diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java
index e50a8b0e..27151eee 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java
@@ -38,7 +38,6 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
             return;
         }
         if (!userSetting.isInterfaceAuthentication()) {
-            // 构建UsernamePasswordAuthenticationToken,这里密码为null，是因为提供了正确的JWT,实现自动登录
             UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(null, null, new ArrayList<>() );
             SecurityContextHolder.getContext().setAuthentication(token);
             chain.doFilter(request, response);
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
index c9a1233b..cea19f81 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
@@ -72,21 +72,23 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
      **/
     @Override
     public void configure(WebSecurity web) {
-
-        ArrayList<String> matchers = new ArrayList<>();
-        matchers.add("/");
-        matchers.add("/#/**");
-        matchers.add("/static/**");
-        matchers.add("/index.html");
-        matchers.add("/doc.html");
-        matchers.add("/webjars/**");
-        matchers.add("/swagger-resources/**");
-        matchers.add("/v3/api-docs/**");
-        matchers.add("/js/**");
-        matchers.add("/api/device/query/snap/**");
-        matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
-        // 可以直接访问的静态数据
-        web.ignoring().antMatchers(matchers.toArray(new String[0]));
+        if (userSetting.isInterfaceAuthentication()) {
+            ArrayList<String> matchers = new ArrayList<>();
+            matchers.add("/");
+            matchers.add("/#/**");
+            matchers.add("/static/**");
+            matchers.add("/index.html");
+            matchers.add("/doc.html");
+            matchers.add("/webjars/**");
+            matchers.add("/swagger-resources/**");
+            matchers.add("/v3/api-docs/**");
+            matchers.add("/js/**");
+            matchers.add("/api/device/query/snap/**");
+            matchers.add("/record_proxy/*/**");
+            matchers.addAll(userSetting.getInterfaceAuthenticationExcludes());
+            // 可以直接访问的静态数据
+            web.ignoring().antMatchers(matchers.toArray(new String[0]));
+        }
     }
 
     /**