I'm currently trying to secure access to my objects according to ACLs per object. The one problem I have, is I can not see where to define which methods are to be protected. My MethodInterceptor will work on my managers so I need to define somewhere which methods need to check the ACL for access...
Thanks in advance.
The ACL package is not directly called by any Acegi Security out-of-the-box code. You need to define your own code to interact with the ACL package. The recommended approach is to write a custom RoleVoter which is thus called during the MethodSecurityInterceptor interception. Alternatively, your business method itself can call the AclManager. Finally, you can write a custom interceptor (even an "after" interceptor) which calls the AclManager.