Here,
httpResponse.sendRedirect("login.jsp");
you're sending a new HTTP request for the target page instead of using the current request for it. This new HTTP request would of course hit the filter once again if it's been mapped on an overly generic URL pattern, such as /*. And the same checks would be performed and it would be redirected again. Etcetera. This is a neverending story.
You need to add an extra check to perform FilterChain#doFilter() as well when the currently requested page is the login page.
String loginURL = httpRequest.getContextPath() + "/login.jsp";
if (httpRequest.getRequestURI().equals(loginURL)) || session.getAttribute("userName") != null) {
chain.doFilter(request, response);
} else {
httpResponse.sendRedirect(loginURL);
}
Note that I also removed the nonsensicial check on the empty string as username (you'd however ensure that your code is nowhere setting an empty string as username. Just use null to represent a non-logged-in user. Also note that I fixed the redirect URL as well, because it would have failed when the currently requested URL is in a subfolder.
A different alternative is to put all those restricted pages in a common subfolder, such as /app, /secured, /restricted, etc and then map the filter on an URL pattern of /app/*, /secured/*, /restricted/*, etc instead. If you keep the login page outside this folder, then the filter won't be invoked when the login page is been requested.
