0 Replies Latest reply on Feb 6, 2002 10:07 AM by Åsmund Hjulstad

    Set role pr method invocation

    Åsmund Hjulstad Newbie


      I am working on a system with a large number of users. The users are supposed to have write access to only a limitied view of the data in the database (I'm using entity beans.) A simple example is a user changing it's own settings.

      What I would like, is the ability to separate out the logic that determines whether a user has write access to a certain piece of information.

      If this logic can be placed somewhere in the invocation chain, f.ex. as a SecurityProxy of some sort, then I could do things like

      isCallerInRole("hasWriteAccess")

      in the code that does the actual change.

      Even better, I could use declarative security, and require the role "hasWriteAccess" for all the set methods in the entity bean.

      Is this possible? Or, should I try an alternative approach?