I guess your filter is configured to execute before the RewiteFilter. Rewrite wraps the HttpServletResponse to be able to modify the behavior of encodeRedirectURL(). But this won’t work if your filter is the first that is executed.
I see two option here:
1. Change the configuration of your filter so that it get executed after the RewriteFilter. Please note that you will have to set the dispatch type to FORWARD in this case. The problem with this solution is that HttpServletRequest.getRequestURI() will return the modified URL. But this may be ok depending on your exact requirements.
2. You could implement the security constraints directly using Rewrite rules. There are some nice examples for similar rules on the examples page: