Maybe a solution is to explicate the method in this way
<intercept-url method="GET" pattern="/rest/secure/**" access="isAuthenticated()" />
<intercept-url method="PUT" pattern="/rest/secure/**" access="isAuthenticated()" />
<intercept-url method="POST" pattern="/rest/secure/**" access="isAuthenticated()" />
<intercept-url method="DELETE" pattern="/rest/secure/**" access="isAuthenticated()" />