diff --git a/src/main/java/org/edgegallery/website/config/ClientWebSecurityConfigurer.java b/src/main/java/org/edgegallery/website/config/ClientWebSecurityConfigurer.java
index 1cba339c24e58f087f4de133a5bb7699f899003a..1b9564a7058055cf6915c2e58319025cc9c88fb6 100644
--- a/src/main/java/org/edgegallery/website/config/ClientWebSecurityConfigurer.java
+++ b/src/main/java/org/edgegallery/website/config/ClientWebSecurityConfigurer.java
@@ -90,14 +90,7 @@ public class ClientWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
     public void configure(final HttpSecurity http) throws Exception {
         http.headers().frameOptions().disable();
 
-        http.authorizeRequests().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
-                @Override
-                public <O extends FilterSecurityInterceptor> O postProcess(O object) {
-                    LOGGER.info("postProcess setAlwaysReauthenticate true.");
-                    object.setAlwaysReauthenticate(true);
-                    return object;
-                }
-            }).antMatchers("/login", "/auth/logout").permitAll()
+        http.authorizeRequests().antMatchers("/login", "/auth/logout").permitAll()
             // this api will be used by health-check service, so permit all roles to get mec host list in v1.2
             .antMatchers(HttpMethod.GET, "/mecm-inventory/inventory/v1/mechosts").permitAll()
             .antMatchers(HttpMethod.GET, "/health").permitAll().antMatchers("/webssh").permitAll()