There is a way to achieve this using Spring Roo: See detailed comment here.
To quote the comment:
If you want try and use the PermissionEvaluator, follow these steps (preferably on a test project).
Run the Roo command "permissionEvaluator --package {the package to which you want to add the PermissionEvaluator} " (security must be installed first)
Spring Roo will create three files: ApplicationPermissionEvaluator, ApplicationPermissionEvaluator_Roo_PermissionEvaluator, applicationContext-security-permissionEvaluator.xml.
Add userPermissionEvalutor=true to the @RooService annotation of the service you want to secure.
Spring Roo will append additional criteria to @PreAuthorize e.g. "OR hasPermission(#myDomanObject, 'MyService:deleteMyDomainObjectIsAllowed')"
Add/Update the method hasPermission(Authentication authentication, Object targetObject, Object permission)) in ApplicationPermissionEvaluator
By the way performing a push in refactor is not a solution for my application. It is always better to go the Roo way and rely on Roo features.