diff --git a/src/main/java/com/lz/config/ShiroConfig.java b/src/main/java/com/lz/config/ShiroConfig.java
index 0eae9bdf..36fedbc9 100644
--- a/src/main/java/com/lz/config/ShiroConfig.java
+++ b/src/main/java/com/lz/config/ShiroConfig.java
@@ -52,6 +52,7 @@ public class ShiroConfig {
         Map<String, String> filterMap = new LinkedHashMap<>();
         filterMap.put("/webjars/**", "anon");
         filterMap.put("/file/**", "anon");
+        filterMap.put("/user/lzstaffrole/role/**", "anon");
         filterMap.put("/test/**", "anon");
         filterMap.put("/druid/**", "anon");
         filterMap.put("/app/**", "anon");
diff --git a/src/main/java/com/lz/modules/sys/oauth2/OAuth2Filter.java b/src/main/java/com/lz/modules/sys/oauth2/OAuth2Filter.java
index e722f2e7..ef3aecd5 100644
--- a/src/main/java/com/lz/modules/sys/oauth2/OAuth2Filter.java
+++ b/src/main/java/com/lz/modules/sys/oauth2/OAuth2Filter.java
@@ -58,9 +58,6 @@ public class OAuth2Filter extends AuthenticatingFilter {
         //获取请求token，如果token不存在，直接返回401
         String token = getRequestToken((HttpServletRequest) request);
         String profile = SpringContextUtils.getActiveProfile();
-        if(!"prod".equals(profile) ){
-            return true;
-        }
         if(StringUtils.isBlank(token)){
             HttpServletResponse httpResponse = (HttpServletResponse) response;
             httpResponse.setHeader("Access-Control-Allow-Credentials", "true");