public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue)
     throws Exception {
   HttpServletRequest req = (HttpServletRequest) request;
   HttpServletResponse resp = (HttpServletResponse) response;
   if ("GET".equals(req.getMethod()) && !Strings.isBlank(req.getParameter("token"))) {
     String token = req.getParameter("token");
     try {
       token = Toolkit._3DES_decode(CrossScreen.csKEY, Toolkit.hexstr2bytearray(token));
       NutMap map = Json.fromJson(NutMap.class, token);
       Long t = map.getLong("t", -1);
       if (System.currentTimeMillis() - t > timeout * 1000) {
         resp.sendError(403); // TODO 提示token已经过期
         return false;
       }
       Integer uid = (Integer) map.get("uid");
       if (uid != null) {
         // 有登陆用户
         Toolkit.doLogin(new CrossScreenUserToken(uid), uid);
         if (sysLogService == null) {
           try {
             sysLogService = Mvcs.ctx().getDefaultIoc().get(SysLogService.class);
           } catch (Throwable e) {
           }
         }
         sysLogService.async(SysLog.c("method", "用户登陆", null, uid, "用户通过跨屏二维码登陆"));
       }
       resp.sendRedirect(map.getString("url"));
       return false;
     } catch (Exception e) {
       log.debug("bad token?", e);
       resp.sendError(502);
       return false;
     }
   } else {
     resp.sendError(403);
     return false;
   }
 }