diff --git a/src/org/redkale/net/http/HttpMapping.java b/src/org/redkale/net/http/HttpMapping.java
index 06db01e03..534d5147f 100644
--- a/src/org/redkale/net/http/HttpMapping.java
+++ b/src/org/redkale/net/http/HttpMapping.java
@@ -42,12 +42,11 @@ public @interface HttpMapping {
int cacheseconds() default 0;
/**
- * 是否鉴权,默认不鉴权
- * 如@WebServlet.auth = false, 该值忽略
+ * 是否鉴权,默认需要鉴权
*
* @return boolean
*/
- boolean auth() default false;
+ boolean auth() default true;
/**
* 允许方法(不区分大小写),如:GET/POST/PUT,为空表示允许所有方法
diff --git a/src/org/redkale/net/http/RestMapping.java b/src/org/redkale/net/http/RestMapping.java
index d8782fa77..eaa535d66 100644
--- a/src/org/redkale/net/http/RestMapping.java
+++ b/src/org/redkale/net/http/RestMapping.java
@@ -47,11 +47,11 @@ public @interface RestMapping {
String comment() default "";
/**
- * 是否鉴权,默认不鉴权, 对应@HttpMapping.auth
+ * 是否鉴权,默认需要鉴权, 对应@HttpMapping.auth
*
* @return boolean
*/
- boolean auth() default false;
+ boolean auth() default true;
/**
* 操作ID值,鉴权时用到, 对应@HttpMapping.actionid