diff --git a/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java b/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java
index 4f4f286f..0a66dbd5 100644
--- a/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java
@@ -100,8 +100,9 @@ public class CourseWareApi extends ApiBaseController {
 	 * @throws Exception
 	 */
 	@GetMapping("/resource")
-	public JsonResponse<String> getVideo(HttpServletRequest request, HttpServletResponse response, String sign,
-										 @CookieValue(name = "token",required = false)String token) throws Exception {
+	public JsonResponse<String> getVideo(HttpServletRequest request, HttpServletResponse response, String sign
+//										 @CookieValue(name = "token",required = false)String token
+	) throws Exception {
 
 		if (StringUtils.isBlank(sign)) {
 			return badRequest("非法请求");
@@ -121,10 +122,10 @@ public class CourseWareApi extends ApiBaseController {
 		if(!has) {
 			return badRequest("页面不存在");
 		}
-//		String token = request.getHeader("Xboe-Access-Token");
-//		if (StringUtils.isEmpty(token)) {
-//			token = request.getHeader("token");
-//		}
+		String token = request.getHeader("Xboe-Access-Token");
+		if (StringUtils.isEmpty(token)) {
+			token = request.getHeader("token");
+		}
 //		读取cookies中的时间
 //		String cookieTime = getSignTimeCookie(request);
 //		if (StringUtils.isBlank(cookieTime)) {
@@ -160,13 +161,14 @@ public class CourseWareApi extends ApiBaseController {
 		}
 
 		String time = signStr.substring(0, signStr.indexOf("/"));// 时间字符中，long
-		String workNum = signStr.substring(2, signStr.indexOf("/"));// 工号，long
+		String[] split = signStr.split("/");
 		String cfid = signStr.substring(index+1);// 文件路径
 		log.info("解密后的字符串:"+signStr);
-		log.info("workNum工号对比:"+workNum);
+
+		log.info("workNum工号对比:"+split[2]);
 		log.info("userNo工号对比:"+userNo);
-		if (!workNum.equals(userNo)){
-			return badRequest("工号不匹配");
+		if (!split[2].equals(userNo)){
+			return badRequest("token验证失效");
 		}
 //		if (!time.equals(cookieTime)) {
 //			log.info("请求头时间和解析后的时间对比:"+"解析时间:"+time+"    请求头时间："+cookieTime);