If you have control over the deployment & assembly maybe you can use the
"run-as-specified-identity" security configuration for your Person, then
only allow that role to invoke methods on Phone. I may be way off base here
since I have never tried to do this, but I thought I would throw it out.
-j
You may want to take a look at the new J2EE patterns hosted at Sun's Java
Developer Connection:
http://developer.java.sun.com/developer/restricted/patterns/J2EEPatternsAtAG
lance.html
You'll need to login to view it, but there are some relevant patterns with
regard to your question (especially l
