我目前正在尝试根据已验证用户的角色创建动态antmatcher路径，路径存储在数据库中。
我的代码：

@Override
public void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .addFilterBefore(new TokenAuthenticationFilter(userAccountService, userRoleService), FilterSecurityInterceptor.class)
            .addFilter(new UserAuthenticationFilter(authenticationManager()))
            .authorizeRequests()
            .antMatchers("/api/**").authenticated()
            .and()
            .sessionManagement().maximumSessions(1).maxSessionsPreventsLogin(false);
}

例如，如果有人通过了管理员角色的身份验证，antmatcher路径将自动填充为数据库中允许的路径
我的域：
角色.类

@Data
@Entity
@Table(name = "sec_role")
@Audited
public class Role {

    @Id
    @Column(name = "name")
    private String name;

    @OneToMany(fetch = FetchType.LAZY)
    @JoinColumn(name = "access_name", referencedColumnName = "name")
    private List<Access> accessList;

    @Column(name = "created_by")
    private String createdBy;

    @Column(name = "updated_by")
    private String updatedBy;

    @Column(name = "creator_username")
    private String creatorUsername;

    @Column(name = "updater_username")
    private String updaterUsername;

    @Column(name = "created_at")
    private OffsetDateTime createdAt;

    @Column(name = "updated_at")
    private OffsetDateTime updatedAt;
}

access.class类

@Data
@Entity
@Table(name = "sec_access")
public class Access {

    @Id
    @Column(name = "name")
    private String name;

    @Column(name = "allowedPath")
    private String allowedPath;
}

有没有可能不为每个api使用@preauthorized或不使用oauth2的方法？
任何指南都会有帮助。
谢谢