Filter有要实现的三方法:
void init(FilterConfig config) throws ServletException
void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
void destroy()
第一个方法,Filter被加载时,首先执行这个方法,常用来做些初始化的动作。
第二个方法,Filter处理过程的方法,最后一个参数chain,则是把request,response传给下一个Filter的FilterChain 对象,FilterChain是用doFilter()方法来调用下一个Filter,或者当没有Filter可调用时,则调用原始的Servlet等网页部分。

其次需要在Web.xml中设定Filter类和对应的网页类别。

下面是一个用Filter来对请求做统一的认证处理(参《jsp2.0技术手册》)

public class SessionCheckerFilter implements Filter{
    private final Log logger = LogFactory.getLog(getClass());
    private ServletContext context;
    private String targetURI;
    private String loginChecker;

    /* (non-Javadoc)
     * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
     */
    public void init(FilterConfig config) throws ServletException {
       context = config.getServletContext();
       targetURI = config.getInitParameter("TargetURI");
       loginChecker = config.getInitParameter("loginChecker");
    }

    /* (non-Javadoc)
     * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
     */
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        // TODO Auto-generated method stub
        LoginUserPool loginUserPool = LoginUserPool.getInstance();
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        HttpSession session = httpRequest.getSession(false);
        if(session != null){
            String passed = (String) session.getAttribute("passed");

                if(passed.equals("true")){
                    chain.doFilter(httpRequest,httpResponse);
                    return;
                }else if(passed.equals("passing")){
                    if(new String(httpRequest.getRequestURI()).equals(httpRequest.getContextPath()+"/"+loginChecker)){
                        chain.doFilter(httpRequest,httpResponse);
                        return;
                    }
                }
            session.removeAttribute("passed");
        }
        StringBuffer requestURL = httpRequest.getRequestURL();
        String query = httpRequest.getQueryString();
        if(query != null){
            requestURL.append(query);
        }
        httpRequest.setAttribute("originalURI",new String(requestURL));
        httpRequest.getRequestDispatcher(targetURI).forward(httpRequest,httpResponse);
    }

    /* (non-Javadoc)
     * @see javax.servlet.Filter#destroy()
     */
    public void destroy() {
        // TODO Auto-generated method stub
        
    }

public class LoginChecker extends HttpServlet{
    private final Log logger = LogFactory.getLog(getClass());
    protected void doPost(
            HttpServletRequest httpRequest,
            HttpServletResponse httpResponse) throws IOException, ServletException {
            logger.info("Servlet:用户登陆合法性判断");
            String userId = httpRequest.getParameter("userId");
            String password = httpRequest.getParameter("password");
            String targetURI = httpRequest.getParameter("originalURI");
            if ((!userId.equals("admin")) || (!password.equals("1234"))) {
                throw new ServletException("粄靡ア毖");
            }
            
            HttpSession session = httpRequest.getSession();
            session.setAttribute("passed""true");
            httpResponse.sendRedirect(targetURI);
        }

 }

<%@ page contentType="text/html;charset=Big5" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>

<html>
<head>
  <title>CH11 - Login.jsp</title>
</head>
<body>

<h2></h2>
<h2>用户名admin,密码1234</h2>

<c:set var="passed" value="passing" scope="session" />
<form method="post" action="/JSPBook/LoginChecker">
  <table>
    <tr>
      <th>用户名</th>
      <td><input type="text" name="userId"></td>
    </tr>
    <tr>
      <th>密码</th>
      <td><input type="password" name="password"></td>
    </tr>
    <th><input type="hidden" name="originalURI" value="${requestScope.originalURI}"></th>
    
    <tr>
      <th><input name="submit" type="submit" value="确认"></th>
    </tr>
  </table>
</form>

</body>
</html>

<filter>     
      <filter-name>SessionChecker</filter-name>    
      <filter-class>tw.com.javaworld.CH11.SessionChecker</filter-class>    
      <init-param>
        <param-name>targetURI</param-name>        
        <param-value>/CH11/Login.jsp</param-value>    
      </init-param>
    </filter>
    <filter-mapping>    
      <filter-name>SessionChecker</filter-name>    
      <url-pattern>/*</url-pattern>
    </filter-mapping>
  
  <servlet>
        <servlet-name>LoginChecker</servlet-name>
        <servlet-class>tw.com.javaworld.CH11.LoginChecker</servlet-class>
    </servlet>    
    <servlet-mapping>
        <servlet-name>LoginChecker</servlet-name>
        <url-pattern>/LoginChecker</url-pattern>
    </servlet-mapping>



必须的话再做一些其它的过滤器,来判断,用户的合法性等等。