I can't seem to find the 2900XL on feature navigator. That is the best way to determine what hardware, software combinations support a particular feature. Check out the URL below.
This is a good site for determining these things. However, as you pointed out, the 2900XL isn't listed. I'm going to see if I can get an IOS 12.2 for the switch, since that seems to be when port-security was introduced. If not, the 2950 has it as of 12.2, so I'll go for one of those off eBay.
I have a 24 port 2900XL switch that I was using for my studies that I ran into the same problem. It doesn't support 12.2 so if you really wanted to use that version of the IOS, you would have to get a different switch.
It's not hooked up in my home network right now so I can't verify this 100%, but I believe the Port Security configurations all start with "port-security".
Even then, the only things you can configure are max MAC addresses and what whether to shut down the port in the event of a violation. I don't believe you can even tell it what the allowed MACs are. But you can play with at least those two features.
If you want to be able to use the "mac-address sticky", and "protect", "restrict", and other features of port security you'll need to opt for a 2950.
Hope that helps.