Use a proper logging framework, don't just call printStackTrace();
Change the authenticateUser method so it authenticates the user, rather than returning a ResultSet.
Don't use an int where a boolean variable makes more sense.
Consider returning a 403 code rather then redirecting to a hard coded error
JSP (unless you take Jan's much better advice about container managed security).
If you don't want to use container managed security, set your security code in a filter rather than a
Servlet.
Don't use tables to positioning elements in your HTML. Use CSS instead.
Don't set the user's credentials in the session.