In Tomcat 7 there are several interesting filter, which are ready to be used:
- CsrfPreventionFilter (Cross-Site Request Forgery), for details about CSRF, see OWASP CSRF.
- SetCharacterEncodingFilter, for details see How to Handle Character Encoding in JSP and Servlets.
There are more out-of-the-box Filter, see FilterBase.
Also check out the Combined Realm org.apache.catalina.realm.LockOutRealm, which can be used to mitigate user password brute force attacks.