I am working on a system with a large number of users. The users are supposed to have write access to only a limitied view of the data in the database (I'm using entity beans.) A simple example is a user changing it's own settings.
What I would like, is the ability to separate out the logic that determines whether a user has write access to a certain piece of information.
If this logic can be placed somewhere in the invocation chain, f.ex. as a SecurityProxy of some sort, then I could do things like
isCallerInRole("hasWriteAccess")
in the code that does the actual change.
Even better, I could use declarative security, and require the role "hasWriteAccess" for all the set methods in the entity bean.
Is this possible? Or, should I try an alternative approach?