diff --git a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
index 3c95176..9c6e93b 100644
--- a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
+++ b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
@@ -68,10 +68,12 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 		}
 		// 检查cookie
 		else {
-			Optional.ofNullable(request.getCookies()).ifPresent(cookies -> {
-				Stream.of(cookies).filter(item -> StringUtils.equals(item.getName(), COOKIE_TOKEN_CODE)).findFirst()
-						.ifPresent(cookie -> setAuthentication(currentRoleCode, cookie.getValue()));
-			});
+			Optional.ofNullable(request.getCookies())
+					.ifPresentOrElse(cookies -> Stream.of(cookies)
+							.filter(item -> StringUtils.equals(item.getName(), COOKIE_TOKEN_CODE)).findFirst()
+							.ifPresentOrElse(cookie -> setAuthentication(currentRoleCode, cookie.getValue()),
+									() -> defaultAuthentication()),
+							() -> defaultAuthentication());
 		}
 		filterChain.doFilter(request, response);
 	}
@@ -115,4 +117,12 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 				authorities);
 	}
 
+	/**
+	 * 未发现token和session信息，则使用空的用户认证对象放行服务
+	 */
+	private void defaultAuthentication() {
+		SecurityContextHolder.getContext()
+				.setAuthentication(new UsernamePasswordAuthenticationToken(new SecurityUser(), null, null));
+	}
+
 }