I'm working on a simple CRUD application based on vert.x platform. I'm using Rhino/JavaScript for the backend part which allows me to use Java classes. So, Hibernate is my ORM there. I use "dynamic-map" as entity mode which allows me to work with HashMaps instead of Java classes for persistent objects.
The quiestions is how to implement entity/row-level access control in this architecture.
I've read something about interceptors, but I didn't get how to filter un-allowed content there (throw an exception?). Using filters is also an option, but as I understood I can control only querying, not persisting with them.
The only solution I've found for now is to filter data during pre-/post-processing, but I affraid that it could be a performance bottleneck there.
Well, hibernate 4.1 has Multi-tenancy support (http://docs.jboss.org/hibernate/orm/4.1/devguide/en-US/html/ch16.html) if your data is absolutely separate. But, if that is not the case I would suggest to use both interceptors (to mark data before you persist it) and filters (to query only itens you should see)