diff --git a/xinelu-framework/src/main/java/com/xinelu/framework/config/SecurityConfig.java b/xinelu-framework/src/main/java/com/xinelu/framework/config/SecurityConfig.java
index 77ba019..b2fa82a 100644
--- a/xinelu-framework/src/main/java/com/xinelu/framework/config/SecurityConfig.java
+++ b/xinelu-framework/src/main/java/com/xinelu/framework/config/SecurityConfig.java
@@ -112,10 +112,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                 // 过滤请求
                 .authorizeRequests()
                 // 对于登录login 注册register 验证码captchaImage 允许匿名访问
-                .antMatchers("/login", "/register", "/captchaImage","/newapp/login/appLogin","/system/hospitalPerson/*").anonymous()
+                .antMatchers("/login", "/register", "/captchaImage").anonymous()
                 // 静态资源，可匿名访问
                 .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
-                .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
+                .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**", "/nurseApplet/**", "/nurseApp/**", "/specialDisease/getUserInfo", "/monitor/payTask/handCloseOrder", "/newapp/login/appLogin", "/system/hospitalPerson/**").permitAll()
                 .antMatchers(antMatchers.split(",")).permitAll()
                 // 除上面外的所有请求全部需要鉴权认证
                 .anyRequest().authenticated()
diff --git a/xinelu-nurse-manage/src/main/java/com/xinelu/manage/controller/hospitalpersoninfo/HospitalPersonInfoController.java b/xinelu-nurse-manage/src/main/java/com/xinelu/manage/controller/hospitalpersoninfo/HospitalPersonInfoController.java
index 734510d..b09b73e 100644
--- a/xinelu-nurse-manage/src/main/java/com/xinelu/manage/controller/hospitalpersoninfo/HospitalPersonInfoController.java
+++ b/xinelu-nurse-manage/src/main/java/com/xinelu/manage/controller/hospitalpersoninfo/HospitalPersonInfoController.java
@@ -18,6 +18,8 @@ import io.swagger.annotations.ApiOperation;
 import java.util.List;
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -44,7 +46,7 @@ public class HospitalPersonInfoController extends BaseController {
      * 查询健康咨询-科室人员信息分页列表
      */
     @ApiOperation("查询健康咨询-科室人员信息分页列表")
-    //@PreAuthorize("@ss.hasPermi('system:hospitalPerson:list')")
+    @PreAuthorize("@ss.hasPermi('system:hospitalPerson:list')")
     @GetMapping("/list")
     public TableDataInfo list(HospitalPersonInfoVO hospitalPersonInfo) {
         startPage();
@@ -56,7 +58,7 @@ public class HospitalPersonInfoController extends BaseController {
 	 * 查询健康咨询-科室人员信息列表
 	 */
 	@ApiOperation("查询健康咨询-科室人员信息列表")
-	//@PreAuthorize("@ss.hasPermi('system:hospitalPerson:list')")
+	@PreAuthorize("@ss.hasPermi('system:hospitalPerson:list')")
 	@GetMapping("/getList")
 	public AjaxResult getList(HospitalPersonInfoVO hospitalPersonInfo) {
 		List<HospitalPersonInfo> list = hospitalPersonInfoService.getList(hospitalPersonInfo);
@@ -67,7 +69,7 @@ public class HospitalPersonInfoController extends BaseController {
      * 导出健康咨询-科室人员信息列表
      */
     @ApiOperation("导出健康咨询-科室人员信息列表")
-    //@PreAuthorize("@ss.hasPermi('system:hospitalPerson:export')")
+    @PreAuthorize("@ss.hasPermi('system:hospitalPerson:export')")
     @Log(title = "健康咨询-科室人员信息", businessType = BusinessType.EXPORT)
     @PostMapping("/export")
     public void export(HttpServletResponse response, HospitalPersonInfoVO hospitalPersonInfo) {
@@ -80,7 +82,7 @@ public class HospitalPersonInfoController extends BaseController {
      * 获取健康咨询-科室人员信息详细信息
      */
     @ApiOperation("获取健康咨询-科室人员信息详细信息")
-    //@PreAuthorize("@ss.hasPermi('system:hospitalPerson:query')")
+    @PreAuthorize("@ss.hasPermi('system:hospitalPerson:query')")
     @GetMapping(value = "/{id}")
     public AjaxResult getInfo(@PathVariable("id") Long id) {
         return AjaxResult.success(hospitalPersonInfoService.selectHospitalPersonInfoById(id));
@@ -90,7 +92,7 @@ public class HospitalPersonInfoController extends BaseController {
      * 新增健康咨询-科室人员信息
      */
     @ApiOperation("新增健康咨询-科室人员信息")
-    //@PreAuthorize("@ss.hasPermi('system:hospitalPerson:add')")
+    @PreAuthorize("@ss.hasPermi('system:hospitalPerson:add')")
     @Log(title = "健康咨询-科室人员信息", businessType = BusinessType.INSERT)
     @PostMapping("/add")
     public AjaxResult add(@Validated(Insert.class) @RequestBody HospitalPersonInfoDTO hospitalPersonInfo) {
@@ -101,7 +103,7 @@ public class HospitalPersonInfoController extends BaseController {
      * 修改健康咨询-科室人员信息
      */
     @ApiOperation("修改健康咨询-科室人员信息")
-    //@PreAuthorize("@ss.hasPermi('system:hospitalPerson:edit')")
+    @PreAuthorize("@ss.hasPermi('system:hospitalPerson:edit')")
     @Log(title = "健康咨询-科室人员信息", businessType = BusinessType.UPDATE)
     @PostMapping("/edit")
     public AjaxResult edit(@Validated(Update.class) @RequestBody HospitalPersonInfoDTO hospitalPersonInfo) {
@@ -121,7 +123,7 @@ public class HospitalPersonInfoController extends BaseController {
      * 删除健康咨询-科室人员信息
      */
     @ApiOperation("删除健康咨询-科室人员信息")
-    //@PreAuthorize("@ss.hasPermi('system:hospitalPerson:remove')")
+    @PreAuthorize("@ss.hasPermi('system:hospitalPerson:remove')")
     @Log(title = "健康咨询-科室人员信息", businessType = BusinessType.DELETE)
     @DeleteMapping("/{ids}")
     public AjaxResult remove(@PathVariable Long[] ids) {