Index: ssts-web/src/main/java/com/forgon/disinfectsystem/security/access/RequestAccessConfigure.java
===================================================================
diff -u -r40382 -r40979
--- ssts-web/src/main/java/com/forgon/disinfectsystem/security/access/RequestAccessConfigure.java	(.../RequestAccessConfigure.java)	(revision 40382)
+++ ssts-web/src/main/java/com/forgon/disinfectsystem/security/access/RequestAccessConfigure.java	(.../RequestAccessConfigure.java)	(revision 40979)
@@ -11,6 +11,9 @@
 import org.apache.commons.collections.MapUtils;
 import org.apache.commons.lang.StringUtils;
 import org.springframework.security.access.AccessDecisionVoter;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 
 import com.forgon.directory.acegi.tools.AcegiHelper;
 import com.forgon.directory.vo.LoginUserData;
@@ -113,6 +116,13 @@
 	 * 			AccessDecisionVoter.ACCESS_DENIED	拒绝访问
 	 */
 	public int accessVote() {
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+		if(authentication == null 
+				|| authentication instanceof AnonymousAuthenticationToken
+				|| !authentication.isAuthenticated()){
+			//不做权限控制，弃权
+			return AccessDecisionVoter.ACCESS_ABSTAIN;
+		}
 		if(CollectionUtils.isEmpty(operationIds) && MapUtils.isEmpty(systemSetConfig)){
 			//不做权限控制，弃权
 			return AccessDecisionVoter.ACCESS_ABSTAIN;