Its possible to secure your business layer using spring security aop-based.
The business objects are then secure.
One can use the ELs with spring security.
One can have written integration test cases around the Business objects which use a known database and get the job done.

Later one can create the front ends with less of the spring security filter-based.

Are secure BOs better than all securiy at front end?