Filter里面实现未登录跳转，已登录权限判断

package com.erichfund.cljjfof.server.util;

import java.io.IOException;

/** 
 * @author 作者 zhuzhengquan: 
 * @version 创建时间：2016年11月21日 下午6:49:26 
 * 类说明 
 */
public class WebAuthFilter implements Filter {
    private String  errorPage;
    private Configuration cfg = null;
    
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
         errorPage = filterConfig.getInitParameter("errorPage");
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse)response;
        if(WebUserSession.getUserSession()== null ){
            if(req.getRequestURI().startsWith("/ajax1....") || 
                    req.getRequestURI().startsWith("/ajax2...")){ // 弹框登录
            }else{ // URL跳转
                String method = req.getMethod();
                String    returnUrl ;
                if(method.equals("GET")){
                    returnUrl = "/webfof_login/login?service=" + URLEncoder.encode("get " + req.getRequestURI() + (StringUtils.hasText(req.getQueryString())?"?"+req.getQueryString():""),"utf-8");
                }else if(method.equals("POST")){
                    String host="";
                    String path = req.getRequestURI() + (StringUtils.hasText(req.getQueryString())?"?"+req.getQueryString():"");
                    MultivaluedMap<String,String> formParams = FormUrlEncodedProvider.parseForm(req.getInputStream());
                    Map<String,Object> data = new HashMap<String,Object>();
                    data.put("host", host);
                    data.put("path", path);
                    data.put("formParams", formParams);
                    String url = JsonUtil.serializeToJson(data);
                    returnUrl = "/webfof_login/login?service=" + URLEncoder.encode("post " + url,"utf-8");
                }else{
                    throw new RuntimeException("not support "+method);
                }
                res.sendRedirect(returnUrl);//LCK login.jsp
            }
            return;
        }else{
            String uri = ((HttpServletRequest)request).getRequestURI();
            IAuthService authService = EnviromentUtil.getWebApplicationContext().getBean(IAuthService.class);
            boolean hasOperatePrivilege = authService.hasOperatePrivilege(UserSession.getUserSession().getOpid(), uri);
            if(!hasOperatePrivilege){
                cfg = new Configuration();
                cfg.setServletContextForTemplateLoading(request.getServletContext(), null);
                
                // 创建数据模型  
                Map<String,String> dataMap = new HashMap<String,String>();  
                dataMap.put("msg", "您无权访问此链接");
                Template template = cfg.getTemplate(errorPage);
                PrintWriter out = res.getWriter();
                try {  
                    template.process(dataMap, out);  
                } catch (TemplateException e) {  
                    e.printStackTrace();  
                }  
                out.flush(); 
//                request.setAttribute("msg", "您无权访问此链接");//存储业务异常信息类  
//                request.getRequestDispatcher(errorPage).forward(request, response);//跳转到信息提示页面！！
                return;
            }
                
        }
        chain.doFilter(request, response);
    }

    @Override
    public void destroy() {
        // TODO Auto-generated method stub

    }

}