这个代码fifter如何解决拼接路径和参数可以可以访问的问题,

@WebFilter(filterName = "authorizationfilter", urlPatterns = {"/*"}, initParams = {@WebInitParam(name = "enable", value = "true")})
public class AuthorizationFilter implements Filter {

private Map<String, String> requestUriMap;
private AuthorizationFilterProperties properties;

private Logger logger = LoggerFactory.getLogger(AuthorizationFilter.class);

@Resource
private VipAuthOpt vipAuthOpt;

@Override
public void init(FilterConfig arg0) throws ServletException {
}

@Override
public void destroy() {
}

@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {
    if (null == requestUriMap || null == properties) {
        requestUriMap = Maps.newHashMap();
        properties = SpringBeansUtils.getContext().getBean(AuthorizationFilterProperties.class);

        for (String requestUri : properties.getRequestUriList()) {
            requestUriMap.put(requestUri, requestUri);
        }
    }

    HttpServletRequest request = (HttpServletRequest) arg0;
    HttpServletResponse response = (HttpServletResponse) arg1;
    request.setCharacterEncoding("utf-8");
    response.setCharacterEncoding("utf-8");
    response.setContentType("text/html;charset=utf-8");
    String accessToken = request.getParameter("access_token");
    if (StringUtil.isEmpty(accessToken)) {
        accessToken = request.getHeader("access_token");
    }
    logger.info("accessToken========================" + accessToken);
    long time = NumberUtils.toLong(request.getParameter("time"), 0);
    String secret = request.getParameter("secret");
    //是否检验接口   老版客户端没有参数
    boolean falg = !StringUtil.isEmpty(secret) && 0 < time;
    logger.info("flag===============================" + falg);
    String requestUri = request.getRequestURI();

    if ("/favicon.ico".equals(requestUri)) {
        return;
    }
    // DEBUG**************************************************DEBUG
    StringBuffer sb = new StringBuffer();
    sb.append(request.getMethod()).append(" 请求:" + request.getRequestURI());
    logger.info(sb.toString());


    // 如果访问的是控制台或资源目录
    if (requestUri.startsWith("/console") || requestUri.startsWith("/pages")
            || requestUri.startsWith("/config/set") || requestUri.startsWith("/clientConfig/set") || requestUri.endsWith(".js") || requestUri.endsWith(".html") || requestUri.endsWith(".css") || requestUri.endsWith(".html") || requestUri.endsWith(".png")) {
        Object obj = request.getSession().getAttribute(AdminController.LOGIN_USER_KEY);
        // fixme 权限有问题 要保证登录之后才能访问 ,目前不登录还也可以访问
        // 用户已登录或访问资源目录或访问登录页面
        if (null != obj || requestUri.startsWith("/pages") || requestUri.startsWith("/console/login") || requestUri.startsWith("/console") || requestUri.startsWith("/config/set") || requestUri.startsWith("/clientConfig/set")) {
            arg2.doFilter(arg0, arg1);
            return;
        } else {
            response.sendRedirect("/console/login");
        }
    } else if (requestUri.startsWith("/mp")) {
        Object obj = request.getSession().getAttribute("MP_USER");
        if (null != obj || requestUri.startsWith("/pages") || requestUri.startsWith("/mp/login")) {
            arg2.doFilter(arg0, arg1);
            return;
        } else {
            response.sendRedirect("/mp/login");
        }
    } else if (requestUri.startsWith("/open")) {
        Object obj = request.getSession().getAttribute("OPEN");
        if (null != obj || requestUri.startsWith("/open/login") || requestUri.startsWith("/open")) {
            arg2.doFilter(arg0, arg1);
            return;
        } else {
            response.sendRedirect("/open/login");
        }
    } else {
        if (requestUri.equals("/getImgCode")) {
            arg2.doFilter(arg0, arg1);
            return;
        }

        // 需要登录
        if (isNeedLogin(request.getRequestURI())) {
            // 请求令牌是否包含
            if (StringUtil.isEmpty(accessToken)) {
                logger.info("不包含请求令牌");
                int tipsKey = 1030101;
                renderByErrorKey(response, tipsKey);
            } else {
                String userId = getUserId(accessToken);
                // 请求令牌是否有效
                if (null == userId) {
                    logger.info("请求令牌无效或已过期...");
                    int tipsKey = 1030102;
                    renderByErrorKey(response, tipsKey);
                } else {
                    if (falg) {
                        if (!AuthServiceUtils.authRequestApi(userId, time, accessToken, secret, requestUri)) {
                            renderByError(response, "授权认证失败");
                            return;
                        }
                    }
                    ReqUtil.setLoginedUserId(Integer.parseInt(userId));
                    arg2.doFilter(arg0, arg1);
                    return;
                }
            }
        } else {
            /*
             * 校验没有登陆的接口
             */
            if (null == accessToken) {
                if (falg) {
                    if (!AuthServiceUtils.authOpenApiSecret(time, secret)) {
                        renderByError(response, "授权认证失败");
                        return;
                    }
                }
            }

            //todo vip校验
            //router room/add


            String userId = getUserId(accessToken);
            if (null != userId) {
                ReqUtil.setLoginedUserId(Integer.parseInt(userId));
            }
            arg2.doFilter(arg0, arg1);
        }
    }
}

private boolean isNeedLogin(String requestUri) {
    return !requestUriMap.containsKey(requestUri.trim());
}

private String getUserId(String _AccessToken) {
    String userId = null;

    try {
        userId = KSessionUtil.getUserIdBytoken(_AccessToken);
    } catch (Exception e) {
        e.printStackTrace();
    }

    return userId;
}

private static final String template = "{\"resultCode\":%1$s,\"resultMsg\":\"%2$s\"}";

private static void renderByErrorKey(ServletResponse response, int tipsKey) {
    String tipsValue = ConstantUtil.getMsgByCode(tipsKey + "", "zh").getValue();
    String s = String.format(template, tipsKey, tipsValue);

    ResponseUtil.output(response, s);
}

private static void renderByError(ServletResponse response, String errMsg) {
    String s = String.format(template, 0, errMsg);
    ResponseUtil.output(response, s);
}

}