diff --git a/hugegraph-server/hugegraph-api/pom.xml b/hugegraph-server/hugegraph-api/pom.xml
index 459a22e0ea..bcfbdbc34c 100644
--- a/hugegraph-server/hugegraph-api/pom.xml
+++ b/hugegraph-server/hugegraph-api/pom.xml
@@ -164,6 +164,12 @@
arthas-packaging
${arthas.version}
+
+ org.gridkit.jvmtool
+ sjk-core
+ 0.14
+ compile
+
diff --git a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java
index d3da3af6d0..127b163bdb 100644
--- a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java
+++ b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java
@@ -41,6 +41,7 @@
import org.apache.tinkerpop.gremlin.server.auth.AuthenticationException;
import org.glassfish.grizzly.http.server.Request;
import org.glassfish.grizzly.utils.Charsets;
+import org.gridkit.jvmtool.cmd.AntPathMatcher;
import org.slf4j.Logger;
import com.alipay.remoting.util.StringUtils;
@@ -71,10 +72,11 @@ public class AuthenticationFilter implements ContainerRequestFilter {
private static final Logger LOG = Log.logger(AuthenticationFilter.class);
private static final List WHITE_API_LIST = ImmutableList.of(
- "auth/login",
- "versions",
- "openapi.json"
+ "/**/auth/login",
+ "/**/versions",
+ "/**/openapi.json"
);
+ private static final AntPathMatcher MATCHER = new AntPathMatcher();
private static String whiteIpStatus;
@@ -314,9 +316,8 @@ public boolean equals(Object obj) {
public static boolean isWhiteAPI(ContainerRequestContext context) {
String path = context.getUriInfo().getPath();
-
for (String whiteApi : WHITE_API_LIST) {
- if (path.endsWith(whiteApi)) {
+ if (MATCHER.match(path, whiteApi)) {
return true;
}
}