I have a fairly sophisticated security mechanism that I implemented using Apache Shiro (formerly JSecurity). In order to know the exact visibility rules for an object, I need to run some code (i.e. lookup user's roles, permissions, groups, etc). I'd like to run queries that tell me objects that the current user is authorized to see.
I found that hibernate filters give you ability to apply a filter to your objects / queries, which seems to be what I could use here.
However, the examples I found seem to be centered on the database (i.e. say I have a field / column isVisible, filter whenever it's set to true). Is there a way I can run some code as a hibernate filter, or is it just a thin layer that adds a little WHERE clause to all your queries.
I am actually using this inside Grails / GORM infrastructure, so perhaps there are some other solutions that are valid. A plugin exists that integrates hibernate filters, but unless I can use it with some code to run as part of hibernate filtering process, it won't really help me here.