diff --git a/pom.xml b/pom.xml
index 57b71c2d..79e6eaa5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -15,6 +15,7 @@
 	</parent>
 
 	<properties>
+		<tomcat.version>8.5.37</tomcat.version>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 		<java.version>1.8</java.version>
diff --git a/src/main/java/com/sqx/common/exception/SqxExceptionHandler.java b/src/main/java/com/sqx/common/exception/SqxExceptionHandler.java
index 38ac1da3..0361ab59 100644
--- a/src/main/java/com/sqx/common/exception/SqxExceptionHandler.java
+++ b/src/main/java/com/sqx/common/exception/SqxExceptionHandler.java
@@ -5,6 +5,7 @@ import org.apache.shiro.authz.AuthorizationException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.dao.DuplicateKeyException;
+import org.springframework.web.HttpRequestMethodNotSupportedException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 import org.springframework.web.context.request.ServletWebRequest;
@@ -53,6 +54,13 @@ public class SqxExceptionHandler {
         return Result.error("没有权限，请联系管理员授权");
     }
 
+    @ExceptionHandler(HttpRequestMethodNotSupportedException.class)
+    public Result httpRequestMethodNotSupportedException(Exception e, WebRequest webRequest) {
+        logErrorInfo(webRequest);
+        logger.error(e.getMessage());
+        return Result.error();
+    }
+
     @ExceptionHandler(Exception.class)
     public Result handleException(Exception e, WebRequest webRequest) {
         logErrorInfo(webRequest);
diff --git a/src/main/java/com/sqx/modules/discSpinning/controller/DiscSpinningController.java b/src/main/java/com/sqx/modules/discSpinning/controller/DiscSpinningController.java
index 1fe9da6d..493e8122 100644
--- a/src/main/java/com/sqx/modules/discSpinning/controller/DiscSpinningController.java
+++ b/src/main/java/com/sqx/modules/discSpinning/controller/DiscSpinningController.java
@@ -4,6 +4,7 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.sqx.common.utils.DateUtils;
 import com.sqx.common.utils.Result;
+import com.sqx.modules.app.annotation.Login;
 import com.sqx.modules.app.entity.UserEntity;
 import com.sqx.modules.app.entity.UserMoney;
 import com.sqx.modules.app.entity.UserMoneyDetails;
@@ -122,6 +123,7 @@ public class DiscSpinningController {
         return Result.success().put("data", discSpinningService.page(new Page<>(0, 8), new QueryWrapper<DiscSpinning>().orderByAsc("odds")));
     }
 
+    @Login
     @PostMapping("/app/discSpinning/draw")
     @ApiOperation("抽取大转盘")
     public Result draw(Long orderId, @RequestAttribute("userId") Long userId) {
@@ -137,7 +139,7 @@ public class DiscSpinningController {
     @PostMapping("/app/discSpinning/receive")
     @ApiOperation("大转盘奖项领取")
     @Transactional
-    public Result receive(DiscSpinningRecord receive) {
+    public Result receive(@RequestBody DiscSpinningRecord receive) {
         UserEntity userInfo = userService.queryByUserId(receive.getUserId());
         if (StringUtils.isNotBlank(userInfo.getZhiFuBao()) && StringUtils.isNotBlank(userInfo.getZhiFuBaoName())) {
             receive.setTarget("1");