spring security add additional access restrict rule as dynamic relationship between role and request uri

I know that spring security can do access validate by

.antMatchers("/auth").hasRole("ADMIN") 

But if I want to change the config, I have to restart the server

so I wander if I can do the config in the database to config the relationship dynamically

As after I login success by a form login and got the session token

I visit the url "/auth"

I do a customize rule to check if the authenticated is a validate user, If it is validated , return the "/auth" response else trigger spring security's AccessDeniedHandler