alibaba · sczyh30 · Jan 27, 2021 · Jan 18, 2021 · Jan 19, 2021
diff --git a/...oard/src/main/java/com/alibaba/csp/sentinel/dashboard/auth/LoginAuthenticationFilter.java b/...oard/src/main/java/com/alibaba/csp/sentinel/dashboard/auth/LoginAuthenticationFilter.java
@@ -20,6 +20,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -29,7 +30,6 @@
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
 import java.io.IOException;
 import java.util.List;
 
@@ -51,6 +51,8 @@
  */
 @Component
 public class LoginAuthenticationFilter implements Filter {
+
+    private static final AntPathMatcher PATH_MATCHER = new AntPathMatcher();
 
     private static final String URL_SUFFIX_DOT = ".";
 
@@ -85,7 +87,9 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
         String servletPath = httpRequest.getServletPath();
 
         // Exclude the urls which needn't auth
-        if (authFilterExcludeUrls.contains(servletPath)) {
+        boolean authFilterExcludeMatch = authFilterExcludeUrls.stream()
+                .anyMatch(authFilterExcludeUrl -> PATH_MATCHER.match(authFilterExcludeUrl, servletPath));
+        if (authFilterExcludeMatch) {
             chain.doFilter(request, response);
             return;
         }