I'm thinking about securing some methods in my application. I know that I can use acegi to block access to some objects for certain user roles. But I've noticed that I need something else. For example user can only see his friends profile, which is returned by showProfile(userId,targetId). I can restrict access to this method for ROLE_USER, but is it possible to intercept this, and if ids are not correct block them using AOP? How can I do this?