diff --git a/src/main/java/com/zsc/edu/gateway/framework/mybatisplus/MyMetaObjectHandler.java b/src/main/java/com/zsc/edu/gateway/framework/mybatisplus/MyMetaObjectHandler.java
index eaaec9e..4f8d91b 100644
--- a/src/main/java/com/zsc/edu/gateway/framework/mybatisplus/MyMetaObjectHandler.java
+++ b/src/main/java/com/zsc/edu/gateway/framework/mybatisplus/MyMetaObjectHandler.java
@@ -20,23 +20,18 @@ public class MyMetaObjectHandler implements MetaObjectHandler {
     @Override
     public void insertFill(MetaObject metaObject) {
 
-        UserDetailsImpl userInfo = SecurityUtil.getUserInfo();
-        if (userInfo.getUsername() == null) {
-            userInfo.setUsername( "system");
-        }
         this.strictInsertFill(metaObject, "createTime", LocalDateTime.class, LocalDateTime.now());
-        this.strictInsertFill(metaObject, "createBy", String.class, userInfo.getUsername());
+        SecurityUtil.getCurrentAuditor().ifPresent(username ->
+                this.strictInsertFill(metaObject, "createBy", String.class, username));
+        ;
 
     }
 
     @Override
     public void updateFill(MetaObject metaObject) {
-        UserDetailsImpl userInfo = SecurityUtil.getUserInfo();
-        if (userInfo.getUsername() == null) {
-            userInfo.setUsername( "system");
-        }
         this.strictUpdateFill(metaObject, "updateTime", LocalDateTime::now, LocalDateTime.class);
-        this.strictUpdateFill(metaObject, "updateBy", userInfo::getUsername, String.class);
+        SecurityUtil.getCurrentAuditor().ifPresent(username ->
+                this.strictInsertFill(metaObject, "updateBy", String.class, username));
 
     }
 
diff --git a/src/main/java/com/zsc/edu/gateway/framework/security/SecurityBeanConfig.java b/src/main/java/com/zsc/edu/gateway/framework/security/SecurityBeanConfig.java
index 8620c24..4372f35 100644
--- a/src/main/java/com/zsc/edu/gateway/framework/security/SecurityBeanConfig.java
+++ b/src/main/java/com/zsc/edu/gateway/framework/security/SecurityBeanConfig.java
@@ -13,10 +13,10 @@ import org.springframework.security.web.session.HttpSessionEventPublisher;
  */
 @Configuration
 public class SecurityBeanConfig {
-//    @Bean
-//    public PasswordEncoder passwordEncoder() {
-//        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
-//    }
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
+    }
 
     @Bean
     public SessionRegistry sessionRegistry() {
diff --git a/src/main/java/com/zsc/edu/gateway/framework/security/SecurityUtil.java b/src/main/java/com/zsc/edu/gateway/framework/security/SecurityUtil.java
index 450c27f..c670439 100644
--- a/src/main/java/com/zsc/edu/gateway/framework/security/SecurityUtil.java
+++ b/src/main/java/com/zsc/edu/gateway/framework/security/SecurityUtil.java
@@ -1,9 +1,11 @@
 package com.zsc.edu.gateway.framework.security;
 
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import java.util.Objects;
+import java.util.Optional;
 
 /**
  * @author Yao
@@ -18,4 +20,22 @@ public class SecurityUtil {
         return (UserDetailsImpl) authentication.getPrincipal();
     }
 
+    public static Optional<String> getCurrentAuditor() {
+        try {
+            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+            if (authentication instanceof AnonymousAuthenticationToken) {
+                return Optional.of("system");
+            } else {
+                if (authentication == null) {
+                    return Optional.of("system");
+                }
+                UserDetailsImpl user = (UserDetailsImpl) authentication.getPrincipal();
+                return Optional.of(user.getUsername());
+            }
+        } catch (Exception ex) {
+            // log.error("get user Authentication failed: " + ex.getMessage(), ex);
+            return Optional.of("system");
+        }
+    }
+
 }
diff --git a/src/main/java/com/zsc/edu/gateway/framework/security/SpringSecurityConfig.java b/src/main/java/com/zsc/edu/gateway/framework/security/SpringSecurityConfig.java
index edf89e1..846ecfc 100644
--- a/src/main/java/com/zsc/edu/gateway/framework/security/SpringSecurityConfig.java
+++ b/src/main/java/com/zsc/edu/gateway/framework/security/SpringSecurityConfig.java
@@ -8,6 +8,8 @@ import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.core.session.SessionRegistry;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -28,6 +30,7 @@ import javax.sql.DataSource;
  * @author harry_yao
  */
 @AllArgsConstructor
+@EnableMethodSecurity
 @Configuration
 public class SpringSecurityConfig {
 
@@ -42,23 +45,24 @@ public class SpringSecurityConfig {
     @Resource
     private final DataSource dataSource;
 
-    @Bean
-    public BCryptPasswordEncoder bCryptPasswordEncoder() {
-        return new BCryptPasswordEncoder();
-    };
+//    @Bean
+//    public BCryptPasswordEncoder bCryptPasswordEncoder() {
+//        return new BCryptPasswordEncoder();
+//    };
 
     @Bean
     public PersistentTokenRepository persistentTokenRepository() {
         JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
         tokenRepository.setDataSource(dataSource);
         return tokenRepository;
+
     }
 
     @Bean
     AuthenticationManager authenticationManager() {
         DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
         daoAuthenticationProvider.setUserDetailsService(userDetailsService);
-        daoAuthenticationProvider.setPasswordEncoder(bCryptPasswordEncoder());
+        daoAuthenticationProvider.setPasswordEncoder(securityBeanConfig.passwordEncoder());
         return new ProviderManager(daoAuthenticationProvider);
     }
 
@@ -81,7 +85,11 @@ public class SpringSecurityConfig {
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers(HttpMethod.GET, "/api/rest/user/me","/api/rest/user/register","/api/rest/user/send-email").permitAll()
                         .requestMatchers(HttpMethod.POST, "/api/rest/user/login","/api/rest/user/register").permitAll()
-                        .requestMatchers("/api/**").authenticated())
+                        .requestMatchers("/api/**").authenticated()
+                        .requestMatchers("/api/**").access((authentication, object) -> {
+                            return new AuthorizationDecision(true);
+                        })
+                )
                         // 不用注解，直接通过判断路径实现动态访问权限
 //                        .requestMatchers("/api/**").access((authentication, object) -> {
 //                            //表示请求的 URL 地址和数据库的地址是否匹配上了
diff --git a/src/main/java/com/zsc/edu/gateway/modules/system/entity/Menu.java b/src/main/java/com/zsc/edu/gateway/modules/system/entity/Menu.java
index f113031..d6e956d 100644
--- a/src/main/java/com/zsc/edu/gateway/modules/system/entity/Menu.java
+++ b/src/main/java/com/zsc/edu/gateway/modules/system/entity/Menu.java
@@ -27,7 +27,7 @@ public class Menu extends BaseEntity {
     /**
      * 菜单类型
      */
-    private Type type = Type.PAGE;
+    private Type type;
     /**
      * 路由名称
      */