diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/zhhq/controller/ZhhqAccountInfoController.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/zhhq/controller/ZhhqAccountInfoController.java
index ebf0a3c..8ff6991 100644
--- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/zhhq/controller/ZhhqAccountInfoController.java
+++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/zhhq/controller/ZhhqAccountInfoController.java
@@ -5,24 +5,28 @@ import com.bonus.canteen.core.account.constants.AccStatusEnum;
 import com.bonus.canteen.core.account.domain.param.AccountInfoQueryParam;
 import com.bonus.canteen.core.account.domain.vo.AccInfoDetailsVO;
 import com.bonus.canteen.core.account.service.IAccInfoService;
+import com.bonus.canteen.core.common.utils.HeaderFetchUtil;
 import com.bonus.canteen.core.zhhq.domain.AccountInfoDTO;
 import com.bonus.canteen.core.zhhq.domain.AccountInfoVO;
 import com.bonus.canteen.core.zhhq.domain.WeekRecipeDTO;
 import com.bonus.canteen.core.zhhq.service.IZhhqCookRecipeService;
+import com.bonus.common.core.exception.ServiceException;
+import com.bonus.common.core.utils.encryption.Sm4Utils;
 import com.bonus.common.core.web.controller.BaseController;
 import com.bonus.common.core.web.domain.AjaxResult;
+import com.bonus.common.houqin.constant.GlobalConstants;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
 import java.math.BigDecimal;
 import java.util.List;
+import java.util.Map;
+
+import static com.bonus.canteen.core.common.utils.DateUtil.getCurrentDateStr;
 
 /**
  * 账户信息Controller
@@ -40,7 +44,10 @@ public class ZhhqAccountInfoController extends BaseController {
 
     @ApiOperation("获取员工账户信息")
     @PostMapping({"/getBalance"})
-    public AjaxResult getBalance(@RequestBody @Valid AccountInfoDTO dto) {
+    public AjaxResult getBalance(@RequestHeader Map<String, String> requestHeader, @RequestBody @Valid AccountInfoDTO dto) {
+        if (!(GlobalConstants.JYY + getCurrentDateStr()).equals(Sm4Utils.decrypt(HeaderFetchUtil.getSign(requestHeader)))) {
+            throw new ServiceException("访问缺少认证信息");
+        }
         try {
             AccountInfoQueryParam param = new AccountInfoQueryParam();
             param.setUserCode(dto.getEmpCode());