diff --git a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
index e225714..97336ea 100644
--- a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
+++ b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
@@ -1,10 +1,9 @@
 package com.chinaunicom.mall.ebtp.cloud.security.starter.filter;
 
 import java.io.IOException;
-import java.util.Arrays;
-import java.util.Collections;
 import java.util.List;
-import java.util.Optional;
+import java.util.Objects;
+import java.util.stream.Collectors;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@@ -90,8 +89,9 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 		SecurityUser securityUser = entity.getBody();
 
 		// 根据当前角色设定权限列表
-		List<RoleCodeAuthority> authorities = Optional.ofNullable(currentRoleCode)
-				.map(o -> Arrays.asList(new RoleCodeAuthority(o))).orElse(Collections.emptyList());
+		List<RoleCodeAuthority> authorities = securityUser.getAuthorityList().stream()
+				.filter(auth -> Objects.equals(auth.getRoleCode(), currentRoleCode))
+				.map(auth -> new RoleCodeAuthority(auth.getRoleCode())).collect(Collectors.toList());
 
 		return new UsernamePasswordAuthenticationToken(securityUser.setCurrentRoleCode(currentRoleCode), token,
 				authorities);