diff --git a/chenhai-admin/src/main/java/com/chenhai/web/controller/muhu/CarouselAdsController.java b/chenhai-admin/src/main/java/com/chenhai/web/controller/muhu/CarouselAdsController.java
index d59a60b..7af56e1 100644
--- a/chenhai-admin/src/main/java/com/chenhai/web/controller/muhu/CarouselAdsController.java
+++ b/chenhai-admin/src/main/java/com/chenhai/web/controller/muhu/CarouselAdsController.java
@@ -31,7 +31,8 @@ public class CarouselAdsController extends BaseController
     /**
      * 查询轮播广告列表
      */
-    @PreAuthorize("@ss.hasPermi('muhu:ads:list')")
+//    @PreAuthorize("@ss.hasPermi('muhu:ads:list')")
+    @PreAuthorize("@ss.hasRole('muhu')")
     @GetMapping("/list")
     public TableDataInfo list(CarouselAds carouselAds)
     {
diff --git a/chenhai-framework/src/main/java/com/chenhai/framework/config/SecurityConfig.java b/chenhai-framework/src/main/java/com/chenhai/framework/config/SecurityConfig.java
index 2e9cdff..71bd321 100644
--- a/chenhai-framework/src/main/java/com/chenhai/framework/config/SecurityConfig.java
+++ b/chenhai-framework/src/main/java/com/chenhai/framework/config/SecurityConfig.java
@@ -144,7 +144,7 @@ public class SecurityConfig
             .authorizeHttpRequests((requests) -> {
                 permitAllUrl.getUrls().forEach(url -> requests.requestMatchers(url).permitAll());
                 // 对于登录login 注册register 验证码captchaImage 允许匿名访问
-                requests.requestMatchers("/login", "/register", "/captchaImage").permitAll()
+                requests.requestMatchers("/login", "/register", "/captchaImage","auth/**").permitAll()
                         .requestMatchers("/auth/**").permitAll()
                     // 静态资源，可匿名访问
                     .requestMatchers(HttpMethod.GET, "/", "/*.html", "/**.html", "/**.css", "/**.js", "/profile/**").permitAll()