I have a fairly sophisticated security mechanism that I implemented using Apache Shiro (formerly JSecurity). In order to know the exact visibility rules for an object, I need to run some code (i.e. lookup user's roles, permissions, groups, etc). I'd like to run queries that tell me objects that the current user is authorized to see.
I found that hibernate filters give you ability to apply a filter to your objects / queries, which seems to be what I could use here.
However, the examples I found seem to be centered on the database (i.e. say I have a field / column isVisible, filter whenever it's set to true). Is there a way I can run some code as a hibernate filter, or is it just a thin layer that adds a little WHERE clause to all your queries.
I am actually using this inside Grails / GORM infrastructure, so perhaps there are some other solutions that are valid. A plugin exists that integrates hibernate filters, but unless I can use it with some code to run as part of hibernate filtering process, it won't really help me here.
Unfortunately, Hibernate filters will not solve your problem. They can be very useful, but it is exactly a thin layer that adds a little WHERE clause to every fetch.
Since you're using Grails, you might find that AOP will give you what you're looking for. Take a look at this: http://www.infoq.com/articles/aop-with-groovy
Good luck.