So, you may want to think of a more granular way of enforcing application security *within* your model - remember, the MG-based UI you are building right now may not always be the only "client", and you are basically giving your MG UI a "free reign" over calling methods in your model.
If you already have a ServiceLayer/Facade encapsulating your DomainObjects and DataAccessObjects then that would be a good place to apply security via AOP. If you don't have such a layer but are interested in building it, you can put one together fairly quickly by moving the code in your Controller methods that deal with DOs and DAOs into matching SL methods and then having your Controller methods invoke those methods. Then you can apply AOP to your SL (security, logging, auditing, etc) and keep your Model truly independent from your Controller. This becomes really useful when you need to start exposing parts of your application via remoting protocols like Flash Remoting or SOAP. -Cliff
