Java.lang.NullPointerException em Session Filter

Olá pessoal,
Estou a dias tentando implementar um controle de sessão em um projeto da faculdade… até agora só dor de cabeça e nenhum sucesso…

Bom, eu tenho um beanLogin de scopo session


import java.io.IOException;
import java.util.Collection;
import java.util.logging.Level;
import java.util.logging.Logger;

import javax.faces.application.FacesMessage;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;
import javax.faces.context.FacesContext;
import javax.faces.event.ActionEvent;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import webc.entity.Login;
import webc.entity.TipoUsuario;

/**
 *
 * @author Mendes
 */
@ManagedBean
@SessionScoped
public class BeanLogin {

    private int id_login;
    private int id_pessoa;
    private int id_tipo;
    private String password;
    private String email;
    private boolean autorizado;

    public BeanLogin() {
        autorizado = false;
    }

    public int getId_login() {
        return id_login;
    }

    public void setId_login(int id_login) {
        this.id_login = id_login;
    }

    public int getId_pessoa() {
        return id_pessoa;
    }

    public void setId_pessoa(int id_pessoa) {
        this.id_pessoa = id_pessoa;
    }

    public int getId_tipo() {
        return id_tipo;
    }

    public void setId_tipo(int id_tipo) {
        this.id_tipo = id_tipo;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public String getEmail() {
        return email;
    }

    public void setEmail(String email) {
        this.email = email;
    }

    public boolean isAutorizado() {
        return autorizado;
    }
    
    public void setAutorizado(boolean autorizado) {
        this.autorizado = autorizado;
    }

    public String logar() {
        String target = "home.xhtml";
        webc.entity.Login lo = new webc.entity.Login();
        lo.setEmail(email);
        lo.setPassword(password);

        if (!new webc.dao.DAOLogin().autorizar(lo, new webc.dao.DAOLogin().getAll())) {
            autorizado = false;
            target = "main.xhtml";
            FacesContext.getCurrentInstance().
                    addMessage("frmLogin:btnLogin", new FacesMessage("Usuário/senha inválidos"));
        } else {
            autorizado = true;
        }
        session.setAttribute("logado", autorizado);
        return target;
    }

    public void insert(webc.entity.Pessoa p, String senha) {
        Login l = new Login();
        TipoUsuario tp = new TipoUsuario();
        tp.setIdTipo(1);
        l.setIdPessoa(p);
        l.setIdTipo(tp);
        l.setEmail(p.getEmail());
        l.setPassword(senha);
        new webc.dao.DAOLogin().persist(l);
    }

    public boolean validaCadastro(String email) {
        java.util.Collection<Login> logins = new webc.dao.DAOLogin().getAll();
        for (Login lo : logins) {
            if (lo.getEmail().equals(email)) {
                return true;
            }
        }
        return false;
    }
}

Possuo o filtro …


/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package webc.util;

import java.io.IOException;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import webc.bean.BeanLogin;

@WebFilter(filterName = "sessionFilter", urlPatterns = {"/faces/painelAdm/*"})
public class sessionFilter implements Filter {
    
    private static final boolean debug = true;
    // The filter configuration object we are associated with.  If
    // this value is null, this filter instance is not currently
    // configured. 
    private FilterConfig filterConfig = null;
    
    public sessionFilter() {
    }    
    
    private void doBeforeProcessing(ServletRequest request, ServletResponse response)
            throws IOException, ServletException {
        if (debug) {
            log("sessionFilter:DoBeforeProcessing");
        }

        // Write code here to process the request and/or response before
        // the rest of the filter chain is invoked.

        // For example, a logging filter might log items on the request object,
        // such as the parameters.
	/*
         for (Enumeration en = request.getParameterNames(); en.hasMoreElements(); ) {
         String name = (String)en.nextElement();
         String values[] = request.getParameterValues(name);
         int n = values.length;
         StringBuffer buf = new StringBuffer();
         buf.append(name);
         buf.append("=");
         for(int i=0; i < n; i++) {
         buf.append(values[i]);
         if (i < n-1)
         buf.append(",");
         }
         log(buf.toString());
         }
         */
    }    
    
    private void doAfterProcessing(ServletRequest request, ServletResponse response)
            throws IOException, ServletException {
        if (debug) {
            log("sessionFilter:DoAfterProcessing");
        }

        // Write code here to process the request and/or response after
        // the rest of the filter chain is invoked.

