You might want to try following the MVC architecture (see Jakarta
Struts). Instead of putting your login logic in a JSP page, put it in a JavaBean and access that bean using a
servlet (or Struts action bean). If the JavaBean successfully logs in the user, forward the request to your index.jsp page. If not, forward back to your login form.
Otherwise, you might want to try using the built-in login functionality in the servlet specificiation by adding security-constraint, login-config, and security-role elements to your web.xml file. Hope this helps.