diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthenticationController.java b/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthenticationController.java
index b9362139..baf99159 100644
--- a/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthenticationController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthenticationController.java
@@ -2,8 +2,6 @@ package me.zhengjie.modules.security.rest;
 
 import cn.hutool.core.codec.Base64;
 import cn.hutool.core.util.IdUtil;
-import com.wf.captcha.Captcha;
-import com.wf.captcha.SpecCaptcha;
 import lombok.extern.slf4j.Slf4j;
 import me.zhengjie.aop.log.Log;
 import me.zhengjie.exception.BadRequestException;
diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/MenuController.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/MenuController.java
index dca2c700..aa61f7ac 100644
--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/MenuController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/MenuController.java
@@ -81,6 +81,9 @@ public class MenuController {
     @PutMapping(value = "/menus")
     @PreAuthorize("hasAnyRole('ADMIN','MENU_ALL','MENU_EDIT')")
     public ResponseEntity update(@Validated(Menu.Update.class) @RequestBody Menu resources){
+        if (resources.getId() <= new Long(39).longValue()) {
+            throw new BadRequestException("演示环境不可操作");
+        }
         menuService.update(resources);
         return new ResponseEntity(HttpStatus.NO_CONTENT);
     }
@@ -89,6 +92,9 @@ public class MenuController {
     @DeleteMapping(value = "/menus/{id}")
     @PreAuthorize("hasAnyRole('ADMIN','MENU_ALL','MENU_DELETE')")
     public ResponseEntity delete(@PathVariable Long id){
+        if (id.longValue() <= new Long(39).longValue()) {
+            throw new BadRequestException("演示环境不可操作");
+        }
         List<Menu> menuList = menuService.findByPid(id);
 
         // 特殊情况，对级联删除进行处理
diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/PermissionController.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/PermissionController.java
index 3cb805a3..6ea323d5 100644
--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/PermissionController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/PermissionController.java
@@ -60,6 +60,9 @@ public class PermissionController {
     @PutMapping(value = "/permissions")
     @PreAuthorize("hasAnyRole('ADMIN','PERMISSION_ALL','PERMISSION_EDIT')")
     public ResponseEntity update(@Validated(Permission.Update.class) @RequestBody Permission resources){
+        if (resources.getId() <= new Long(54).longValue()) {
+            throw new BadRequestException("演示环境不可操作");
+        }
         permissionService.update(resources);
         return new ResponseEntity(HttpStatus.NO_CONTENT);
     }
@@ -68,6 +71,9 @@ public class PermissionController {
     @DeleteMapping(value = "/permissions/{id}")
     @PreAuthorize("hasAnyRole('ADMIN','PERMISSION_ALL','PERMISSION_DELETE')")
     public ResponseEntity delete(@PathVariable Long id){
+        if (id <= new Long(54).longValue()) {
+            throw new BadRequestException("演示环境不可操作");
+        }
         permissionService.delete(id);
         return new ResponseEntity(HttpStatus.OK);
     }
diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/RoleController.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/RoleController.java
index 8c1d2793..4c070307 100644
--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/RoleController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/RoleController.java
@@ -82,6 +82,9 @@ public class RoleController {
     @PutMapping(value = "/roles")
     @PreAuthorize("hasAnyRole('ADMIN','ROLES_ALL','ROLES_EDIT')")
     public ResponseEntity update(@Validated(Role.Update.class) @RequestBody Role resources){
+        if (resources.getId().equals(1L)) {
+            throw new BadRequestException("演示环境不可操作");
+        }
         roleService.update(resources);
         return new ResponseEntity(HttpStatus.NO_CONTENT);
     }
@@ -90,6 +93,9 @@ public class RoleController {
     @PutMapping(value = "/roles/permission")
     @PreAuthorize("hasAnyRole('ADMIN','ROLES_ALL','ROLES_EDIT')")
     public ResponseEntity updatePermission(@RequestBody Role resources){
+        if (resources.getId().equals(1L)) {
+            throw new BadRequestException("演示环境不可操作");
+        }
         roleService.updatePermission(resources,roleService.findById(resources.getId()));
         return new ResponseEntity(HttpStatus.NO_CONTENT);
     }
@@ -98,6 +104,9 @@ public class RoleController {
     @PutMapping(value = "/roles/menu")
     @PreAuthorize("hasAnyRole('ADMIN','ROLES_ALL','ROLES_EDIT')")
     public ResponseEntity updateMenu(@RequestBody Role resources){
+        if (resources.getId().equals(1L)) {
+            throw new BadRequestException("演示环境不可操作");
+        }
         roleService.updateMenu(resources,roleService.findById(resources.getId()));
         return new ResponseEntity(HttpStatus.NO_CONTENT);
     }
@@ -106,6 +115,9 @@ public class RoleController {
     @DeleteMapping(value = "/roles/{id}")
     @PreAuthorize("hasAnyRole('ADMIN','ROLES_ALL','ROLES_DELETE')")
     public ResponseEntity delete(@PathVariable Long id){
+        if (id.equals(1L)) {
+            throw new BadRequestException("演示环境不可操作");
+        }
         roleService.delete(id);
         return new ResponseEntity(HttpStatus.OK);
     }
diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/UserController.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/UserController.java
index 6bc4337b..789ecd9d 100644
--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/UserController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/UserController.java
@@ -102,6 +102,9 @@ public class UserController {
     @PutMapping(value = "/users")
     @PreAuthorize("hasAnyRole('ADMIN','USER_ALL','USER_EDIT')")
     public ResponseEntity update(@Validated(User.Update.class) @RequestBody User resources){
+        if (resources.getId().equals(1L)) {
+            throw new BadRequestException("演示环境不可操作");
+        }
         checkLevel(resources);
         userService.update(resources);
         return new ResponseEntity(HttpStatus.NO_CONTENT);
@@ -111,6 +114,9 @@ public class UserController {
     @DeleteMapping(value = "/users/{id}")
     @PreAuthorize("hasAnyRole('ADMIN','USER_ALL','USER_DELETE')")
     public ResponseEntity delete(@PathVariable Long id){
+        if (id.equals(1L)) {
+            throw new BadRequestException("演示环境不可操作");
+        }
         Integer currentLevel =  Collections.min(roleService.findByUsers_Id(SecurityUtils.getUserId()).stream().map(RoleSmallDTO::getLevel).collect(Collectors.toList()));
         Integer optLevel =  Collections.min(roleService.findByUsers_Id(id).stream().map(RoleSmallDTO::getLevel).collect(Collectors.toList()));
 
@@ -145,6 +151,9 @@ public class UserController {
     @PostMapping(value = "/users/updatePass")
     public ResponseEntity updatePass(@RequestBody User user){
         UserDetails userDetails = SecurityUtils.getUserDetails();
+        if (userDetails.getUsername().equals("admin")) {
+            throw new BadRequestException("演示环境不可操作");
+        }
         if(userDetails.getPassword().equals(EncryptUtils.encryptPassword(user.getPassword()))){
             throw new BadRequestException("新密码不能与旧密码相同");
         }