diff --git a/flyfish-data/src/main/java/com/flyfish/framework/domain/base/AuditDomain.java b/flyfish-data/src/main/java/com/flyfish/framework/domain/base/AuditDomain.java
index 5e70ed4..df243c0 100644
--- a/flyfish-data/src/main/java/com/flyfish/framework/domain/base/AuditDomain.java
+++ b/flyfish-data/src/main/java/com/flyfish/framework/domain/base/AuditDomain.java
@@ -25,37 +25,39 @@ public abstract class AuditDomain extends Domain {
      * 创建日期
      */
     @CreatedDate
-    @Property("创建日期")
+    @Property(value = "创建日期", readonly = true)
     protected Date createTime;
 
     /**
      * 修改日期
      */
     @LastModifiedDate
-    @Property("更新日期")
+    @Property(value = "更新日期", readonly = true)
     protected Date modifyTime;
 
     /**
      * 创建者
      */
     @CreatedBy
-    @Property("创建人")
+    @Property(value = "创建人", readonly = true)
     protected String creator;
 
     /**
      * 创建人id
      */
+    @Property(readonly = true)
     protected String creatorId;
 
     /**
      * 修改者
      */
     @LastModifiedBy
-    @Property("更新人")
+    @Property(value = "更新人", readonly = true)
     protected String modifier;
 
     /**
      * 修改人id
      */
+    @Property(readonly = true)
     protected String modifierId;
 }
diff --git a/flyfish-data/src/main/java/com/flyfish/framework/domain/base/Domain.java b/flyfish-data/src/main/java/com/flyfish/framework/domain/base/Domain.java
index 5f6e120..0fc17fa 100644
--- a/flyfish-data/src/main/java/com/flyfish/framework/domain/base/Domain.java
+++ b/flyfish-data/src/main/java/com/flyfish/framework/domain/base/Domain.java
@@ -23,21 +23,25 @@ public abstract class Domain implements Po, Serializable {
      */
     @Id
     protected String id;
+
     /**
      * 编号
      */
     @Property(title = "编码", inherited = true)
     protected String code;
+
     /**
      * 名称
      */
     @Indexed
     @Property(title = "名称", inherited = true)
     protected String name;
+
     /**
      * 上下文冗余，利用内存缓存上下文
      */
     @Transient
+    @Property(readonly = true)
     private User currentUser;
 
     @Override
diff --git a/flyfish-user/src/main/java/com/flyfish/framework/config/WebSecurityConfig.java b/flyfish-user/src/main/java/com/flyfish/framework/config/WebSecurityConfig.java
index 7e4aa69..589cb31 100644
--- a/flyfish-user/src/main/java/com/flyfish/framework/config/WebSecurityConfig.java
+++ b/flyfish-user/src/main/java/com/flyfish/framework/config/WebSecurityConfig.java
@@ -13,6 +13,7 @@ import com.flyfish.framework.handler.JsonAuthenticationSuccessHandler;
 import com.flyfish.framework.handler.JsonLogoutSuccessHandler;
 import com.flyfish.framework.initializer.UserInitializer;
 import com.flyfish.framework.service.AuthenticationAuditor;
+import com.flyfish.framework.service.AuthenticationLogger;
 import com.flyfish.framework.service.UserService;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -24,7 +25,9 @@ import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
@@ -33,6 +36,9 @@ import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint;
 import org.springframework.security.web.server.context.ServerSecurityContextRepository;
 import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;
+import org.springframework.util.MultiValueMap;
+
+import java.util.stream.Stream;
 
 import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.pathMatchers;
 
@@ -63,6 +69,27 @@ public class WebSecurityConfig {
         return new AuthenticationAuditorImpl();
     }
 
+    @Bean
+    @ConditionalOnMissingBean(AuthenticationLogger.class)
+    public AuthenticationLogger authenticationLogger() {
+        return new AuthenticationLogger() {
+            @Override
+            public void success(UserDetails user) {
+
+            }
+
+            @Override
+            public void failure(MultiValueMap<String, String> form, AuthenticationException exception) {
+
+            }
+
+            @Override
+            public void logout(UserDetails user) {
+
+            }
+        };
+    }
+
     @ConditionalOnProperty(value = "jwt.enable", havingValue = "true")
     @Bean("contextRepository")
     public JwtSecurityContextRepository jwtSecurityContextRepository() {
@@ -97,8 +124,8 @@ public class WebSecurityConfig {
         http
                 .securityContextRepository(contextRepository())
                 .authorizeExchange()
-                .pathMatchers(properties.getAllowUris()).permitAll()
-                .pathMatchers("/api/logout", "/api/login").permitAll()
+                .pathMatchers(Stream.concat(Stream.of(properties.getAllowUris()), Stream.of("/api/logout", "/api/login"))
+                        .toArray(String[]::new)).permitAll()
                 .pathMatchers("/api/users/**").authenticated()
                 .anyExchange().authenticated()
                 .and()
diff --git a/flyfish-web/src/main/java/com/flyfish/framework/beans/meta/BeanProperty.java b/flyfish-web/src/main/java/com/flyfish/framework/beans/meta/BeanProperty.java
index a7e6d00..84cf37c 100644
--- a/flyfish-web/src/main/java/com/flyfish/framework/beans/meta/BeanProperty.java
+++ b/flyfish-web/src/main/java/com/flyfish/framework/beans/meta/BeanProperty.java
@@ -32,6 +32,9 @@ public class BeanProperty {
     // bean属性的类型，js类型
     private BeanPropertyType type;
 
+    // 只读属性，不生成于表单
+    private boolean readonly;
+
     // 属性
     private Map<String, Object> props;
 
@@ -48,6 +51,7 @@ public class BeanProperty {
         return Arrays.stream(descriptors)
                 .filter(descriptor -> !"class".equals(descriptor.getName()))
                 .map(descriptor -> BeanProperty.form(descriptor, clazz))
+                .filter(property -> !property.isReadonly())
                 .collect(Collectors.toList());
     }
 
@@ -71,6 +75,7 @@ public class BeanProperty {
                 String parentName = Optional.ofNullable(beanClass.getAnnotation(RestBean.class)).map(RestBean::name).orElse("");
                 property.setTitle(props.inherited() ? parentName + props.title() : props.title());
                 property.setDescription(props.description());
+                property.setReadonly(props.readonly());
             }
         }
         Class<?> clazz = descriptor.getPropertyType();
diff --git a/flyfish-web/src/main/java/com/flyfish/framework/service/AuthenticationLogger.java b/flyfish-web/src/main/java/com/flyfish/framework/service/AuthenticationLogger.java
index 808396b..61b4290 100644
--- a/flyfish-web/src/main/java/com/flyfish/framework/service/AuthenticationLogger.java
+++ b/flyfish-web/src/main/java/com/flyfish/framework/service/AuthenticationLogger.java
@@ -1,6 +1,5 @@
 package com.flyfish.framework.service;
 
-import com.flyfish.framework.domain.po.User;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.util.MultiValueMap;