diff --git a/src/main/java/com/youlai/system/SystemApplication.java b/src/main/java/com/youlai/system/SystemApplication.java
index f72c404e..c928f2aa 100644
--- a/src/main/java/com/youlai/system/SystemApplication.java
+++ b/src/main/java/com/youlai/system/SystemApplication.java
@@ -5,9 +5,7 @@ import org.springframework.boot.autoconfigure.SpringBootApplication;
 
 @SpringBootApplication
 public class SystemApplication {
-
     public static void main(String[] args) {
         SpringApplication.run(SystemApplication.class, args);
     }
-
 }
diff --git a/src/main/java/com/youlai/system/config/SecurityConfig.java b/src/main/java/com/youlai/system/config/SecurityConfig.java
index eb98a029..bd8bbbd5 100644
--- a/src/main/java/com/youlai/system/config/SecurityConfig.java
+++ b/src/main/java/com/youlai/system/config/SecurityConfig.java
@@ -1,7 +1,10 @@
 package com.youlai.system.config;
 
 import com.youlai.system.filter.JwtAuthenticationFilter;
+import com.youlai.system.security.exception.MyAccessDeniedHandler;
+import com.youlai.system.security.exception.MyAuthenticationEntryPoint;
 import com.youlai.system.security.jwt.JwtTokenManager;
+import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -22,16 +25,13 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
 @Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
+@RequiredArgsConstructor
 public class SecurityConfig {
 
+    private final MyAuthenticationEntryPoint myAuthenticationEntryPoint;
+    private final MyAccessDeniedHandler myAccessDeniedHandler;
     private final JwtTokenManager jwtTokenManager;
 
-    public SecurityConfig(
-            JwtTokenManager jwtTokenManager
-    ) {
-        this.jwtTokenManager = jwtTokenManager;
-    }
-
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
@@ -39,8 +39,13 @@ public class SecurityConfig {
                 .csrf().disable()
                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                 .and()
-                .authorizeHttpRequests(auth -> auth.antMatchers("/**").permitAll()
-                .anyRequest().authenticated());
+                .authorizeHttpRequests()
+                .anyRequest().authenticated()
+                .and()
+                .exceptionHandling()
+                .authenticationEntryPoint(myAuthenticationEntryPoint)
+                .accessDeniedHandler(myAccessDeniedHandler)
+        ;
 
         // disable cache
         http.headers().cacheControl();
@@ -53,7 +58,7 @@ public class SecurityConfig {
     @Bean
     public WebSecurityCustomizer webSecurityCustomizer() {
         return (web) -> web.ignoring()
-                .antMatchers("/api/v1/auth/login","/webjars/**", "/doc.html", "/swagger-resources/**", "/v3/api-docs");
+                .antMatchers("/api/v1/auth/login", "/webjars/**", "/doc.html", "/swagger-resources/**", "/v3/api-docs");
     }
 
     @Bean
diff --git a/src/main/java/com/youlai/system/security/exception/MyAccessDeniedHandler.java b/src/main/java/com/youlai/system/security/exception/MyAccessDeniedHandler.java
index e2264925..34795ea2 100644
--- a/src/main/java/com/youlai/system/security/exception/MyAccessDeniedHandler.java
+++ b/src/main/java/com/youlai/system/security/exception/MyAccessDeniedHandler.java
@@ -4,9 +4,11 @@ import com.youlai.system.common.result.ResultCode;
 import com.youlai.system.util.ResponseUtils;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
 
