diff --git a/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/interceptor/AdminSecurityInterceptor.java b/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/interceptor/AdminSecurityInterceptor.java
index 18a6fefb2..bfc580613 100644
--- a/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/interceptor/AdminSecurityInterceptor.java
+++ b/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/interceptor/AdminSecurityInterceptor.java
@@ -5,6 +5,7 @@ import cn.iocoder.common.framework.util.HttpUtil;
 import cn.iocoder.common.framework.vo.CommonResult;
 import cn.iocoder.mall.admin.api.OAuth2Service;
 import cn.iocoder.mall.admin.api.bo.OAuth2AuthenticationBO;
+import cn.iocoder.mall.admin.api.constant.AdminErrorCodeEnum;
 import cn.iocoder.mall.admin.sdk.context.AdminSecurityContext;
 import cn.iocoder.mall.admin.sdk.context.AdminSecurityContextHolder;
 import com.alibaba.dubbo.config.annotation.Reference;
@@ -38,6 +39,11 @@ public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
             // 添加到 AdminSecurityContext
             AdminSecurityContext context = new AdminSecurityContext(authentication.getAdminId(), authentication.getRoleIds());
             AdminSecurityContextHolder.setContext(context);
+        } else {
+            String url = request.getRequestURI();
+            if (!url.equals("/admin/passport/login")) { // TODO 临时写死。非登陆接口，必须已经认证身份，不允许匿名访问
+                throw new ServiceException(AdminErrorCodeEnum.OAUTH_NOT_LOGIN.getCode(), AdminErrorCodeEnum.OAUTH_NOT_LOGIN.getMessage());
+            }
         }
         // 校验是否需要已授权
         checkPermission(request, authentication);
diff --git a/admin/admin-service-api/src/main/java/cn/iocoder/mall/admin/api/constant/AdminErrorCodeEnum.java b/admin/admin-service-api/src/main/java/cn/iocoder/mall/admin/api/constant/AdminErrorCodeEnum.java
index 85d445641..3c17cc666 100644
--- a/admin/admin-service-api/src/main/java/cn/iocoder/mall/admin/api/constant/AdminErrorCodeEnum.java
+++ b/admin/admin-service-api/src/main/java/cn/iocoder/mall/admin/api/constant/AdminErrorCodeEnum.java
@@ -16,6 +16,7 @@ public enum AdminErrorCodeEnum {
     OAUTH_INVALID_TOKEN_EXPIRED(1002001012, "访问令牌已过期"),
     OAUTH_INVALID_TOKEN_INVALID(1002001013, "访问令牌已失效"),
     OAUTH_INVALID_PERMISSION(1002001014, "没有该操作权限"), // TODO 芋艿，临时放在 OAUTH2 模块，理论来说，OAUTH2 只做认证，不做鉴权。
+    OAUTH_NOT_LOGIN(1002001015, "账号未登陆"),
 
     OAUTH_INVALID_TOKEN(1002001020, ""), // 预留
 
diff --git a/common/common-framework/src/main/java/cn/iocoder/common/framework/constant/SysErrorCodeEnum.java b/common/common-framework/src/main/java/cn/iocoder/common/framework/constant/SysErrorCodeEnum.java
index 8c79c1579..d0ddbbed1 100644
--- a/common/common-framework/src/main/java/cn/iocoder/common/framework/constant/SysErrorCodeEnum.java
+++ b/common/common-framework/src/main/java/cn/iocoder/common/framework/constant/SysErrorCodeEnum.java
@@ -9,7 +9,6 @@ public enum SysErrorCodeEnum {
 
     SYS_ERROR(2001001000, "服务端发生异常"),
     MISSING_REQUEST_PARAM_ERROR(2001001001, "参数缺失"),
-
     ;
 
     private final int code;