diff --git a/xymanager_admin/src/main/resources/application-test.yml b/xymanager_admin/src/main/resources/application-test.yml
index 3c428ae..161a959 100644
--- a/xymanager_admin/src/main/resources/application-test.yml
+++ b/xymanager_admin/src/main/resources/application-test.yml
@@ -1,5 +1,8 @@
 # Spring配置
 spring:
+  jackson:
+    date-format: yyyy-MM-dd HH:mm:ss
+    time-zone: GMT+8
   datasource:
     driver-class-name: com.mysql.cj.jdbc.Driver
     url: jdbc:mysql://192.168.1.190:3306/xymp?allowMultiQueries=true&useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8
diff --git a/xymanager_common/src/main/java/com/shxy/xymanager_common/config/SecurityConfig.java b/xymanager_common/src/main/java/com/shxy/xymanager_common/config/SecurityConfig.java
index 9ec61fc..121e177 100644
--- a/xymanager_common/src/main/java/com/shxy/xymanager_common/config/SecurityConfig.java
+++ b/xymanager_common/src/main/java/com/shxy/xymanager_common/config/SecurityConfig.java
@@ -32,7 +32,7 @@ public class SecurityConfig {
     /**
      * 是否开启权限认证
      */
-    private Boolean urlEnable = true;
+    private Boolean enable = true;
     /**
      * 系统用户默认密码
      */
diff --git a/xymanager_common/src/main/java/com/shxy/xymanager_common/util/TokenUtil.java b/xymanager_common/src/main/java/com/shxy/xymanager_common/util/TokenUtil.java
index 36efcc9..c8b6f6c 100644
--- a/xymanager_common/src/main/java/com/shxy/xymanager_common/util/TokenUtil.java
+++ b/xymanager_common/src/main/java/com/shxy/xymanager_common/util/TokenUtil.java
@@ -3,7 +3,6 @@ package com.shxy.xymanager_common.util;
 import com.shxy.xymanager_common.config.SecurityConfig;
 import com.shxy.xymanager_common.constant.UuidUtils;
 import io.jsonwebtoken.Claims;
-import io.jsonwebtoken.JwtException;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.security.Keys;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -19,7 +18,7 @@ public class TokenUtil {
     @Autowired
     SecurityConfig config;
 
-    public  String generateToken(Integer userId) {
+    public String generateToken(Integer userId) {
         SecretKey key = Keys.hmacShaKeyFor(config.getJwtPwd().getBytes(StandardCharsets.UTF_8));
         String uuid = UuidUtils.getUUID();
         String jws = Jwts.builder()
@@ -30,16 +29,16 @@ public class TokenUtil {
                 .compact();
         return jws;
     }
-    public  String getUserId(String token) throws JwtException{
-            SecretKey key = Keys.hmacShaKeyFor(config.getJwtPwd().getBytes(StandardCharsets.UTF_8));
-            token = token.replace(config.getJwtPrefix() + " ", "");
-            Claims claims = Jwts.parserBuilder()
-                    .setSigningKey(key)
-                    .build()
-                    .parseClaimsJws(token)
-                    .getBody();
-            String userId = claims.getSubject();
-            return userId;
 
+    public String getUserId(String token) {
+        SecretKey key = Keys.hmacShaKeyFor(config.getJwtPwd().getBytes(StandardCharsets.UTF_8));
+        token = token.replace(config.getJwtPrefix() + " ", "");
+        Claims claims = Jwts.parserBuilder()
+                .setSigningKey(key)
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+        String userId = claims.getSubject();
+        return userId;
     }
 }
diff --git a/xymanager_framework/pom.xml b/xymanager_framework/pom.xml
index c1ea8ce..abd2f3b 100644
--- a/xymanager_framework/pom.xml
+++ b/xymanager_framework/pom.xml
@@ -40,10 +40,6 @@
                     <groupId>ch.qos.logback</groupId>
                     <artifactId>logback-classic</artifactId>
                 </exclusion>
-                <exclusion>
-                    <groupId>org.springframework.boot</groupId>
-                    <artifactId>spring-boot-starter-tomcat</artifactId>
-                </exclusion>
             </exclusions>
         </dependency>
         <!-- SpringBoot 拦截器 -->
diff --git a/xymanager_framework/src/main/java/com/shxy/xymanager_framework/filter/UrlAuthFilter.java b/xymanager_framework/src/main/java/com/shxy/xymanager_framework/filter/UrlAuthFilter.java
index ae8a343..3eca3f6 100644
--- a/xymanager_framework/src/main/java/com/shxy/xymanager_framework/filter/UrlAuthFilter.java
+++ b/xymanager_framework/src/main/java/com/shxy/xymanager_framework/filter/UrlAuthFilter.java
@@ -37,7 +37,7 @@ public class UrlAuthFilter extends AbstractAuthorizationFilter {
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
             throws ServletException, IOException {
 
