Ok here it is. Maybe it's possible but afaik it is not.
(pls don't shoot me but teach me how).
Protecting individual domain object instances is a common requirement of
large enterprise applications.
Often it is necessary to prevent unauthorized principals from accessing
certain domain object instances, or preventing service layer methods from
being invoked when principals are not authorized for a particular domain
object instance(!). Or it may be desirable to mutate sensitive properties of
a domain object instance, depending on the principal retrieving the
instance.
Unless I'm implementing a JAAS CRUDPermission for JPA myself using the
hibernate example shown here (
http://www.hibernate.org/140.html) afaik this
is not possible.
Furthermore, it would be nice to use annotations to achieve this. So far I'm
also unaware of any JSR specifying these.
Comments most welcome.
Wim