Is there any way in spring-data-rest to verify that a user is indeed authorised to read a specific domain object? I need to implement some kind of ACL-like mechanism so a user can only read specific domain objects, to whom they have access.

Something like @RepositoryEventHandler where you can intercept the request after the domain object has been fetched from the DB, do the security checks and throw an AccessDeniedException for example.