Acegi Security does not presently offer this capability.
However, it shouldn't be too difficult to add. You'd basically be looking at a custom FilterInvocationDefinitionSource (see http://acegisecurity.sourceforge.net...ionSource.html), or modifying one of the existing implementations. As noted in the JavaDocs, FilterInvocationDefinitionSource operates with the FilterInvocation secure object, which in turn provides the HttpServletRequest and therefore can take into account the HTTP method as well as the URI pattern.
Your main decision is how to represent the new FilterInvocationDefinitionSource syntax at a property editor level. A suggestion is below:
If you'd like to implement this with the existing classes, I would be pleased to add it to CVS. I expect the AbstractFilterInvocationDefinitionSource.lookupAtt ributes() abstract method would need to change to allow the HTTP method to be passed to the subclass.
/foo/bar.html:POST,DELETE=ROLE_FOO (for GET or POST HTTP methods)
/secure/*:GET=ROLE_BAR (only for GET HTTP method)
/account/something=ROLE_BAR (implies all HTTP methods)