I don't think that example will work the way you expect because when you click the "previous" button on a browser, it will simply load the previous page from its cache, not do a round-trip to the server where the code you quoted will be processed.
Also, if you are looking for a "real world" example of security, I recommend the
JEE Tutorial chapter on Securing Web Applications. The declarative method described in the tutorial is more reliable than the programmatic method in your example and it delegates the details of security to the web server, allowing you to concentrate on building your app.