diff --git a/src/main/java/com/supervision/ai/service/hub/config/SecurityConfig.java b/src/main/java/com/supervision/ai/service/hub/config/SecurityConfig.java
index d9f10d9..4aae160 100644
--- a/src/main/java/com/supervision/ai/service/hub/config/SecurityConfig.java
+++ b/src/main/java/com/supervision/ai/service/hub/config/SecurityConfig.java
@@ -4,6 +4,7 @@ import com.supervision.ai.service.hub.filter.JwtAuthenticationFilter;
 import com.supervision.ai.service.hub.service.impl.SysUserService;
 import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.security.Keys;
+import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -25,12 +26,11 @@ import java.util.Base64;
 
 @Configuration
 @EnableWebSecurity
+@RequiredArgsConstructor
 public class SecurityConfig {
 
-    @Autowired
-    private JwtAuthenticationFilter jwtAuthenticationFilter;
-    @Autowired
-    private SysUserService sysUserService;
+    private final JwtAuthenticationFilter jwtAuthenticationFilter;
+    private final SysUserService sysUserService;
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
diff --git a/src/main/java/com/supervision/ai/service/hub/domain/SysUser.java b/src/main/java/com/supervision/ai/service/hub/domain/SysUser.java
index aff8073..e21d0dd 100644
--- a/src/main/java/com/supervision/ai/service/hub/domain/SysUser.java
+++ b/src/main/java/com/supervision/ai/service/hub/domain/SysUser.java
@@ -3,6 +3,7 @@ package com.supervision.ai.service.hub.domain;
 import com.baomidou.mybatisplus.annotation.TableName;
 import com.baomidou.mybatisplus.annotation.TableId;
 import com.baomidou.mybatisplus.annotation.IdType;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import lombok.Data;
 
 @Data
@@ -11,6 +12,7 @@ public class SysUser {
     @TableId(type = IdType.AUTO)
     private Long id;           // 主键ID
     private String username;   // 用户名
+    @JsonIgnore
     private String password;   // 密码 (加密存储)
     private String status;     // 状态 (1表示正常，0表示禁用)
 }