-        if (!config.getUrlEnable()) {
+        if (!config.getEnable()) {
             filterChain.doFilter(request, response);
             return;
         }
diff --git a/xymanager_framework/src/main/java/com/shxy/xymanager_framework/filter/UserInfoFilter.java b/xymanager_framework/src/main/java/com/shxy/xymanager_framework/filter/UserInfoFilter.java
index 28e5efa..3d13a8e 100644
--- a/xymanager_framework/src/main/java/com/shxy/xymanager_framework/filter/UserInfoFilter.java
+++ b/xymanager_framework/src/main/java/com/shxy/xymanager_framework/filter/UserInfoFilter.java
@@ -2,7 +2,6 @@ package com.shxy.xymanager_framework.filter;
 
 import com.shxy.xymanager_common.bean.SysUser;
 import com.shxy.xymanager_common.config.SecurityConfig;
-import com.shxy.xymanager_common.exception.CustomException;
 import com.shxy.xymanager_common.threadlocal.UserContextHolder;
 import com.shxy.xymanager_common.util.TokenUtil;
 import com.shxy.xymanager_service.service.SysUserService;
@@ -12,12 +11,15 @@ import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.util.PathMatcher;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Arrays;
 
 @Order(1)
 @Slf4j
@@ -34,32 +36,46 @@ public class UserInfoFilter extends AbstractAuthorizationFilter {
         this.userService = userService;
     }
 
+    PathMatcher pathMatcher = new AntPathMatcher();
+
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
-        boolean valid = false;
-        try {
-            valid = initContextHolders(request);
-        } catch (CustomException ex) {
-            writeException(request, response, ex);
+        if (!config.getEnable()) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+        String path = request.getRequestURI();
+        int suffixIdx = path.lastIndexOf(".");
+        if (suffixIdx > -1 && Arrays.stream(config.getResourceSuffix().toArray())
+                .anyMatch(a -> a.equals(path.substring(suffixIdx)))) {
+            filterChain.doFilter(request, response);
+            return;
         }
-        if (valid) {
+        for (String white : config.getUrlWhiteList()) {
+            if (pathMatcher.match(white, path)) {
+                filterChain.doFilter(request, response);
+                return;
+            }
+        }
+
+        try {
+            initContextHolders(request);
             filterChain.doFilter(request, response);
+        } catch (JwtException ex) {
+            log.error("token error", ex);
+            writeException(request, response, new Exception("用户未登录或用户登录已过期"));
+        } finally {
+            UserContextHolder.reset();
         }
-        UserContextHolder.reset();
     }
 
-    private boolean initContextHolders(HttpServletRequest request) throws CustomException {
+    private boolean initContextHolders(HttpServletRequest request) {
         String token = request.getHeader(config.getJwtHeader());
         if (!StringUtils.isBlank(token)) {
-            try {
             String userId = tokenUtil.getUserId(token);
-                if (!StringUtils.isBlank(userId)) {
-                    SysUser user = userService.selectUserById(Integer.parseInt(userId));
-                    UserContextHolder.setCurrentUserInfo(user);
-                }
-            } catch (JwtException ex) {
-                log.error(ex.getMessage(), ex);
-                throw new CustomException("用户未登录或用户登录已过期");
+            if (!StringUtils.isBlank(userId)) {
+                SysUser user = userService.selectUserById(Integer.parseInt(userId));
+                UserContextHolder.setCurrentUserInfo(user);
             }
         }
         return true;
diff --git a/xymanager_service/src/main/java/com/shxy/xymanager_service/impl/RoleServiceImpl.java b/xymanager_service/src/main/java/com/shxy/xymanager_service/impl/RoleServiceImpl.java
index c2853b4..4bfbf3f 100644
--- a/xymanager_service/src/main/java/com/shxy/xymanager_service/impl/RoleServiceImpl.java
+++ b/xymanager_service/src/main/java/com/shxy/xymanager_service/impl/RoleServiceImpl.java
@@ -58,11 +58,17 @@ public class RoleServiceImpl implements RoleService {
 
     @Override
     public void update(TbRole item) throws Exception {
+        if (item.getId() == SUPER_ADMIN) {
+            throw new Exception("不能修改超级管理员");
+        }
         roleMapper.updateByPrimaryKey(item);
     }
 
     @Override
     public void delete(Integer id) throws Exception {
+        if (id == SUPER_ADMIN) {
+            throw new Exception("不能删除超级管理员");
+        }
         roleMapper.deleteByPrimaryKey(id);
     }