How to implement row-level security in Java?

Question

I am currently evaluating authentication / authorization frameworks.

Apache Shiro seems to be very nice but I am missing row-level security features

Answer 1

Row level security is really best done in the database itself. The database has to be told what your user context is when you grab a connection. That user is associated with one or more security groups. The database then automatically appends filters to user supplied queries to filter out what can't be seen from the security groups. This of course means that this is a per database-type solution.

Oracle has pretty good Row Level Security support, see http://www.orafusion.com/art_fgac.htm as an example.