To inject Windows authentication information, you could always delegate to a JAAS LoginModule that can access the details and then use Acegi Security's JaasAuthenticationProvider. See http://acegisecurity.sourceforge.net...-provider-jaas for more details.
In terms of checking a user has a permission before calling a method, the easiest way would be to:
If the permissions are from an ACL permission (as opposed to a permission granted via the Authentication's GrantedAuthoritys) you will need to access to AclManager. Most people tend to add some simple methods to their services layer, such as isAllowedDelete(Object domainObject), which is a void no-op method, but allows a quick check of permissions before sending it to the actual services layer. This is quite efficient, as ACL entries are cached in memory and not reaccessed from the DAO.
Authentication auth = SecureContextUtils.getSecureContext().getAuthentication()
// then iterate auth.getAuthorities() for the expected/required role