It seems like you are trying to control the flow from your filter logic.
Reading through your conditional expressions I'm a little confused as to what you are trying to accomplish. I mean, if /index.jsp is not at index 17 of the uri, you call doFilter. If it is, then an attempt to get the userId parm is made, if it is null, then you do a sendRedirect to a validation failed
jsp. If userId is not null then a validation attempt is made and another if block executes. This one says if validateUser is true or the URI endsWith "/CSC-ARXfer/faces/validationFailed.jsp". I don't know that at this point in the code the URI is ever going to end with that
string, so it seems unnecessary. If the result of this condition is false then a sendRedirect is executed.
Confused? I am a little too.
The way the code is, userService.validateUserID(userID); is only going to execute if the userId parm is not null and indexUri == 17.
Print out the URI string before evaluating it to see if it is what you expect.
Are you submitting the userId parm as part of your form everywhere it needs to be?
Lastly, you may want to consider revisting your page URL scheme for the app and catch only those requests that you want "filtered" via the filter <url-pattern> in web.xml. It may mean changing the URI of some pages, but I think this would simplify things a bit.
Short of that, maybe taking out the if (indexURI == 17) evaluation will give you want you want, since you are checking for userId != null anyway before calling the userService bean.