Thanks for help, I think I'll use the second proposed solution.
I have one more question. Which intercteptor is it best to use in this scenario ? I would like to control service methods like:
How do I draw the ACL permissions based on projectId before checking the method invocation itself?
public boolean assignUserToRoleInProject(Long projectId, Long userId, Long roleId)
I would like to use an ObjectDefinitionSource like this:
In this case only the PROJECT_MANAGER for the project with id passed as a method parameter can use this method. Is it possible to achieve this with Acegi ?