 /**
  * Spring Security访问异常处理器
@@ -14,9 +16,10 @@ import javax.servlet.http.HttpServletResponse;
  * @author haoxr
  * @date 2022/10/18
  */
+@Component
 public class MyAccessDeniedHandler implements AccessDeniedHandler {
     @Override
-    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) {
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException {
         ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_ACCESS_FORBIDDEN);
     }
 }
diff --git a/src/main/java/com/youlai/system/security/exception/MyAuthenticationEntryPoint.java b/src/main/java/com/youlai/system/security/exception/MyAuthenticationEntryPoint.java
index 2e57477a..c2f6585f 100644
--- a/src/main/java/com/youlai/system/security/exception/MyAuthenticationEntryPoint.java
+++ b/src/main/java/com/youlai/system/security/exception/MyAuthenticationEntryPoint.java
@@ -4,6 +4,7 @@ import com.youlai.system.common.result.ResultCode;
 import com.youlai.system.util.ResponseUtils;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -16,6 +17,7 @@ import java.io.IOException;
  * @author haoxr
  * @date 2022/10/18
  */
+@Component
 public class MyAuthenticationEntryPoint implements AuthenticationEntryPoint {
     @Override
     public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
diff --git a/src/main/java/com/youlai/system/security/userdetails/SysUserDetailsServiceImpl.java b/src/main/java/com/youlai/system/security/userdetails/SysUserDetailsServiceImpl.java
index d7c66ae0..33c823b7 100644
--- a/src/main/java/com/youlai/system/security/userdetails/SysUserDetailsServiceImpl.java
+++ b/src/main/java/com/youlai/system/security/userdetails/SysUserDetailsServiceImpl.java
@@ -21,7 +21,7 @@ public class SysUserDetailsServiceImpl implements UserDetailsService {
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 
         UserAuthInfo userAuthInfo = sysUserService.getUserAuthInfo(username);
-        if(userAuthInfo==null){
+        if (userAuthInfo == null) {
             throw new UsernameNotFoundException(username);
         }
         return new SysUserDetails(userAuthInfo);
diff --git a/src/main/java/com/youlai/system/service/impl/SysUserServiceImpl.java b/src/main/java/com/youlai/system/service/impl/SysUserServiceImpl.java
index 58ab614b..13b236ea 100644
--- a/src/main/java/com/youlai/system/service/impl/SysUserServiceImpl.java
+++ b/src/main/java/com/youlai/system/service/impl/SysUserServiceImpl.java
@@ -211,11 +211,12 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
     @Override
     public UserAuthInfo getUserAuthInfo(String username) {
         UserAuthInfo userAuthInfo = this.baseMapper.getUserAuthInfo(username);
-
-        Set<String> roles = userAuthInfo.getRoles();
-        if(CollectionUtil.isNotEmpty(roles)){
-           Set<String> perms= menuService.listRolePerms(roles);
-            userAuthInfo.setPerms(perms);
+        if(userAuthInfo!=null){
+            Set<String> roles = userAuthInfo.getRoles();
+            if(CollectionUtil.isNotEmpty(roles)){
+                Set<String> perms= menuService.listRolePerms(roles);
+                userAuthInfo.setPerms(perms);
+            }
         }
         return userAuthInfo;
     }
diff --git a/src/main/java/com/youlai/system/util/ResponseUtils.java b/src/main/java/com/youlai/system/util/ResponseUtils.java
index 04997763..2dfe4aa6 100644
--- a/src/main/java/com/youlai/system/util/ResponseUtils.java
+++ b/src/main/java/com/youlai/system/util/ResponseUtils.java
@@ -4,6 +4,7 @@ import cn.hutool.json.JSONUtil;
 import com.youlai.system.common.result.Result;
 import com.youlai.system.common.result.ResultCode;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
 
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
@@ -23,7 +24,7 @@ public class ResponseUtils {
      * @param response
      * @param resultCode
      */
-    public static void writeErrMsg(HttpServletResponse response, ResultCode resultCode) {
+    public static void writeErrMsg(HttpServletResponse response, ResultCode resultCode) throws IOException {
         switch (resultCode) {
             case ACCESS_UNAUTHORIZED:
             case TOKEN_INVALID_OR_EXPIRED:
@@ -36,15 +37,9 @@ public class ResponseUtils {
                 response.setStatus(HttpStatus.BAD_REQUEST.value());
                 break;
         }
+        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
         response.setCharacterEncoding("UTF-8");
-        try {
-            String bodyJsonStr = JSONUtil.toJsonStr(Result.failed(resultCode));
-            PrintWriter printWriter = response.getWriter();
-            printWriter.print(bodyJsonStr);
-            printWriter.flush();
-            printWriter.close();
-        } catch (IOException e) {
-        }
+        response.getWriter().print(JSONUtil.toJsonStr(Result.failed(resultCode)));
     }