Headers are usually not required for what you are doing. The headers are created by the browser and they tell the server what is being request, how it is being requested and from who. Usually, the info you need from the headers are available as a set of methods on the HttpServletRequest object (getRequestType() and so on).
Parameters are what is coming from page the user was on when the request was made. If you have an HTML page with a UserName and Password ...
... the method getParameter("userName") will return what the user entered in that field. This is alwasy a
String, so you will need to convert/validate non String values (numbers, dates).
Attributes are set by the web app(Servlet/Filter/JSP). Usually, a Servlet will get a bunch of parameters, do work based on those parameters (DB Query) and place the results in the request as an Attribute. If a user logs in correctly, you may create a UserBean object. You could then place this bean in the Request (Usually you would place this in the Session, which also has a setAttribute method) and forward to a
JSP page. The JSP page can get the UserBean from the Request (via getAttribute) and show user info as needed.
Hope this helps.