diff --git a/kq-vas-api/src/main/java/com/ningdatech/kqapi/zzsfw/controller/CommonController.java b/kq-vas-api/src/main/java/com/ningdatech/kqapi/zzsfw/controller/CommonController.java
new file mode 100644
index 0000000..3767312
--- /dev/null
+++ b/kq-vas-api/src/main/java/com/ningdatech/kqapi/zzsfw/controller/CommonController.java
@@ -0,0 +1,42 @@
+package com.ningdatech.kqapi.zzsfw.controller;
+
+import com.ningdatech.file.service.FileService;
+import com.ningdatech.kqapi.common.exception.BizException;
+import com.ningdatech.log.annotation.WebLog;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * <p>
+ * CommonController
+ * </p>
+ *
+ * @author WendyYang
+ * @since 13:44 2024/5/28
+ */
+@Slf4j
+@RestController
+@RequiredArgsConstructor
+@RequestMapping("/api/v1/common")
+public class CommonController {
+
+    private final FileService fileService;
+
+    @GetMapping("/anonymous/file/download/{fileId}")
+    @WebLog("文件下载（匿名访问）")
+    public void fileDown(@PathVariable Long fileId, HttpServletResponse response) {
+        try {
+            fileService.download(fileId, response);
+        } catch (Exception e) {
+            log.error("文件下载失败：", e);
+            throw BizException.wrap("读物文件失败");
+        }
+    }
+
+}
diff --git a/kq-vas-api/src/main/resources/security/auth-dev.yml b/kq-vas-api/src/main/resources/security/auth-dev.yml
index b0fd8b5..d14de5b 100644
--- a/kq-vas-api/src/main/resources/security/auth-dev.yml
+++ b/kq-vas-api/src/main/resources/security/auth-dev.yml
@@ -5,6 +5,7 @@ security:
     password-login-url: /api/v1/user/auth/login/password
     logout-url: /api/v1/user/auth/logout
     ignore-auth-urls:
+      - /**/anonymous/**
       - /api/v1/poclicy/**
       - /api/v1/zzsfw/**
       - /v2/api-docs
@@ -22,6 +23,7 @@ security:
       - /open/api/**
       - /api/v1/wechat/**
     ignore-csrf-urls:
+      - /**/anonymous/**
       - /api/v1/poclicy/**
       - /api/v1/zzsfw/**
       - /api/v1/user/auth/**
diff --git a/kq-vas-api/src/main/resources/security/auth-pre.yml b/kq-vas-api/src/main/resources/security/auth-pre.yml
index b0fd8b5..d14de5b 100644
--- a/kq-vas-api/src/main/resources/security/auth-pre.yml
+++ b/kq-vas-api/src/main/resources/security/auth-pre.yml
@@ -5,6 +5,7 @@ security:
     password-login-url: /api/v1/user/auth/login/password
     logout-url: /api/v1/user/auth/logout
     ignore-auth-urls:
+      - /**/anonymous/**
       - /api/v1/poclicy/**
       - /api/v1/zzsfw/**
       - /v2/api-docs
@@ -22,6 +23,7 @@ security:
       - /open/api/**
       - /api/v1/wechat/**
     ignore-csrf-urls:
+      - /**/anonymous/**
       - /api/v1/poclicy/**
       - /api/v1/zzsfw/**
       - /api/v1/user/auth/**
diff --git a/kq-vas-api/src/main/resources/security/auth-prod.yml b/kq-vas-api/src/main/resources/security/auth-prod.yml
index 73fa2d1..70cc394 100644
--- a/kq-vas-api/src/main/resources/security/auth-prod.yml
+++ b/kq-vas-api/src/main/resources/security/auth-prod.yml
@@ -5,6 +5,7 @@ security:
     password-login-url: /api/v1/user/auth/login/password
     logout-url: /api/v1/user/auth/logout
     ignore-auth-urls:
+      - /**/anonymous/**
       - /api/v1/poclicy/**
       - /api/v1/zzsfw/**
       - /v2/api-docs
@@ -19,6 +20,7 @@ security:
       - /ok.html
       - /api/v1/wechat/**
     ignore-csrf-urls:
+      - /**/anonymous/**
       - /api/v1/user/auth/**
       - /v2/api-docs
       - /swagger-ui.html