JPA Security is an Access Control Solution for the Java Persistence API (JPA). Its features include:
High Performance querying: With JPA Security your access control takes place in the database. You may query the database for all objects of a certain type and will get only the objects the current user has read access for. This filtering will take place in the database. Inaccessible queried objects will not be loaded into memory. JPA Security will modify your queries to achieve this.
Access Control via Configuration: JPA Security enables you to completely remove security-related code from your code-base. All access control may be configured via Annotations or XML. Application Developers no longer have to deal with access-control.
Support for role-based access control, access control lists (ACLs) and domain-driven access control: With JPA Security you do not have to change your access control paradigm (but maybe you want to, when you see the great capability of JPA Security). You even can mix access control paradigms easily.
Integration for JavaEE Security and Spring Security: JPA Security is not designed to replace current security solutions, but to extend them. It integrates smoothly into JavaEE Security or Spring Security, but may be used on its own, too.
Easy Extensibility: With the extensibility of JPA Security it is easy to provide your own access control paradigm, access rules storage or login mechanism.
For more information see JPA Security 0.3.1