Hello everyone, I'm writing my first big webapplication using spring and hibernate, and I have problem. Let's consider this situation:

I have two tables joined with third one (many to many relation), with hibernate mappings:

students:

studentsInClass:

After all I have two classes: Student and StudentInClass. Student has got field: private Set inClasses, which contains all studentInClass objects connected to student. StudentInClass has fields containing reference to student data.

Now I want to use that data, I just use HibernateTemplate and I put Student object to ModelAndView. In jsp file i can simply present student data: for example ${student.firstName} etc. But I also could access studentInClass object ${student.inClasses} is simple forEach loop. Moreover nothing can stop me to access students object connected to that class etc. I could get all data from database, using tables relation and I think it is not ok

What I can do? What I'm doing wrong? How I can block access, that student can see only his data, and his class info, but not other students. , I know, that I can write properly jsp, but it is not the solution? Could acegi module help me?