Pretty much any decent book on J2EE that covers JSPs and servlets will have a chapter on configuring the container-managed security system and FORM-based authentication.
They then usually ruin all their good work by presenting demos that have a "login page" done as user code instead of using the container security system. Long experience has taught me that the technical term for user-code logins is "hacked". The container-managed security system has its own pre-debugged login code which is much more secure.
"privilege" comes from the Latin words for "private" and "law" (legal) and dates to feudal times. To "claim privilege" meant that you were above the laws that applied to the common people.