diff --git a/pear-modules/pear-security/src/main/java/com/pearadmin/security/SecurityConfig.java b/pear-modules/pear-security/src/main/java/com/pearadmin/security/SecurityConfig.java
index 3add958429d1a59fa4349066eeba0038797b0f74..dfd8c4f83c9078290428390d490f64f376d020c2 100644
--- a/pear-modules/pear-security/src/main/java/com/pearadmin/security/SecurityConfig.java
+++ b/pear-modules/pear-security/src/main/java/com/pearadmin/security/SecurityConfig.java
@@ -9,6 +9,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@@ -81,8 +82,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
      @Override
      protected void configure(HttpSecurity http) throws Exception {
         http.authorizeRequests()
-                // 不进行权限验证的请求或资源 (从配置文件中读取)
-                .antMatchers(SecurityConstants.ANT_MATCHERS.split(",")).permitAll()
                 // 其他的需要登录后才能访问
                 .anyRequest().authenticated()
                 .and()
@@ -111,4 +110,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                 .csrf().disable();
          http.headers().frameOptions().disable();
      }
+
+    @Override
+    public void configure(WebSecurity web) {
+        // 不进行权限验证的请求或资源 (从配置文件中读取)
+        web.ignoring().antMatchers(SecurityConstants.ANT_MATCHERS.split(","));
+    }
+
 }