We've implemented an IAuthorizationService.isCallable(Object object, String methodName) service.
The isCallable method looks up the object's security interceptor in a map and then sets the security interceptor on the MethodInvocationPriviliegeEvaluator instance. MethodInvocationPriviliegeEvaluator is then called to see whether the method invocation is allowed.
True is returned regardless of whether the authentication has the required role or not.
I'm attaching a maven project with all source code and tests.
The test to look at is:
I believe the method MethodInvocationPriviliegeEvaluator currently requires a MethodSecurityInterceptor instance for it's initialization. This required us to wire in "Dummy" classes just to get the container to start up. When isCallable is called, we replace the "Dummy" MethodSecurityInterceptor instance with the instance the container created for the secured object.