This week's giveaway is in the Java/Jakarta EE forum. We're giving away four copies of Java EE 8 High Performance and have Romain Manni-Bucau on-line! See servlet or JSP.
basically, your filter should perform the authentication check (but not for pages that don't need to be authenticated, like the login page) and continue on if all is well, but redirect to the login page if not. The login page should submit to its action that checks the credentials and sets up the session, then traverses to the "main page" of the app (where the filter will check the session for valid authentication).