This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
First obvious question: Are you sure this .jsp is executed when you submit your login form (you have a System.out.println to print the password, does it appear in the server log)? If the .jsp is indeed executed, then go on step by step, add some more System.out.println to see how the code flows (one for success case, one for failed login case). If the code is called correctly, then your frame page parts may not be accessible, so check that out.
That said, you have a SERIOUS mess here. JSPs should not contain Java code (especially not database operations), it should be in its own Java class (probably a servlet controller). Then you introduce security problems by making a direct query to the database (look up PreparedStatement).
Honestly, I would completely scrap this and rewrite it cleanly, using a servlet controller for the login process, and JSPs only for the view.