spring aop控制权限，想要细到method级别

spring aop控制权限，想要细到method级别，但是advisor唔用。不明白！！
这是我的一个spring bean配置


<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">

<!-- 配置这个bean结合action bean的一个属性配置解析method后面带的方法 -->
<bean id="paramResolver"
class="org.springframework.web.servlet.mvc.multiaction.ParameterMethodNameResolver">
<property name="paramName">
<value>method</value>
</property>
<property name="defaultMethodName">
<value>index</value>
</property>
</bean>




<!-- 对view进行处理 -->
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass">
<value>org.springframework.web.servlet.view.JstlView</value>
</property>
</bean>

<!-- 通过下面的2个bean寻找action bean -->
<bean id="defaultHandlerMapping"
class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping" />
<bean
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="alwaysUseFullPath">
<value>true</value>
</property>
<property name="interceptors">
<list>
<!--<ref bean="frontEndInterceptor" />,可以实现HandlerInterceptor的3个方法，进行3中操作。-->
</list>
</property>
<property name="mappings">
<props>

<prop key="/login.do">loginAction</prop>

</props>
</property>
</bean>
<!-- 登入action bean -->
<bean id="loginAction" class="net.kingbit.actions.LoginAction">
<property name="methodNameResolver">
<ref bean="paramResolver" />
</property>
<property name="view">
<value>/WEB-INF/jsp/default.jsp</value>
</property>

</bean>

<!-- 管理员的bean -->
<bean name="/manager.do" class="net.kingbit.actions.Manager">
<property name="methodNameResolver">
<ref bean="paramResolver" />
</property>
</bean>

<!-- <aop:config>
<aop:pointcut id="servicePointcut"
expression="execution(** net.kingbit.actions.Manager.list*(HttpServletRequest,HttpServletResponse))" />
<aop:advisor advice-ref="aroundAdvice"
pointcut-ref="servicePointcut" order="0" />
</aop:config>
-->
<!-- 环绕通知，实现一个简单的权限检测 -->
<bean id="aroundAdvice" class="net.kingbit.advice.YkAroundAdvice" />
<bean id="before" class="net.kingbit.advice.PermissionBefore"></bean>



<!-- 将通知advice和pointcut链接在一起 -->
<bean id="managerAdvisor"
class="org.springframework.aop.support.RegexpMethodPointcutAdvisor">
<!-- 通知 -->
<property name="advice" ref="aroundAdvice" />
<!-- pointcut -->
<property name="patterns">
<list>
<value>list</value>
<value>test</value>
</list>
</property>
</bean>

<!-- 自动代理，可以代理多个bean -->
<bean id="autoProxy"
class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
<!-- <property name="proxyTargetClass" value="true"></property> -->
<property name="beanNames">
<list>
<value>/manager*</value>
</list>
</property>
<property name="interceptorNames">
<list>

<!--<value>managerAdvisor</value>--> <!-- 无效的配置？对程序唔任何效果 -->
<value>aroundAdvice</value><!--这个可以拦截到类下面的所有方法，只是不具体 -->
</list>
</property>
</bean>

</beans>


advice是对权限检测，判断是否有权限调用方法
package net.kingbit.advice;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.springframework.web.servlet.ModelAndView;

//@Aspect

public class YkAroundAdvice implements MethodInterceptor {

//@Before("execution(*net.kingbit.actions.Manger.list(HttpServletRequest,HttpServletResponse))")
public Object invoke(MethodInvocation invocation) throws Throwable {
System.out.println("ljkjljljklj");

Object[] arg = invocation.getArguments();
System.out.println("length---" + arg.length);
int  length=arg.length;
if(length!=0)
{HttpServletRequest request = null;
String name = invocation.getMethod().getDeclaringClass().getName()
+ invocation.getMethod();
System.out.println("method name---" + name);

request = (HttpServletRequest) arg[0];
for (int i = 0; i < arg.length; i++) {
System.out.println("arg[" + i + "]---" + arg[i]);
if (arg[i] instanceof HttpServletRequest) {
request = (HttpServletRequest) arg[i];
}
}
HttpSession session = request.getSession();

String permission = (String) session.getAttribute("permission");
if (permission.equals("admin")) {
return invocation.proceed();
}
return new ModelAndView("/WEB-INF/jsp/login.jsp")；//没权限跳转到登入页面
}
return null;
}

}



Manager:

package net.kingbit.actions;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.multiaction.MultiActionController;

public class Manager extends MultiActionController {
public ModelAndView test(HttpServletRequest request,HttpServletResponse response)
{
return new ModelAndView("/WEB-INF/jsp/admin.jsp");
}
public ModelAndView list(HttpServletRequest request,HttpServletResponse response)
{
return new ModelAndView("/index.jsp");
}

}