diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/config/SecureProperties.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/config/SecureProperties.java
index 2e588f53..b027d1c7 100644
--- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/config/SecureProperties.java
+++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/config/SecureProperties.java
@@ -159,9 +159,9 @@ public class SecureProperties {
 
       public Security() {
          this.serverSm4KeyBytes = Base64Decoder.decode(this.serverSm4Key);
-         this.serverSm2Key = "MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQgCtqk5Jj7pPWh91d9mPA4Kd7fOfzBULrnAERNDV+4XBCgCgYIKoEcz1UBgi2hRANCAARykhB6sXHWTbB60Pr+laPqEP5JBRpEcySONKKP5Q03o/g3OpnQXc7aVMdLUxL8wD1wQHEu4KHmHQr7jvVt0rkM";
+         this.serverSm2Key = "D55F4709BE51FCDC71D6385885A5CAEE70A09438F862BEB4E56F64A70C76EF5F";
          this.serverSm2KeyBytes = Base64Decoder.decode(this.serverSm2Key);
-         this.clientSm2Key = "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEcpIQerFx1k2wetD6/pWj6hD+SQUaRHMkjjSij+UNN6P4NzqZ0F3O2lTHS1MS/MA9cEBxLuCh5h0K+471bdK5DA==";
+         this.clientSm2Key = "04768E8E44656FFD4BA58C0270002A28365A5F6B0F6D40E88B9221CDFAAA8E82C8CCEDBA5FC2D03F20B11492EBE90CC04782682AFE326363A503F086C04A14092C";
          this.clientSm2KeyBytes = Base64Decoder.decode(this.serverSm2Key);
          this.timestampHeaderName = "X-Security-Timestamp";
          this.nonceHeaderName = "X-Security-Nonce";
diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/config/SmUtils.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/config/SmUtils.java
index bff6c6ad..318dff45 100644
--- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/config/SmUtils.java
+++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/config/SmUtils.java
@@ -1,5 +1,6 @@
 package com.bonus.canteen.core.config;
 
+import cn.hutool.core.codec.Base64;
 import cn.hutool.core.codec.Base64Decoder;
 import cn.hutool.core.codec.Base64Encoder;
 import cn.hutool.core.util.PrimitiveArrayUtil;
@@ -10,6 +11,7 @@ import cn.hutool.crypto.SmUtil;
 import cn.hutool.crypto.asymmetric.KeyType;
 import cn.hutool.crypto.asymmetric.SM2;
 import cn.hutool.crypto.symmetric.SM4;
+import com.bonus.canteen.core.common.utils.SpringContextHolder;
 import com.google.common.base.Joiner;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.slf4j.Logger;
@@ -24,8 +26,7 @@ import java.util.SortedMap;
 
 public class SmUtils {
    private static final Logger log = LoggerFactory.getLogger(SmUtils.class);
-   private static SecureProperties secureProperties;
-
+   private static SecureProperties secureProperties = SpringContextHolder.getBean(SecureProperties.class);
    public static void setSecureProperties(SecureProperties secureProperties) {
       if (SmUtils.secureProperties == null) {
          SmUtils.secureProperties = secureProperties;
@@ -93,12 +94,12 @@ public class SmUtils {
 
    private static void sm2() {
       System.out.println("=================sm2===================");
-      String privateKeyStr = "MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQgCtqk5Jj7pPWh91d9mPA4Kd7fOfzBULrnAERNDV+4XBCgCgYIKoEcz1UBgi2hRANCAARykhB6sXHWTbB60Pr+laPqEP5JBRpEcySONKKP5Q03o/g3OpnQXc7aVMdLUxL8wD1wQHEu4KHmHQr7jvVt0rkM";
-      String pubKeyStr = "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEcpIQerFx1k2wetD6/pWj6hD+SQUaRHMkjjSij+UNN6P4NzqZ0F3O2lTHS1MS/MA9cEBxLuCh5h0K+471bdK5DA==";
-      SM2 sm2 = SmUtil.sm2("MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQgCtqk5Jj7pPWh91d9mPA4Kd7fOfzBULrnAERNDV+4XBCgCgYIKoEcz1UBgi2hRANCAARykhB6sXHWTbB60Pr+laPqEP5JBRpEcySONKKP5Q03o/g3OpnQXc7aVMdLUxL8wD1wQHEu4KHmHQr7jvVt0rkM", "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEcpIQerFx1k2wetD6/pWj6hD+SQUaRHMkjjSij+UNN6P4NzqZ0F3O2lTHS1MS/MA9cEBxLuCh5h0K+471bdK5DA==");
-      String data = "liolay";
+      String privateKeyStr = "D55F4709BE51FCDC71D6385885A5CAEE70A09438F862BEB4E56F64A70C76EF5F";
+      String pubKeyStr = "04768E8E44656FFD4BA58C0270002A28365A5F6B0F6D40E88B9221CDFAAA8E82C8CCEDBA5FC2D03F20B11492EBE90CC04782682AFE326363A503F086C04A14092C";
+      SM2 sm2 = SmUtil.sm2(privateKeyStr, pubKeyStr);
+      String data = "liolay123466789";
       byte[] encrypt = sm2.encrypt("liolay".getBytes(StandardCharsets.UTF_8));
-      System.out.println("encrypt:" + Base64Encoder.encode(encrypt));
+      System.out.println("encrypt:" + Base64.encode(encrypt));
       PrintStream var10000 = System.out;
       byte[] var10001 = sm2.sign(data.getBytes(StandardCharsets.UTF_8));
       var10000.println("sign:" + Base64Encoder.encode(var10001));
diff --git a/bonus-modules/bonus-smart-canteen/src/main/resources/bootstrap.yml b/bonus-modules/bonus-smart-canteen/src/main/resources/bootstrap.yml
index 4121d0c4..13dae7eb 100644
--- a/bonus-modules/bonus-smart-canteen/src/main/resources/bootstrap.yml
+++ b/bonus-modules/bonus-smart-canteen/src/main/resources/bootstrap.yml
@@ -9,4 +9,15 @@ spring:
 
 system:
   mqtt-tcp-address: ${MQTT_TCP_ADDRESS:${RABBITMQ_CLIENT_ADDRESS:192.168.97.215:40003}}
-  mqtt-websocket-address: ${MQTT_WEBSOCKET_ADDRESS:${RABBITMQ_WEB_CLIENT_ADDRESS:}}
\ No newline at end of file
+  mqtt-websocket-address: ${MQTT_WEBSOCKET_ADDRESS:${RABBITMQ_WEB_CLIENT_ADDRESS:}}
+secure:
+  prohibit-unannotated-handler: false
+  expireAfter: ${SECURE_EXPIREAFTER:172800}
+  security:
+    encryptUriPrefix: /security
+    serverSm2Key: D55F4709BE51FCDC71D6385885A5CAEE70A09438F862BEB4E56F64A70C76EF5F
+    serverSm4Key: StqtdHhleMKClUGbmBqdrg==
+    clientKeySignParamName: securityClientKey
+    maxWindowSeconds: 300
+    ignoredUri:
+      - /security/captcha/
\ No newline at end of file