diff --git a/chaos_api_web/src/main/java/cn/nopj/chaos_api/config/SecurityConfig.java b/chaos_api_web/src/main/java/cn/nopj/chaos_api/config/SecurityConfig.java
index fc54807..7b1fbb2 100644
--- a/chaos_api_web/src/main/java/cn/nopj/chaos_api/config/SecurityConfig.java
+++ b/chaos_api_web/src/main/java/cn/nopj/chaos_api/config/SecurityConfig.java
@@ -47,13 +47,13 @@ public class SecurityConfig {
         return authenticationConfiguration.getAuthenticationManager();
     }
 
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(auth -> auth
-                        // 允许所有对 /api/public/** 的匿名访问
-                        .requestMatchers("/api/auth/login","/api/auth/register").permitAll()
+                        .requestMatchers("/api/public/*","/api/auth/login","/api/auth/register").permitAll()
                         .anyRequest().authenticated()
                 )
                 // 禁用 CSRF，因为现代前后端分离项目通常使用 Token
diff --git a/chaos_api_web/src/main/java/cn/nopj/chaos_api/exception/GlobalExceptionHandler.java b/chaos_api_web/src/main/java/cn/nopj/chaos_api/exception/GlobalExceptionHandler.java
index ba9ab95..1fd473f 100644
--- a/chaos_api_web/src/main/java/cn/nopj/chaos_api/exception/GlobalExceptionHandler.java
+++ b/chaos_api_web/src/main/java/cn/nopj/chaos_api/exception/GlobalExceptionHandler.java
@@ -42,6 +42,9 @@ public class GlobalExceptionHandler {
         return ApiResult.failed("服务器内部错误，请联系管理员");
     }
 
+    /**
+     * 处理权限不足异常
+     */
     @ExceptionHandler(AuthorizationDeniedException.class)
     public ApiResult<?> handleAuthorizationDeniedException(AuthorizationDeniedException ex) {