URL和方法的java spring安全设置

我有一个关于春季安全的问题。我有几个页面（A、B和C）和4个http方法来操作它们：GET、PUT、POST和DELETE。对于每个组合A+GET，我希望有一个特殊的权限，格式为resource-Page-Method。我如何实现它？下面的代码不起作用：如果用户没有任何权限，它允许所有用户事件的所有内容

@Override
protected void configure(HttpSecurity http) throws Exception { 


  RequestHeaderAuthenticationFilter siteMinderFilter = new RequestHeaderAuthenticationFilter();
  siteMinderFilter.setPrincipalRequestHeader("SM_USER");
  siteMinderFilter.setAuthenticationManager(authenticationManager());

  http.addFilter(siteMinderFilter);  


  List<HttpMethod> methods = new ArrayList<HttpMethod>();
  methods.add(HttpMethod.GET);
  methods.add(HttpMethod.POST);
  methods.add(HttpMethod.PUT);
  methods.add(HttpMethod.DELETE);

 List<String> resources = new ArrayList<String>();
 resources.add("A");
 resources.add("B");
 resources.add("C");     
 ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests();

 for (HttpMethod method:methods){
     for (String resource: resources){
         String auth = "resource-"+resource+"-"+method.name();
         registry.antMatchers(method, "**/"+resource+"/**")
         .hasAuthority(auth);
     }
 }

  http = registry.and();
  http.formLogin();   

}