The problem is that your filter is running on login.jsp, and when the user is not logged in to will repeatedly redirect to itself. Because there is no exclusion syntax on filter url-pattern you will need to detect the URL in your filter and omit the redirect if you are already on the login.jsp page:
// your auth code
} else {
String redirect = httpRequest.getContextPath() + "/login.jsp";
String uri = httpRequest.getRequestURI().toString();
if (uri.endsWith(redirect)){
// URI ends with login.jsp, just process the chain
chain.doFilter();
} else {
// not on the login page and not logged in, redirect
httpResponse.sendRedirect(redirect);
return;
}
}
