在ResourceServerConfigurerAdapter 里定义
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/setting/**").access("#oauth2.hasScope('setting')");
http.authorizeRequests().antMatchers("/analysis/**").access("#oauth2.hasScope('read')");
}