Estive dando uma olhada no exemplo que postou e o que fez até o momento não foge muito do real. Existem sim alguns errinhos ali e aqui, que tentarei te mostrar criando um exemplo prático do zero (sem implementar DAO). Dois erros que notei de cara primeiro foi que voce nao criou nenhuma classe que implemente a interface Filter (o filtro propriamente dito) nem tao pouco a declarou no seu web.xml. Bom, vamos ver como ficaria entao este exemplo:
1o Passo - Definir o layout da pagina de login
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>
<h1>Exemplo de Filtro - Login Page</h1>
${mensagem}
<form action="login" method="post">
<table>
<tr>
<td><label for="idUsername">Usuario:</label></td>
<td><input type="text" id="idUsername" name="txtUsername"></td>
</tr>
<tr>
<td><label for="idPassword">Senha:</label></td>
<td><input type="password" id="idPassword" name="txtPassword"></td>
</tr>
<tr>
<td><input type="submit" value="Enviar Dados"></td>
</tr>
</table>
</form>
</body>
</html>
2o Passo - Definir a classe que represente o login (Javabean);
/*
* Login.java
*
* Created on October 23, 2007, 10:57 PM
*
* To change this template, choose Tools | Template Manager
* and open the template in the editor.
*/
package br.com.testando.filtro.model;
import java.io.Serializable;
/**
*
* @author Alexandre
*/
public class Login implements Serializable {
private String username;
private String password;
/** Creates a new instance of Login */
public Login() {
}
public Login(String username, String password) {
setUsername(username);
setPassword(password);
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
3o Passo - Definir o servlet que ira tratar da logica para realizar a validacao colocando-se assim um objeto na Session para validacao final no filtro
/*
* LoginServlet.java
*
* Created on October 23, 2007, 10:51 PM
*/
package br.com.testando.filtro.servlet;
import br.com.testando.filtro.model.Login;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
/**
*
* @author Alexandre
* @version
*/
public class LoginServlet extends HttpServlet {
/** Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
* @param request servlet request
* @param response servlet response
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String usuario = request.getParameter("txtUsername");
String senha = request.getParameter("txtPassword");
String mensagem = "";
String urlDestino = "";
String contexto = request.getContextPath();
if ((usuario == null) || (usuario.equals(""))) {
mensagem = "Usuario invalido. Favor digitar novamente.";
urlDestino = "/index.jsp";
} else if ((senha == null) || (senha.equals(""))) {
mensagem = "Senha invalida. Favor digitar novamente.";
urlDestino = "/index.jsp";
} else {
if (usuario.equals("testando") && (senha.equals("filtro"))) {
Login login = new Login(usuario, senha);
HttpSession session = request.getSession();
session.setAttribute("login", login);
mensagem = "Usuario autenticado!";
urlDestino = "/restrict/main.jsp";
} else {
mensagem = "Usuario e senha invalido!!!";
urlDestino = "/index.jsp";
}
}
request.setAttribute("mensagem", mensagem);
RequestDispatcher rd = request.getRequestDispatcher(urlDestino);
rd.forward(request, response);
}
// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
/** Handles the HTTP <code>GET</code> method.
* @param request servlet request
* @param response servlet response
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/** Handles the HTTP <code>POST</code> method.
* @param request servlet request
* @param response servlet response
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
}
4o Passo - Declarar a classe que implemente Filter
/*
* LoginFilter.java
*
* Created on October 23, 2007, 11:10 PM
*/
package br.com.testando.filtro.filter;
import br.com.testando.filtro.model.Login;
import java.io.*;
import javax.servlet.*;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
*
* @author Alexandre
* @version
*/
public class LoginFilter implements Filter {
public void init(FilterConfig config) throws ServletException {
}
// The filter configuration object we are associated with. If
// this value is null, this filter instance is not currently
// configured.
private FilterConfig filterConfig = null;
/**
*
* @param request The servlet request we are processing
* @param result The servlet response we are creating
* @param chain The filter chain we are processing
*
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet error occurs
*/
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
Login login = (Login)req.getSession().getAttribute("login");
if (login != null) {
chain.doFilter(request, response);
} else {
HttpServletResponse res = (HttpServletResponse)response;
res.sendRedirect(req.getContextPath() + "/index.jsp");
}
}
public void destroy() {
}
}
5o Passo - Configurar o arquivo web.xml indicando qual o filtro vc esta utilizando para realizar autenticacao
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>br.com.testando.filtro.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/restrict/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>br.com.testando.filtro.servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>
index.jsp
</welcome-file>
</welcome-file-list>
</web-app>
6o e ultimo passo - Definir a pagina com acesso “administrativo” (autenticado)
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>
<h1>Exemplo de Filtro - Pagina restrita ao usuario logado</h1>
${mensagem}
</body>
</html>
Acho que isso eh tudo. Nao vou comentar linha a linha, senao ficaria muito grande esta mensagem. Da uma boa analisada neste codigo que postei e tente entender mais ou menos o que acontece por de tras dos bastidores. Se ainda tiver alguma duvida, pode perguntar que irei te responder.
Abracos,