        // For example, a logging filter might log the attributes on the
        // request object after the request has been processed. 
	/*
         for (Enumeration en = request.getAttributeNames(); en.hasMoreElements(); ) {
         String name = (String)en.nextElement();
         Object value = request.getAttribute(name);
         log("attribute: " + name + "=" + value.toString());

         }
         */

        // For example, a filter might append something to the response.
	/*
         PrintWriter respOut = new PrintWriter(response.getWriter());
         respOut.println("<P><B>This has been appended by an intrusive filter.</B>");
         */
    }

    /**
     *
     * @param request The servlet request we are processing
     * @param response The servlet response we are creating
     * @param chain The filter chain we are processing
     *
     * @exception IOException if an input/output error occurs
     * @exception ServletException if a servlet error occurs
     */
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain)
            throws IOException, ServletException {
        
         HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;
        
        BeanLogin bl = (BeanLogin) req.getSession().getAttribute("beanLogin");
        //aqui da o .NullPointerException
        if (bl.isAutorizado()) {
            chain.doFilter(request, response);

            res.sendRedirect("/faces/painelAdm/painelAdm.xhtml");
            
        } else {
            res.sendRedirect("../home.xhtml");
        }
        
    }

    /**
     * Return the filter configuration object for this filter.
     */
    public FilterConfig getFilterConfig() {
        return (this.filterConfig);
    }

    /**
     * Set the filter configuration object for this filter.
     *
     * @param filterConfig The filter configuration object
     */
    public void setFilterConfig(FilterConfig filterConfig) {
        this.filterConfig = filterConfig;
    }

    /**
     * Destroy method for this filter
     */
    public void destroy() {        
    }

    /**
     * Init method for this filter
     */
    public void init(FilterConfig filterConfig) {        
        this.filterConfig = filterConfig;
        if (filterConfig != null) {
            if (debug) {                
                log("sessionFilter:Initializing filter");
            }
        }
    }

    /**
     * Return a String representation of this object.
     */
    @Override
    public String toString() {
        if (filterConfig == null) {
            return ("sessionFilter()");
        }
        StringBuffer sb = new StringBuffer("sessionFilter(");
        sb.append(filterConfig);
        sb.append(")");
        return (sb.toString());
    }
    
    private void sendProcessingError(Throwable t, ServletResponse response) {
        String stackTrace = getStackTrace(t);        
        
        if (stackTrace != null && !stackTrace.equals("")) {
            try {
                response.setContentType("text/html");
                PrintStream ps = new PrintStream(response.getOutputStream());
                PrintWriter pw = new PrintWriter(ps);                
                pw.print("<html>\n<head>\n<title>Error</title>\n</head>\n<body>\n"); //NOI18N

                // PENDING! Localize this for next official release
                pw.print("<h1>The resource did not process correctly</h1>\n<pre>\n");                
                pw.print(stackTrace);                
                pw.print("</pre></body>\n</html>"); //NOI18N
                pw.close();
                ps.close();
                response.getOutputStream().close();
            } catch (Exception ex) {
            }
        } else {
            try {
                PrintStream ps = new PrintStream(response.getOutputStream());
                t.printStackTrace(ps);
                ps.close();
                response.getOutputStream().close();
            } catch (Exception ex) {
            }
        }
    }
    
    public static String getStackTrace(Throwable t) {
        String stackTrace = null;
        try {
            StringWriter sw = new StringWriter();
            PrintWriter pw = new PrintWriter(sw);
            t.printStackTrace(pw);
            pw.close();
            sw.close();
            stackTrace = sw.getBuffer().toString();
        } catch (Exception ex) {
        }
        return stackTrace;
    }
    
    public void log(String msg) {
        filterConfig.getServletContext().log(msg);        
    }
}

Configuração no web.xml

<filter>  
        <filter-name>sessionFilter</filter-name>  
        <filter-class>  
            webc.util.sessionFilter
        </filter-class>  
    </filter>  
  
    <filter-mapping>  
        <filter-name>sessionFilter</filter-name>  
        <url-pattern>/faces/painelAdm/*</url-pattern>  
    </filter-mapping> 

Não entendo o porque de ele dar .NullPointerException, pois o escopo é sessão então o objeto fica compartilhado não fica?

Pessoal, o problema é o meu beanLogin que não está guardando os valores que eu seto nele …

Meu professor não explico muito bem, e eu já pesquisei muito sobre os scopos…

Teoricamente o de sessão deveria manter ativo até o usuário fechar o navegador, mas o meu parece que assim que eu redireciono para outra página
ele perde os valores setados …

Alguém tem ideia do que possa ser?