Keep in mind that you are free to implement any of the Roo-generated methods yourself in the actual .java file for the service, i.e., in Roo vernacular, you "take control" of that method. The easiest way to do that is to use STS's push-in refactoring feature. At that point, you should be able to add a @Secured annotation as necessary.
Originally Posted by tmoens
That said, I can see how it would be nice to have a way to indicate security permissions on one of these methods without having to take control of it. I've gone ahead and created a Jira to capture that:
Feel free to comment there with any additional insights on how you'd like it to work.
Staff Engineer, Web Products Team