diff --git a/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/README.md b/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/README.md
index 0cf0ccf8d91bbfa3215ba838cd049b17d8a8afd8..a246beb89947e4bd7e5ef341c9a9a7415f04ae67 100644
--- a/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/README.md
+++ b/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/README.md
@@ -5,4 +5,8 @@
 
 ```
 curl http://localhost:8080/actuator/mappings -u application:whatsmars-spring-boot
-```
\ No newline at end of file
+```
+
+如果要禁止http访问actuator，有两种方式：
+- 增加 ActuatorFilter，拦截 /actuator 开头的请求
+- 非Web应用中去掉Web模块
\ No newline at end of file
diff --git a/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/pom.xml b/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/pom.xml
index f2488ea4d9269e2ced4890e9a60df5e7e7dcf8bc..917d28420652ad5564f378167ce06661b884bbae 100644
--- a/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/pom.xml
+++ b/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/pom.xml
@@ -27,10 +27,6 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.hongxi</groupId>
-            <artifactId>whatsmars-common</artifactId>
-        </dependency>
     </dependencies>
 
 </project>
\ No newline at end of file
diff --git a/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/src/main/java/org/hongxi/whatsmars/boot/sample/actuator/StandardWebSecurityConfigurer.java b/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/src/main/java/org/hongxi/whatsmars/boot/sample/actuator/StandardWebSecurityConfigurer.java
index 8e30b529bab8c5f1504fd4a866a9b60acb7e9045..07c201fd6124322580fd8197189454172749791d 100644
--- a/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/src/main/java/org/hongxi/whatsmars/boot/sample/actuator/StandardWebSecurityConfigurer.java
+++ b/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/src/main/java/org/hongxi/whatsmars/boot/sample/actuator/StandardWebSecurityConfigurer.java
@@ -23,7 +23,8 @@ public class StandardWebSecurityConfigurer extends WebSecurityConfigurerAdapter
   
     @Override  
     public void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests()  
+        http.csrf().disable()
+                .authorizeRequests()
                 .requestMatchers(EndpointRequest.to(
                         MappingsEndpoint.class,
                         EnvironmentEndpoint.class,
@@ -36,7 +37,7 @@ public class StandardWebSecurityConfigurer extends WebSecurityConfigurerAdapter
                 .anyRequest()
                 .permitAll()
                 .and()
-                .httpBasic();  
+                .httpBasic();
   
     }  
 }  
\ No newline at end of file