diff --git a/ruoyi-bussiness/src/main/java/com/ruoyi/cms/controller/app/AppCompanyContactController.java b/ruoyi-bussiness/src/main/java/com/ruoyi/cms/controller/app/AppCompanyContactController.java
index 71f8073..2b8aaea 100644
--- a/ruoyi-bussiness/src/main/java/com/ruoyi/cms/controller/app/AppCompanyContactController.java
+++ b/ruoyi-bussiness/src/main/java/com/ruoyi/cms/controller/app/AppCompanyContactController.java
@@ -37,6 +37,9 @@ public class AppCompanyContactController extends BaseController {
     @ApiOperation("公司联系人列表")
     @GetMapping("/list")
     public TableDataInfo list(CompanyContact companyContact){
+        if(companyContact.getCompanyId()==null){
+            return error(400,"无效的企业id!");
+        }
         List<CompanyContact> list=companyContactService.getSelectList(companyContact);
         return getDataTable(list);
     }
diff --git a/ruoyi-bussiness/src/main/java/com/ruoyi/cms/controller/app/AppFileController.java b/ruoyi-bussiness/src/main/java/com/ruoyi/cms/controller/app/AppFileController.java
index 916c058..f3778bc 100644
--- a/ruoyi-bussiness/src/main/java/com/ruoyi/cms/controller/app/AppFileController.java
+++ b/ruoyi-bussiness/src/main/java/com/ruoyi/cms/controller/app/AppFileController.java
@@ -38,6 +38,9 @@ public class AppFileController extends BaseController {
     @GetMapping("/list")
     public TableDataInfo list(File file)
     {
+        if(file.getBussinessid()==null){
+            return error(400,"无效的业务id!");
+        }
         List<File> results = fileService.selectFileList(file);
         return getDataTable(results);
     }
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
index bc2fa40..536ad9b 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
@@ -131,6 +131,8 @@ public class SecurityConfig
                     .antMatchers("/app/fair/**").permitAll()
                     //.antMatchers("/app/**").permitAll()
                     //.antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
+                    //正式环境禁用接口
+                    .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**","/app/user/list").denyAll()
                     //放行前端界面
                     .antMatchers("/kashi/job-portal/detail/**").permitAll()
                     // 除上面外的所有请求全部需要鉴权认证