTTP-method.
[Message sent by forum member 'arthury']
http://forums.java.net/jive/thread.jspa?messageID=483039