diff --git a/langchat-auth/src/main/java/cn/tycoding/langchat/auth/config/SecurityConfig.java b/langchat-auth/src/main/java/cn/tycoding/langchat/auth/config/SecurityConfig.java
new file mode 100644
index 00000000..7c2ac2cb
--- /dev/null
+++ b/langchat-auth/src/main/java/cn/tycoding/langchat/auth/config/SecurityConfig.java
@@ -0,0 +1,41 @@
+package cn.tycoding.langchat.auth.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+
+import static org.springframework.security.config.Customizer.withDefaults;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+                .authorizeHttpRequests(auth -> auth
+                        .requestMatchers("/actuator/prometheus").authenticated() // 需要认证
+                        .anyRequest().permitAll() // 其他接口走Sa-Token
+                )
+                .httpBasic(withDefaults()); // 用 HTTP Basic 认证
+
+        http.csrf(AbstractHttpConfigurer::disable); // 禁用 CSRF（针对非浏览器客户端）
+        return http.build();
+    }
+
+    @Bean
+    public UserDetailsService userDetailsService() {
+        UserDetails user = User.withDefaultPasswordEncoder()
+                .username("admin")
+                .password("admin")
+                .build();
+        return new InMemoryUserDetailsManager(user);
+    }
+}
diff --git a/langchat-common/langchat-common-core/pom.xml b/langchat-common/langchat-common-core/pom.xml
index f958644e..fa24caec 100644
--- a/langchat-common/langchat-common-core/pom.xml
+++ b/langchat-common/langchat-common-core/pom.xml
@@ -82,6 +82,12 @@
             <artifactId>hutool-all</artifactId>
             <version>${hutool.version}</version>
         </dependency>
+        <dependency>
+            <groupId>io.micrometer</groupId>
+            <artifactId>micrometer-registry-prometheus</artifactId>
+            <version>${micrometer.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
@@ -90,6 +96,14 @@
             <groupId>org.springframework</groupId>
             <artifactId>spring-webmvc</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-configuration-processor</artifactId>
@@ -110,4 +124,4 @@
         </dependency>
     </dependencies>
 
-</project>
+</project>
\ No newline at end of file
diff --git a/langchat-server/src/main/resources/application.yml b/langchat-server/src/main/resources/application.yml
index 58dc8169..03995128 100644
--- a/langchat-server/src/main/resources/application.yml
+++ b/langchat-server/src/main/resources/application.yml
@@ -25,12 +25,18 @@ spring:
     async:
       request-timeout: 3600000
 
+  # 自定义安全配置（如果不想用代码配置用户）
+  security:
+    user:
+      name: admin
+      password: admin
+
 # MybatisPlus配置
 mybatis-plus:
   mapper-locations: classpath:mapper/**/*.xml
   configuration:
     jdbc-type-for-null: null
-#    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
+  #    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
   global-config:
     banner: false
 
@@ -44,3 +50,12 @@ logging:
       langchain4j: DEBUG
       ai4j:
         openai4j: DEBUG
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: health, prometheus
+  health:
+    elasticsearch:
+      enabled: false
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 5e15b745..1f86e527 100644
--- a/pom.xml
+++ b/pom.xml
@@ -44,6 +44,7 @@
         <snakeyaml.version>2.1</snakeyaml.version>
         <langchain4j.version>0.36.0</langchain4j.version>
         <sa-token.version>1.37.0</sa-token.version>
+        <micrometer.version>1.12.3</micrometer.version>
     </properties>
 
     <modules>