权限部分如果用原型clone怎么样？

权限认证一般使用proxy或者动态proxy来做的。

别老想你的clone了 呵呵

讨厌！

我为什么一进后台管理，不一会，这里就会产生错误？？怎么会是？

用visitor来实现权限认证到是可以考虑

visitor来实现权限认证？详细说说啊。

谁作为Visitor，谁又作为Visitable呢 ? ?

一个是用户类 ，一个是权限类 么？

恩，是啊。你觉得怎么样？

说说看visitor如何作权限访问？

JAAS你们知道吗，好像不错，不知道用在资源级别控制上的情况怎么样?

JAAS好象是不错，但是没有用过

This paper explains how to use the Java Authentication and Authorization API (JAAS). It plugs JAAS into the Struts framework. Though this paper focuses on Struts, and in particular the example application distributed with Struts, the lessons learned should be applicable to any MVC web framework.

In addition, while there are many articles on authentication with JAAS [1], [2] , using the API for authorization is relatively undocumented [3]. This paper will show how to use JAAS to secure resources in an MVC architecture.

There are two points of integration with Struts. During the login process and when the client requests a resource from Struts (which will usually be a URL). At each of these points, the application should defer to JAAS classes to perform the action.

This paper will first examine the JAAS infrastructure and then explain how the integration outlined above took place.

http://www.mooreds.com/jaas.html

权限用Visitable有些不妥吧，所有的权限是不同实例，而Visitable要求是具有相同抽象类的不同的类。怎么用呢？？