<!--spring配置 -->
1    <bean id="authorityInterceptor" class="com.xxx.interceptor.AuthorityInterceptor"/>

     <bean id="operationInterceptor" class="com.xxx.interceptor.OperationInterceptor">

         <property name="defectService" ref="sysDefectService"/>

         <property name="projectService" ref="projectService" />

         <property name="includeMethods">

             <value>*Modify,*Delete</value>

         </property>

     </bean>

      <interceptors>

             <interceptor name="loginInterceptor" class="authorityInterceptor"/>

             <interceptor name="operationInterceptor" class="operationInterceptor"/>

         </interceptors>

public String intercept(ActionInvocation aInvocation) throws Exception {

　　// 获取请求的action名称

　　String actionName = aInvocation.getInvocationContext().getName();

　　
　　//获取参数集合
　　Map parameters = aInvocation.getInvocationContext().getParameters();

　　 ....

}

package xx.interceptor;

import xx.action.ProjectAction;

import xx.action.SysDefectAction;

import xx.po.Project;

import xx.po.SysDefect;

import xx.po.User;

import xx.service.IProjectService;

import xx.service.ISysDefectService;

import com.opensymphony.xwork2.Action;

import com.opensymphony.xwork2.ActionContext;

import com.opensymphony.xwork2.ActionInvocation;

import com.opensymphony.xwork2.interceptor.MethodFilterInterceptor;

import java.util.List;

public class OperationInterceptor extends MethodFilterInterceptor {

    private ISysDefectService defectService;

    private IProjectService projectService;

    protected String doIntercept(ActionInvocation actionInvocation) throws Exception {

        boolean hasAuth = false;

        String cunrrentId = "";

        Object currentActon =actionInvocation.getAction();

        ActionContext actionContext = actionInvocation.getInvocationContext();

        User currentUser = (User)actionContext.getSession().get("currentUser");

        if(currentUser == null

                || currentUser.getEmployer()==null

                || currentUser.getGroup() == null

                || currentUser.getEmployer().getEmpId()+""==null

        )

        {

            return Action.LOGIN;

        }

        //获取当前用户的epmId

        String empId = currentUser.getEmployer().getEmpId() + "";

        if(currentActon instanceof ProjectAction){

            //是否第二次检查权限

            List<Project> projectList = currentUser.getProjectList();

            if (projectList==null || projectList.size()<1){

                ProjectAction projectAction = (ProjectAction)currentActon;

                cunrrentId = projectAction.getProjId();

                projectList =  projectService.getProjectsByEmpId(empId);

            }

            //如果获取列表失败,则提示无权限

            if(projectList==null || projectList.size()<1){

                return "deny";

            }else {

                currentUser.setProjectList(projectList);

            }

            for(Project project:projectList){

                if(cunrrentId.equals(project.getProjId()+"")){

                    hasAuth = true;

                }

            }

            if(hasAuth){

                return actionInvocation.invoke();

            }

        }else if(currentActon instanceof SysDefectAction){

            SysDefectAction sysDefectAction = (SysDefectAction)currentActon;

            List<SysDefect> sysDefectList =  defectService.getSysDefectsByEmpId(empId);

            if(sysDefectList==null || sysDefectList.size()<1){

                return "deny";

            }else {

                currentUser.setSysDefectList(sysDefectList);

            }

            for(SysDefect sysDefect:sysDefectList){

                if(cunrrentId.equals(sysDefect.getDefId()+"")){

                    hasAuth = true;
                }

            }

            if(hasAuth){

                return actionInvocation.invoke();

            }

        }

        return "deny";  //To change body of implemented methods use File | Settings | File Templates.

    }

    public ISysDefectService getDefectService() {

        return defectService;

    }

    public void setDefectService(ISysDefectService defectService) {

        this.defectService = defectService;

    }

    public IProjectService getProjectService() {

        return projectService;

    }

    public void setProjectService(IProjectService projectService) {

        this.projectService = projectService;

    }

}

    <bean id="authorityInterceptor" class="xx.interceptor.AuthorityInterceptor"/>

    <bean id="operationInterceptor" class="xx.interceptor.OperationInterceptor">

        <property name="defectService" ref="sysDefectService"/>

        <property name="projectService" ref="projectService" />

　　　　　<!-- 白名单属性配置,注意*的用法 -->

        <property name="includeMethods">

            <value>*Modify,*Delete</value>

        </property>

    </bean>

     <interceptors>

            <interceptor name="loginInterceptor" class="authorityInterceptor"/>

            <interceptor name="operationInterceptor" class="operationInterceptor"/>

            <interceptor-stack name="authInterceptor-stack">

                <interceptor-ref name="defaultStack"/>

                <interceptor-ref name="loginInterceptor"/>

                <interceptor-ref name="operationInterceptor"/>

            </interceptor-stack>

        </interceptors>