Well, to secure your webapp (if the basic form authentication isn't good enough) - you could use a "login page" to authenticate and a ServletFilter to restrict access to your webapp. That's at least a start. You may also want to checkout the struts project (checkout apache.org). Struts is bascially a webapp framework (MVC for webapplications).
How can I do to use JaasSecurityManager ? What do I need to configure ? I'm reading the Online Manual but it lacks what I need : examples !!