Securing Cayenne Web Service Access
- Use HTTP(S) BASIC authentication to authenticate the clients.
- Explicitly check "Not for Client Use" for entities that should stay server-only.
- Subclass org.objectstyle.cayenne.remote.hessian.service.HessianServlet for user-defined fine-grained access control.