diff --git a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java
index 42432db..09b4a3d 100644
--- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java
+++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java
@@ -24,8 +24,8 @@ import static org.springframework.http.MediaType.MULTIPART_FORM_DATA_VALUE;
 @Slf4j
 public class ParamSecureHandler implements AsyncHandlerInterceptor {
 
-    private static String OPERLOG_URL = "/operlog/addLogs";
-    private static final String REGISTER = "/user/register";
+    private static final String [] WHITE_URL = {
+            "/login", "/isAdmin", "/isLogin", "/register","/operlog/addLogs"};
     private String rnd = null;
 
     public static String ur = "/";
@@ -54,15 +54,9 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
 
         XssRequestWrapper requestWrapper = new XssRequestWrapper(request);
         String requestUrl = requestWrapper.getRequestURI();
-        if (OPERLOG_URL.equals(requestUrl)) {
+        if (isWhiteUrl(requestUrl)){
             return true;
         }
-        if (REGISTER.equals(requestUrl)) {
-            return true;
-        }
-//        if (RECOGNITION.equals(requestUrl)) {
-//            return true;
-//        }
         /**
          * 白名单中不验证参数
          */
@@ -86,7 +80,7 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
          */
         String readerParam = requestWrapper.getReaderParam();
         // 判断是否是文件上传，是不对流参数进行验证
-        String uplFile = "uploadFile", upImage = "uploadImage";
+        String uplFile = "/upload", upImage = "/uploadFiles";
         if (!requestUrl.contains(uplFile) && !requestUrl.contains(upImage)) {
             boolean checkReader = checkReader(readerParam, requestUrl);
             if (!checkReader) {
@@ -232,4 +226,8 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
             throws Exception {
         SecurityContextHolder.remove();
     }
+
+    private boolean isWhiteUrl(String requestUrl) {
+        return Arrays.asList(WHITE_URL).contains(requestUrl);
+    }
 }
diff --git a/bonus-common/bonus-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/bonus-common/bonus-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
index b5c4610..3a220a6 100644
--- a/bonus-common/bonus-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ b/bonus-common/bonus-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@@ -1,4 +1,4 @@
-#com.bonus.common.security.config.MyFilter
+com.bonus.common.security.config.MyFilter
 com.bonus.common.security.config.WebMvcConfig
 com.bonus.common.security.config.VerificationCodeConfig
 com.bonus.common.security.service.TokenService