diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/order/controller/OrderInfoController.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/order/controller/OrderInfoController.java
index e9f6c16..5a14060 100644
--- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/order/controller/OrderInfoController.java
+++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/order/controller/OrderInfoController.java
@@ -12,6 +12,8 @@ import com.bonus.common.core.web.domain.AjaxResult;
 import com.bonus.common.core.web.page.TableDataInfo;
 import com.bonus.common.log.annotation.SysLog;
 import com.bonus.common.log.enums.OperaType;
+import com.bonus.common.security.utils.SecurityUtils;
+import org.apache.catalina.security.SecurityUtil;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
@@ -131,6 +133,9 @@ public class OrderInfoController extends BaseController
     public AjaxResult addSave(@RequestBody @Valid OrderAddParam orderAddParam)
     {
         try {
+            if(!orderAddParam.getUserId().equals(SecurityUtils.getUserId())) {
+                throw new ServiceException("用户ID不匹配");
+            }
             orderInfoService.insertCanteenOrderInfo(orderAddParam);
         }catch (ServiceException ex) {
             logger.error("h5下单异常: {}", ex.getMessage(), ex);