diff --git a/src/main/java/com/dora/config/WebConfig.java b/src/main/java/com/dora/config/WebConfig.java
index fc94605..f4005d6 100644
--- a/src/main/java/com/dora/config/WebConfig.java
+++ b/src/main/java/com/dora/config/WebConfig.java
@@ -127,9 +127,8 @@ public class WebConfig implements WebMvcConfigurer {
                         "/user/check",
                         "/user/wx-login",
                         "/user/refresh-token",
-                        // 公开接口 - 作品列表和分类
-                        "/work/list",
-                        "/work/categories",
+                        // 公开接口 - 作品相关（由JwtAuthInterceptor内部处理可选认证）
+                        // /work/list, /work/categories, /work/{id} 不在此排除，通过拦截器内部正则匹配实现可选认证
                         // 分类和Banner
                         "/category/**",
                         "/banner/**",
diff --git a/src/main/java/com/dora/interceptor/JwtAuthInterceptor.java b/src/main/java/com/dora/interceptor/JwtAuthInterceptor.java
index f59a14e..c1aee64 100644
--- a/src/main/java/com/dora/interceptor/JwtAuthInterceptor.java
+++ b/src/main/java/com/dora/interceptor/JwtAuthInterceptor.java
@@ -22,8 +22,9 @@ public class JwtAuthInterceptor implements HandlerInterceptor {
     private final JwtUtil jwtUtil;
     
     // 公开路径（可选认证：有token则解析，无token也放行）
+    // 匹配: /work/list, /work/categories, /work/{数字ID}
     private static final java.util.regex.Pattern OPTIONAL_AUTH_PATTERN = 
-            java.util.regex.Pattern.compile("^/work/\\d+$");
+            java.util.regex.Pattern.compile("^/work/(list|categories|\\d+)$");
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {