Well in my last project we implemented instance based security on our own as EJB is missing that. I mean to say-it is is having instance based security that can be implemented declaratively but for the instance based security u shud do it all on ur own i.e. programatically. Do u have any good approach to do it declaratively rather than programatically?
What do you mean by "instance based security" -- data driven? Something else? Declaratively, you're stuck with role based security; I'm not aware of any out of the box alternatives, but that doesn't mean they don't exist. AOP interceptors could be a great way to define more general security constraints, anyone played with those? - Peter
No prison can hold Chairface Chippendale. And on a totally different topic ... my stuff:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop