diff --git a/mdp-form-bootstrap/src/main/java/com/mdp/WebSecurityConfig.java b/mdp-form-bootstrap/src/main/java/com/mdp/WebSecurityConfig.java
index 4a35ffb..38fc8cf 100644
--- a/mdp-form-bootstrap/src/main/java/com/mdp/WebSecurityConfig.java
+++ b/mdp-form-bootstrap/src/main/java/com/mdp/WebSecurityConfig.java
@@ -6,6 +6,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.oauth2.jwt.JwtDecoder;
 
 /**
  * com.qqkj.WebSecurityConfig
@@ -16,6 +18,9 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 @EnableWebSecurity
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
+    @Autowired
+    JwtDecoder jwtDecoder;
+
     @Autowired
     JwtAuthenticationConverter jwtConverter;
 
@@ -37,6 +42,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
         http.oauth2Login();
         http.oauth2ResourceServer().jwt().jwtAuthenticationConverter(jwtConverter);
         http.csrf().disable();
+        http.oauth2ResourceServer().jwt().decoder(jwtDecoder).jwtAuthenticationConverter(jwtConverter);
+        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);//禁用session
     }
 
 }
diff --git a/mdp-form/src/test/java/com/mdp/WebSecurityConfig.java b/mdp-form/src/test/java/com/mdp/WebSecurityConfig.java
index 4a35ffb..2bf7c3b 100644
--- a/mdp-form/src/test/java/com/mdp/WebSecurityConfig.java
+++ b/mdp-form/src/test/java/com/mdp/WebSecurityConfig.java
@@ -6,6 +6,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.oauth2.jwt.JwtDecoder;
 
 /**
  * com.qqkj.WebSecurityConfig
@@ -19,6 +21,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     @Autowired
     JwtAuthenticationConverter jwtConverter;
 
+    @Autowired
+    JwtDecoder jwtDecoder;
 
     @Override
     public void configure(WebSecurity web) throws Exception {
@@ -34,8 +38,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) throws Exception {
         http.authorizeRequests().anyRequest().authenticated().and().oauth2Client().and().logout().disable();
         http.formLogin().usernameParameter("userloginid");
-        http.oauth2Login();
-        http.oauth2ResourceServer().jwt().jwtAuthenticationConverter(jwtConverter);
+        //http.oauth2Login();
+        http.oauth2ResourceServer().jwt().decoder(jwtDecoder).jwtAuthenticationConverter(jwtConverter);
+        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);//禁用session
         http.csrf().disable();
     }