Struts2 Role Permissions filter (filter) and Interceptor (Interceptor)

The STRUTS2 project uses the IF tag of struts to determine the session, so that users who are not logged on cannot see the page, but this is now only in the view layer, if the user is not logged in directly in the Address bar to enter the address of the logged in user to access, Then the corresponding action will be executed, just do not let the user see it. This is obviously not good, so we have studied the authorization of Struts2.

The core of the authority is the business logic, which is much simpler to implement with what technology.
Usually: the user and the role to establish a many-to-many relationship, the role and business modules constitute a many-to-many relationship, rights management in the latter relationship.
The interception of the permission, if the system request is large, you can use the Struts2 interceptor to do, the request volume can be placed in the filter. But the general single-level interception is not enough, to achieve finer granularity of the authority control, but also need multi-level interception.

Do not understand the difference between filter (filter) and Interceptor (Interceptor), so Google. Boven Introduction:

1, interceptors are based on the reflection mechanism of Java, and filter is based on function callback.
2. The filter relies on the servlet container, while the interceptor is not dependent on the servlet container.
3. Interceptors only work on action requests, while filters can work on almost all requests.
4. The interceptor can access the action context, the object in the value stack, and the filter cannot.
5, in the life cycle of the action, the interceptor can be called multiple times, and the filter can only be called once when the container is initialized.

In order to learn to decide the two ways to try, and then decide which to use.

the filter implementation of permission validation:

Web. XML Code Snippet

[HTML]   View Plain Copy <!-- authority filter  Best added to Struts2 filter front-->      <filter>       <filter-name>SessionInvalidate</filter-name>        <filter-class>filter. sessioncheckfilter</filter-class>       <init-param>         <param-name>checkSessionKey</param-name>          <param-value>loginName</param-value>        </init-param>       <init-param>          <param-name>redirectURL</param-name>          <param-value>/entpLogin.jsp</param-value>       </init-param >       <init-param>         <param-name>