I use the jsp:useBean tag, but what you're doing in principle should work. I'm a bit confused by "session.getValue("u")", as you did a "session.putValue("user",u)", so where the "u" comes from I'm not sure.
Here's how I do it.
Code:
<jsp:useBean id="user" class="dec.common.beans.UserBean" scope="session" />
<jsp:useBean id="error" class="dec.common.beans.ErrorBean" scope="session" />
<%
String host = request.getServerName();
String path = request.getRequestURI();
if(user == null){
%>
<jsp:forward page="/index.jsp" />
<%
}else if(user.getUser() == null){
%>
<jsp:forward page="/index.jsp" />
<%
}else if(!user.getAuth()){
%>
<jsp:forward page="/index.jsp" />
<%
}else if(!request.isSecure()){
response.sendRedirect(response.encodeRedirectURL("https://" + host + path))
}
%>