我想用一个只能访问USER和COMP角色的方法替换.permitAll()方法
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/success/**").permitAll() //instead of .permiitAll() I want to define access only for "USER" and "COMP" roles
.antMatchers("/userProfileHomePage/**").access("hasRole('USER')")
.antMatchers("/companyHome/**").access("hasRole('COMP')")
.and().formLogin().loginPage("/login")
.failureUrl("/login?error").usernameParameter("userName").passwordParameter("password")
.defaultSuccessUrl("/success").and().logout().logoutSuccessUrl("/login?logout").and().csrf()
.disable().exceptionHandling().accessDeniedPage("/error");
}