diff --git a/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java b/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java
index c7f5360..bd8e660 100755
--- a/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java
+++ b/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java
@@ -2,11 +2,9 @@
 
 
 import com.supwisdom.dlpay.exception.ValidateCodeException;
-import com.supwisdom.dlpay.framework.security.validate.ImageCode;
 import com.supwisdom.dlpay.framework.security.validate.ImageCodeUtil;
 import com.supwisdom.dlpay.framework.security.validate.VerifyCode;
 import com.supwisdom.dlpay.framework.util.StringUtil;
-import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
@@ -20,59 +18,59 @@
 import java.io.IOException;
 
 
-//@Component("validateCodeFilter")
-//public class ValidateCodeFilter extends OncePerRequestFilter{
-//
-//	/**
-//	 * 校验失败处理器
-//	 */
-//	@Autowired
-//	private AuthenticationFailureHandler myAuthenticationFailureHandler;
-//
-//	/**
-//	 * 校验成功处理器
-//	 */
-//	@Autowired
-//	private AuthenticationSuccessHandler myAuthenticationSuccessHandler;
-//
-//
-//	@Override
-//	protected void doFilterInternal(HttpServletRequest request,
-//																	HttpServletResponse response, FilterChain filterChain)
-//			throws ServletException, IOException {
-//		if (StringUtil.equals("/login/form", request.getRequestURI())
-//				&& StringUtil.equalsIgnoreCase(request.getMethod(), "post")) {
-//			try {
-//				validate(request);
-//			} catch (ValidateCodeException e) {
-//				myAuthenticationFailureHandler.onAuthenticationFailure(request, response, e);
-//			}
-//		}
-//		filterChain.doFilter(request, response);
-//	}
-//
-//	private void validate(HttpServletRequest request) throws ValidateCodeException {
-//		VerifyCode imageCode = (VerifyCode) request.getSession().getAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
-//		String inputCode;
-//		try {
-//			inputCode = request.getParameter("imageCode");
-//		} catch (Exception e) {
-//			throw new ValidateCodeException("获取验证码的值失败");
-//		}
-//		if (StringUtil.isEmpty(inputCode)) {
-//			throw new ValidateCodeException("验证码的值不能为空");
-//		}
-//		if (null == imageCode) {
-//			throw new ValidateCodeException("验证码不存在");
-//		}
-//		if (imageCode.isExpired()) {
-//			request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
-//			throw new ValidateCodeException("验证码已过期");
-//		}
-//		if (!StringUtil.equalsIgnoreCase(imageCode.getText(), inputCode)) {
-//			throw new ValidateCodeException("验证码不匹配");
-//		}
-//		request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
-//	}
-//
-//}
+@Component("validateCodeFilter")
+public class ValidateCodeFilter extends OncePerRequestFilter{
+
+	/**
+	 * 校验失败处理器
+	 */
+	@Autowired
+	private AuthenticationFailureHandler myAuthenticationFailureHandler;
+
+	/**
+	 * 校验成功处理器
+	 */
+	@Autowired
+	private AuthenticationSuccessHandler myAuthenticationSuccessHandler;
+
+
+	@Override
+	protected void doFilterInternal(HttpServletRequest request,
+																	HttpServletResponse response, FilterChain filterChain)
+			throws ServletException, IOException {
+		if (StringUtil.equals("/login/form", request.getRequestURI())
+				&& StringUtil.equalsIgnoreCase(request.getMethod(), "post")) {
+			try {
+				validate(request);
+			} catch (ValidateCodeException e) {
+				myAuthenticationFailureHandler.onAuthenticationFailure(request, response, e);
+			}
+		}
+		filterChain.doFilter(request, response);
+	}
+
+	private void validate(HttpServletRequest request) throws ValidateCodeException {
+		VerifyCode imageCode = (VerifyCode) request.getSession().getAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
+		String inputCode;
+		try {
+			inputCode = request.getParameter("imageCode");
+		} catch (Exception e) {
+			throw new ValidateCodeException("获取验证码的值失败");
+		}
+		if (StringUtil.isEmpty(inputCode)) {
+			throw new ValidateCodeException("验证码的值不能为空");
+		}
+		if (null == imageCode) {
+			throw new ValidateCodeException("验证码不存在");
+		}
+		if (imageCode.isExpired()) {
+			request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
+			throw new ValidateCodeException("验证码已过期");
+		}
+		if (!StringUtil.equalsIgnoreCase(imageCode.getText(), inputCode)) {
+			throw new ValidateCodeException("验证码不匹配");
+		}
+		request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
+	}
+
+}
diff --git a/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java b/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java
index c5c3f7c..56782db 100644
--- a/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java
+++ b/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java
@@ -9,7 +9,7 @@
 import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
 import org.springframework.stereotype.Component;
 
-//@Component("validateCodeSecurityConfig")
+@Component("validateCodeSecurityConfig")
 public class ValidateCodeSecurityConfig  extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,HttpSecurity> {
 	
 	@Autowired
diff --git a/src/main/kotlin/com/supwisdom/dlpay/security.kt b/src/main/kotlin/com/supwisdom/dlpay/security.kt
index 29c795d..05d8709 100644
--- a/src/main/kotlin/com/supwisdom/dlpay/security.kt
+++ b/src/main/kotlin/com/supwisdom/dlpay/security.kt
@@ -2,6 +2,7 @@
 
 import com.supwisdom.dlpay.framework.core.JwtConfig
 import com.supwisdom.dlpay.framework.core.JwtTokenUtil
+import com.supwisdom.dlpay.framework.security.ValidateCodeSecurityConfig
 import org.jose4j.jwt.consumer.InvalidJwtException
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Bean
@@ -91,8 +92,8 @@
         class MvcWebSecurityConfigurationAdapter : WebSecurityConfigurerAdapter() {
             @Autowired
             lateinit var dataSource: DataSource
-//            @Autowired
-//            lateinit var validateCodeSecurityConfig: ValidateCodeSecurityConfig
+            @Autowired
+            lateinit var validateCodeSecurityConfig: ValidateCodeSecurityConfig
 //            @Autowired
 //            lateinit var userDetailsService: OperatorDetailService
 //            @Autowired
@@ -112,7 +113,8 @@
 
             override fun configure(http: HttpSecurity) {
                 // 设置 Web MVC 应用权限
-                http.csrf()
+                http.apply(validateCodeSecurityConfig)
+                        .and().csrf()
                         .and()
                         .authorizeRequests()
                         .antMatchers("/login", "/login/form").permitAll()