Dúvida com Login

Front-end
#1

Galera procurei no forum assuntos relacionados a login porem está acontecendo uma coisa q eu nao esperava.
O meu filter tah funcionando, porem o seguinte bug ele soh mostra a primeira página quando vou entrar na outra página usando o sistema ele volta pro login.jsf.
alguem pode ajudar?

segue meu web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <!-- RichFaces -->
    <context-param>
        <param-name>org.richfaces.SKIN</param-name>
        <param-value>blueSky</param-value>
    </context-param>
    <context-param>
        <param-name>org.richfaces.CONTROL_SKINNING</param-name>
        <param-value>enable</param-value>
    </context-param>
    <filter>
        <display-name>RichFaces Filter</display-name>
        <filter-name>richfaces</filter-name>
        <filter-class>org.ajax4jsf.Filter</filter-class>
        <init-param>
            <param-name>createTempFiles</param-name>
            <param-value>false</param-value>
        </init-param>
        <init-param>
            <param-name>maxRequestSize</param-name>
            <param-value>20000000</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>richfaces</filter-name>
        <servlet-name>Faces Servlet</servlet-name>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>INCLUDE</dispatcher>
    </filter-mapping>
    <login-config>
        <auth-method>BASIC</auth-method>
    </login-config>
    <filter>
        <filter-name>Login Filter</filter-name>
        <filter-class>filter.LoginFilter</filter-class>
    </filter>


    <filter-mapping>
        <filter-name>Login Filter</filter-name>
        <url-pattern>*.jsf</url-pattern>
    </filter-mapping>

     <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.jsf</url-pattern>
    </servlet-mapping>
    <session-config>
    <session-timeout>
        20
    </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
</web-app>

meu bean

  public String verificarUsuario() {
        if (this.isUsuarioValido(user.getLogin(), user.getSenha())) {
            return "entrar";
        } else {
            JOptionPane.showMessageDialog(null, "Login ou senha inválidos");
            return "erro";
        }
    }

    public boolean isUsuarioValido(String strUser, String strSenha) {
        List<Usuario> userList = udao.getUsuarios();

        for (Usuario usu : userList) {
            if ((user.getLogin().equals(usu.getLogin())) && (user.getSenha().equals(usu.getSenha()))) {
                System.out.println("login e senha iguais no banco");
                return true;
            }
        }
        return msgErro;
    }

meu filter

package filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import model.login.Usuario;

public class LoginFilter implements Filter {

    private final static String FILTER_APPLIED = "_security_filter_applied";
    private Usuario usu;

    public LoginFilter() {
    }

    public void init(FilterConfig arg0) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        HttpServletRequest hreq = (HttpServletRequest) request;
        HttpServletResponse hresp = (HttpServletResponse) response;
        HttpSession session = hreq.getSession();

        hreq.getPathInfo();
        String paginaAtual = new String(hreq.getRequestURL());

        // dont filter login.jsp because otherwise an endless loop.
        // & only filter .jsp otherwise it will filter all images etc as well.
        if ((request.getAttribute(FILTER_APPLIED) == null) && paginaAtual != null
                && (!paginaAtual.endsWith("login.jsf"))
                && (paginaAtual.endsWith(".jsf"))) {
            request.setAttribute(FILTER_APPLIED, Boolean.TRUE);

            // If the session bean is not null get the session bean property
            // username.
            String user = null;
            if (((filter.LoginFilter) session.getAttribute("login")) != null) {
                user = ((filter.LoginFilter) session.getAttribute("login")).getUsu().getLogin();
            }

            if ((user == null) || (user.equals(""))) {
                hresp.sendRedirect("login.jsf");
                return;
            }

        }
        // deliver request to next filter
        chain.doFilter(request, response);
    }

    /**
     * @return the usu
     */
    public Usuario getUsu() {
        return usu;
    }

    /**
     * @param usu the usu to set
     */
    public void setUsu(Usuario usu) {
        this.usu = usu;
    }   
}
#2

Olá, como está?

Você deveria colocar o usuário na sessão, quando chega no filter o usuário sempre estará nulo, por que ele sobrevive somente o request.

Mas em vez de fazer login assim, procura algo sobre JAAS e Spring Security.

Abraço

#3