diff --git a/fast-boot-framework/src/main/java/net/maku/framework/security/config/PermitResource.java b/fast-boot-framework/src/main/java/net/maku/framework/security/config/PermitResource.java
index 8bda3df..8ff764a 100644
--- a/fast-boot-framework/src/main/java/net/maku/framework/security/config/PermitResource.java
+++ b/fast-boot-framework/src/main/java/net/maku/framework/security/config/PermitResource.java
@@ -1,23 +1,59 @@
 package net.maku.framework.security.config;
 
+import lombok.SneakyThrows;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.config.YamlPropertiesFactoryBean;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
+import org.springframework.core.io.support.ResourcePatternResolver;
+import org.springframework.stereotype.Component;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
 /**
  * 允许访问的资源
  *
  * @author 阿沐 babamu@126.com
  */
+@Component
 public class PermitResource {
     /**
      * 指定被 spring security oauth2.0 忽略的URL
      */
-    public static final String [] IGNORING_URLS = {
-        "/actuator/**",
-        "/v3/api-docs/**",
-        "/webjars/**",
-        "/swagger/**",
-        "/swagger-resources/**",
-        "/swagger-ui.html",
-        "/swagger-ui/**",
-        "/doc.html",
-        "/sys/oauth/captcha"
-    };
+    @SneakyThrows
+    public List<String> getPermitList(){
+        ResourcePatternResolver resolver = new PathMatchingResourcePatternResolver();
+        Resource[] resources = resolver.getResources("classpath*:auth.yml");
+        String key = "auth.ignore_urls";
+
+        return getPropertiesList(key, resources);
+    }
+
+    private List<String> getPropertiesList(String key, Resource... resources){
+        List<String> list = new ArrayList<>();
+
+        // 解析资源文件
+        for(Resource resource : resources) {
+            Properties properties = loadYamlProperties(resource);
+
+            for (Map.Entry<Object, Object> entry : properties.entrySet()) {
+                String tmpKey = StringUtils.substringBefore(entry.getKey().toString(), "[");
+                if(tmpKey.equalsIgnoreCase(key)){
+                    list.add(entry.getValue().toString());
+                }
+            }
+        }
+        return list;
+    }
+
+    private Properties loadYamlProperties(Resource... resources) {
+        YamlPropertiesFactoryBean factory = new YamlPropertiesFactoryBean();
+        factory.setResources(resources);
+        factory.afterPropertiesSet();
+
+        return factory.getObject();
+    }
 }
diff --git a/fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java b/fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java
index daeac9f..ca5cf45 100644
--- a/fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java
+++ b/fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java
@@ -11,6 +11,8 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.R
 import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 
+import java.util.List;
+
 /**
  * 资源服务器配置
  *
@@ -22,6 +24,7 @@ import org.springframework.security.oauth2.provider.token.TokenStore;
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
     private final TokenStore tokenStore;
+    private final PermitResource permitResource;
 
     @Override
     public void configure(ResourceServerSecurityConfigurer resources) {
@@ -32,11 +35,15 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 
     @Override
     public void configure(HttpSecurity http) throws Exception {
+        // 忽略授权的地址列表
+        List<String> permitList = permitResource.getPermitList();
+        String [] permits = permitList.toArray(new String[permitList.size()]);
+
         http
             .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
             .and()
             .authorizeRequests()
-            .antMatchers(PermitResource.IGNORING_URLS).permitAll()
+            .antMatchers(permits).permitAll()
             .anyRequest().authenticated()
         ;
     }
diff --git a/fast-boot-new/src/main/resources/auth.yml b/fast-boot-new/src/main/resources/auth.yml
new file mode 100644
index 0000000..0fde962
--- /dev/null
+++ b/fast-boot-new/src/main/resources/auth.yml
@@ -0,0 +1,4 @@
+# 配置忽略认证的URL地址
+auth:
+  ignore_urls:
+    - /new/**
\ No newline at end of file
diff --git a/fast-boot-system/src/main/resources/auth.yml b/fast-boot-system/src/main/resources/auth.yml
new file mode 100644
index 0000000..e0a9b12
--- /dev/null
+++ b/fast-boot-system/src/main/resources/auth.yml
@@ -0,0 +1,11 @@
+auth:
+  ignore_urls:
+    - /actuator/**
+    - /v3/api-docs/**
+    - /webjars/**
+    - /swagger/**
+    - /swagger-resources/**
+    - /swagger-ui.html
+    - /swagger-ui/**
+    - /doc.html
+    - /sys/oauth/captcha
\ No newline at end of file