I am working on a system with a large number of users. The users are supposed to have write access to only a limitied view of the data in the database (I'm using entity beans.) A simple example is a user changing it's own settings.

What I would like, is the ability to separate out the logic that determines whether a user has write access to a certain piece of information.

If this logic can be placed somewhere in the invocation chain, f.ex. as a SecurityProxy of some sort, then I could do things like

isCallerInRole("hasWriteAccess")

in the code that does the actual change.

Even better, I could use declarative security, and require the role "hasWriteAccess" for all the set methods in the entity bean.

Is this possible? Or, should I try an alternative approach?