I have been looking for a way to extend Acegi Security to secure domain objects based on data partitioning logic in addition to the request/method security and in lieu of the Acl based approach. Acls are geared toward ultra-fine grained control of access permissions, which is overkill for my application.

In a previous application, using EJB, I simply created a couple of authorization methods in a base class for all of our session beans and called them at the beginning of each method invocation. We also had partitioning logic in all of the queries we used. I would like to take a more AO approach to it this time, but I am having a hard time getting my head around it as I am relatively new to Spring, Acegi, and Hibernate.

Any suggestions?

I was thinking I could "dumb-down" the Acl interfaces, but that does not seem very elegant either. If that turns out to be the way to do it, what interfaces are necessary, at a minimum?

Donley