Usually the GrantedAuthority objects are application-wide permissions. They are not specific to a given domain object.
上面这句话来自这里,谁能帮忙解释一下"application-wide permissions"和"given domain object"这两种情形的区别?
附上后面的解释:
Thus, you wouldn't likely have a GrantedAuthority to represent a permission to Employee object number 54, because if there are thousands of such authorities you would quickly run out of memory (or, at the very least, cause the application to take a long time to authenticate a user).
我大概能从这个问题中看懂“domain object”是干什么的,但是在这里与“application-wide permissions”比较起来,就感觉好像是一个概念了。