diff --git a/fast-boot-framework/src/main/java/net/maku/framework/security/config/PermitResource.java b/fast-boot-framework/src/main/java/net/maku/framework/security/config/PermitResource.java
new file mode 100644
index 0000000..0825288
--- /dev/null
+++ b/fast-boot-framework/src/main/java/net/maku/framework/security/config/PermitResource.java
@@ -0,0 +1,21 @@
+package net.maku.framework.security.config;
+
+/**
+ * 允许访问的资源
+ *
+ * @author 阿沐 babamu@126.com
+ */
+public class PermitResource {
+    /**
+     * 指定被 spring security oauth2.0 忽略的URL
+     */
+    public static final String [] IGNORING_URLS = {
+        "/actuator/**",
+        "/v3/api-docs/**",
+        "/webjars/**",
+        "/swagger/**",
+        "/swagger-resources/**",
+        "/doc.html",
+        "/oauth/captcha"
+    };
+}
diff --git a/fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java b/fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java
index 01b9a01..daeac9f 100644
--- a/fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java
+++ b/fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java
@@ -35,11 +35,8 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
         http
             .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
             .and()
-            .requestMatchers()
-            // 被保护的资源
-            .antMatchers("/sys/**")
-            .and()
             .authorizeRequests()
+            .antMatchers(PermitResource.IGNORING_URLS).permitAll()
             .anyRequest().authenticated()
         ;
     }