100分！关于SSH登陆和权限的有关问题

public class AuthorizationInterceptor extends AbstractInterceptor {    private static final String SC = "sc";    private static final String RELOGIN = "relogin";    protected Logger logger = LoggerFactory.getLogger(getClass());    public String intercept(ActionInvocation invocation) throws Exception {        HttpSession session = ServletActionContext.getRequest().getSession();        /*String actionName = invocation.getProxy().getActionName();        System.out.println("actionName:"+actionName);*/        if (null != session.getAttribute(SC)) {             System.out.println("拦截器：合法用户登录---");            logger.debug("拦截器：合法用户登录---");            return invocation.invoke();        }        System.out.println("拦截器：用户未登录---");        logger.debug("拦截器：用户未登录---");        return RELOGIN;    }}

package com.action;public class UserinfoAction extends ActionSupport implements ModelDriven<Users>{    private static final long serialVersionUID = 1L;    protected Logger logger = LoggerFactory.getLogger(getClass());    private static final String LOGINSUCCESS = "loginsuccess";    private Users userinfo;    private UserinfoService userinfoService;    //采用模型驱动    private Users model=new Users();//用于封装会员属性模型    public Users getModel() {        return model;    }    public String login(){        logger.debug("login begin....");        String validateFlag = "";        HttpSession session = ServletActionContext.getRequest().getSession();        Assert.notNull(session);        try {            validateFlag = userinfoService.validateLogin(model, session);                    } catch (RuntimeException e) {            System.out.println(validateFlag);            logger.error("login validate error!"+e.getMessage());            addActionError("登录验证失败！");            return INPUT;        }        if(!LOGINSUCCESS.equals(validateFlag))        {            addActionError(validateFlag);            return INPUT;        }        session = ServletActionContext.getRequest().getSession();        SessionContainer sc = (SessionContainer)session.getAttribute("sc");        session.setAttribute("sc", sc);        logger.info("session create success!");        return SUCCESS;    }    public String loginout(){        HttpSession session = ServletActionContext.getRequest().getSession();        Assert.notNull(session);        SessionContainer sc = (SessionContainer)session.getAttribute("sc");        if(null!=sc){            session.removeAttribute("sc");            logger.info("session destroy success!");        }        return SUCCESS;    }    /**  省略set/get */}

<interceptors>            <interceptor name="authority" class="com.action.AuthorizationInterceptor"/>                <interceptor-stack name="mydefault">                            <interceptor-ref name="authority" />                        <interceptor-ref name="defaultStack" />                            </interceptor-stack>                    </interceptors>                         <!-- 默认拦截器 -->             <default-interceptor-ref name="mydefault" />    <package name="login"  extends="ssh">        <action name="login" class="UserinfoAction" method="login">            <result name="searchAll"  type="redirectAction">                <param name="actionName">news_listNews</param>            </result>            <result>/index.jsp</result>            <result name="input">/login.jsp</result>            <result name="success">/index.jsp</result>            <result name="login">/error.jsp</result>         <interceptor-ref name="defaultStack" />        </action>