SpringSecurity：实现接口动态权限

@Controller
class TestController {


    //@authorityService.authorities调用下面的自定义加载方法
    @PreAuthorize("hasAnyAuthority(@authorityService.authorities)")
    @RequestMapping("/application")
    public ModelAndView newPage() throws{
        return new ModelAndView(view);
   }
   
}

@Service("authorityService")
class AuthorityService{

    @Value("${app.authorities}") // 在配置文件加载权限信息
    private String authorities;
    
    public List<String> getAuthorities(){
        // convert the comma separated Strings to list.
        //转换多个权限信息为数组，方便hasAnyAuthority直接使用，"\\s*,\\s*"的意思是去除中间逗号两边的空白字符
        List<String> items = Arrays.asList(authorities.split("\\s*,\\s*")); 
        return items;
    }
    
}