diff --git a/db/mysql.sql b/db/mysql.sql
index 41e8b22..90dee9c 100644
--- a/db/mysql.sql
+++ b/db/mysql.sql
@@ -209,5 +209,5 @@ create table sys_dict_data
 ) ENGINE = InnoDB AUTO_INCREMENT = 10000 DEFAULT CHARACTER SET utf8mb4 COMMENT ='字典数据';
 
 
-INSERT INTO sys_user (id, username, password, real_name, gender, email, mobile, status, org_id, super_admin, version, deleted, creator, create_time, updater, update_time) VALUES (10000, 'admin', '$2a$10$XCoT1x7oMt97bBVpz5fCz.AtsDm3WUliBO//FA61CHQM7wnicC6GK', 'admin', 0, 'babamu@126.com', '13612345678', 1, null, 1, 0, 0, 10000, now(), 10000, now());
+INSERT INTO sys_user (id, username, password, real_name, gender, email, mobile, status, org_id, super_admin, version, deleted, creator, create_time, updater, update_time) VALUES (10000, 'admin', '{bcrypt}$2a$10$mW/yJPHjyueQ1g26WNBz0uxVPa0GQdJO1fFZmqdkqgMTGnyszlXxu', 'admin', 0, 'babamu@126.com', '13612345678', 1, null, 1, 0, 0, 10000, now(), 10000, now());
 INSERT INTO sys_oauth_client (id, client_id, client_secret, resource_ids, scope, authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, additional_information, autoapprove, version, deleted, creator, create_time, updater, update_time) VALUES (10000, 'web', '123456', '', 'all', '["authorization_code","password","implicit","client_credentials","refresh_token"]', 'https://gitee.com/makunet', NULL, 43200, 604800, NULL, 'true', 0, 0, 10000, now(), 10000, now());
diff --git a/fast-boot-framework/src/main/java/net/maku/framework/config/CorsConfig.java b/fast-boot-framework/src/main/java/net/maku/framework/config/CorsConfig.java
new file mode 100644
index 0000000..1329254
--- /dev/null
+++ b/fast-boot-framework/src/main/java/net/maku/framework/config/CorsConfig.java
@@ -0,0 +1,28 @@
+package net.maku.framework.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+/**
+ * 跨域配置
+ *
+ * @author 阿沐 babamu@126.com
+ */
+@Configuration
+public class CorsConfig {
+
+    @Bean
+    public CorsFilter corsFilter() {
+        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        final CorsConfiguration corsConfiguration = new CorsConfiguration();
+        corsConfiguration.setAllowCredentials(true);
+        corsConfiguration.addAllowedHeader("*");
+        corsConfiguration.addAllowedOriginPattern("*");
+        corsConfiguration.addAllowedMethod("*");
+        source.registerCorsConfiguration("/**", corsConfiguration);
+        return new CorsFilter(source);
+    }
+}
\ No newline at end of file
diff --git a/fast-boot-framework/src/main/java/net/maku/framework/config/WebConfig.java b/fast-boot-framework/src/main/java/net/maku/framework/config/WebConfig.java
index 376bc2b..483b879 100644
--- a/fast-boot-framework/src/main/java/net/maku/framework/config/WebConfig.java
+++ b/fast-boot-framework/src/main/java/net/maku/framework/config/WebConfig.java
@@ -10,7 +10,6 @@ import org.springframework.http.converter.ResourceHttpMessageConverter;
 import org.springframework.http.converter.StringHttpMessageConverter;
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
 import org.springframework.http.converter.support.AllEncompassingFormHttpMessageConverter;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 import java.util.List;
@@ -25,15 +24,6 @@ import java.util.TimeZone;
 public class WebConfig implements WebMvcConfigurer {
 
     @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-            .allowedOriginPatterns("*")
-            .allowCredentials(true)
-            .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
-            .maxAge(3600);
-    }
-
-    @Override
     public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
         converters.add(new ByteArrayHttpMessageConverter());
         converters.add(new StringHttpMessageConverter());
diff --git a/fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java b/fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java
index 8e443d9..01b9a01 100644
--- a/fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java
+++ b/fast-boot-framework/src/main/java/net/maku/framework/security/config/ResourceServerConfig.java
@@ -37,7 +37,7 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
             .and()
             .requestMatchers()
             // 被保护的资源
-            .antMatchers("/sys/**", "/wx/mp/**")
+            .antMatchers("/sys/**")
             .and()
             .authorizeRequests()
             .anyRequest().authenticated()
diff --git a/fast-boot-system/src/main/java/net/maku/security/filter/ValidateCodeFilter.java b/fast-boot-system/src/main/java/net/maku/security/filter/ValidateCodeFilter.java
index 1f7e452..6319752 100644
--- a/fast-boot-system/src/main/java/net/maku/security/filter/ValidateCodeFilter.java
+++ b/fast-boot-system/src/main/java/net/maku/security/filter/ValidateCodeFilter.java
@@ -1,6 +1,7 @@
 package net.maku.security.filter;
 
 import lombok.AllArgsConstructor;
+import net.maku.framework.security.exception.FastAuthenticationException;
 import net.maku.framework.security.handler.UserAuthenticationFailureHandler;
 import net.maku.security.service.CaptchaService;
 import org.springframework.security.core.AuthenticationException;
@@ -50,8 +51,8 @@ public class ValidateCodeFilter extends OncePerRequestFilter {
 
         boolean flag = captchaService.validate(key, captcha);
 
-//        if(!flag) {
-//            throw new FastAuthenticationException("验证码错误");
-//        }
+        if(!flag) {
+            throw new FastAuthenticationException("验证码错误");
+        }
     }
 }
diff --git a/fast-boot-system/src/main/java/net/maku/security/service/FastUserDetailsService.java b/fast-boot-system/src/main/java/net/maku/security/service/FastUserDetailsService.java
index e2c6a62..e14da9a 100644
--- a/fast-boot-system/src/main/java/net/maku/security/service/FastUserDetailsService.java
+++ b/fast-boot-system/src/main/java/net/maku/security/service/FastUserDetailsService.java
@@ -50,9 +50,6 @@ public class FastUserDetailsService implements UserDetailsService {
         // 转换成UserDetail对象
         UserDetail userDetail = SysUserConvert.INSTANCE.convertDetail(userEntity);
 
-        // 告诉spring-security，密码使用的bcrypt加密
-        userDetail.setPassword(String.format("{bcrypt}%s", userDetail.getPassword()));
-
         // 账号不可用
         if(userEntity.getStatus() == UserStatusEnum.DISABLE.getValue()){
             userDetail.setEnabled(false);
diff --git a/fast-boot-system/src/main/java/net/maku/system/controller/SysMenuController.java b/fast-boot-system/src/main/java/net/maku/system/controller/SysMenuController.java
index 95c3da1..91d7a47 100644
--- a/fast-boot-system/src/main/java/net/maku/system/controller/SysMenuController.java
+++ b/fast-boot-system/src/main/java/net/maku/system/controller/SysMenuController.java
@@ -34,7 +34,7 @@ public class SysMenuController {
 	private final SysMenuService sysMenuService;
 
 	@GetMapping("nav")
-	@Operation(summary = "导航列表")
+	@Operation(summary = "菜单导航")
 	public Result<List<SysMenuVO>> nav(){
 		UserDetail user = SecurityUser.getUser();
 		List<SysMenuVO> list = sysMenuService.getUserMenuList(user, MenuTypeEnum.MENU.getValue());