diff --git a/src/main/java/com/huoran/iasf/common/filter/AuthFilter.java b/src/main/java/com/huoran/iasf/common/filter/AuthFilter.java
index e69a49a..78795f4 100644
--- a/src/main/java/com/huoran/iasf/common/filter/AuthFilter.java
+++ b/src/main/java/com/huoran/iasf/common/filter/AuthFilter.java
@@ -10,6 +10,7 @@ import io.jsonwebtoken.Jwts;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang.StringUtils;
+import org.apache.shiro.subject.Subject;
 import org.springframework.core.annotation.Order;
 import org.springframework.http.MediaType;
 
diff --git a/src/main/java/com/huoran/iasf/common/shiro/CustomAccessControlFilter.java b/src/main/java/com/huoran/iasf/common/shiro/CustomAccessControlFilter.java
index 4c8d8a3..25abdb5 100644
--- a/src/main/java/com/huoran/iasf/common/shiro/CustomAccessControlFilter.java
+++ b/src/main/java/com/huoran/iasf/common/shiro/CustomAccessControlFilter.java
@@ -25,6 +25,7 @@ import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import java.io.IOException;
 import java.io.OutputStream;
 import java.nio.charset.StandardCharsets;
@@ -98,8 +99,9 @@ public class CustomAccessControlFilter extends AccessControlFilter {
                 // 指定处理该请求的处理器
                 request.getRequestDispatcher(Constant.ERROR_CONTROLLER_PATH).forward(request, response);
             }else {
+                Subject subject1 = getSubject(servletRequest, servletResponse);
                 UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(token, token);
-                getSubject(servletRequest, servletResponse).login(usernamePasswordToken);
+                subject1.login(usernamePasswordToken);
             }
         return true;
     }
diff --git a/src/main/java/com/huoran/iasf/controller/ExceptionController.java b/src/main/java/com/huoran/iasf/controller/ExceptionController.java
index ae52aa6..73efebf 100644
--- a/src/main/java/com/huoran/iasf/controller/ExceptionController.java
+++ b/src/main/java/com/huoran/iasf/controller/ExceptionController.java
@@ -1,6 +1,7 @@
 package com.huoran.iasf.controller;
 
 import com.huoran.iasf.common.exception.BusinessException;
+import com.huoran.iasf.common.exception.UnauthorizedException;
 import com.huoran.iasf.common.utils.Constant;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -18,7 +19,7 @@ public class ExceptionController {
     @RequestMapping(Constant.ERROR_CONTROLLER_PATH)
     @ResponseStatus(HttpStatus.UNAUTHORIZED)
     public void handleException(HttpServletRequest request){
-        throw (BusinessException) request.getAttribute("filterError");
+        throw (UnauthorizedException) request.getAttribute("filterError");
     }
 }
 
diff --git a/src/main/java/com/huoran/iasf/mapper/xml/SysPermissionMapper.xml b/src/main/java/com/huoran/iasf/mapper/xml/SysPermissionMapper.xml
index f873d32..14ab577 100644
--- a/src/main/java/com/huoran/iasf/mapper/xml/SysPermissionMapper.xml
+++ b/src/main/java/com/huoran/iasf/mapper/xml/SysPermissionMapper.xml
@@ -7,7 +7,7 @@
             ap.*
         FROM
             sys_role_permission ar
-        left join sys_permission ap on ar.permission_id = ap.id
+         join sys_permission ap on ar.permission_id = ap.id
         where find_in_set(ar.role_id,#{roleIds})
         GROUP BY ap.id
     </select>
diff --git a/src/main/java/com/huoran/iasf/service/impl/PermissionServiceImpl.java b/src/main/java/com/huoran/iasf/service/impl/PermissionServiceImpl.java
index 468fcfb..abd481c 100644
--- a/src/main/java/com/huoran/iasf/service/impl/PermissionServiceImpl.java
+++ b/src/main/java/com/huoran/iasf/service/impl/PermissionServiceImpl.java
@@ -6,6 +6,7 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.huoran.iasf.common.exception.BusinessException;
+import com.huoran.iasf.common.exception.UnauthorizedException;
 import com.huoran.iasf.common.exception.code.BaseResponseCode;
 import com.huoran.iasf.entity.SysPermission;
 import com.huoran.iasf.entity.SysRolePermission;
@@ -83,12 +84,12 @@ public class PermissionServiceImpl extends ServiceImpl<SysPermissionMapper, SysP
         SysPermission sysPermission = sysPermissionMapper.selectById(permissionId);
         if (null == sysPermission) {
             log.error("传入 的 id:{}不合法", permissionId);
-            throw new BusinessException(BaseResponseCode.DATA_ERROR);
+            throw new UnauthorizedException(BaseResponseCode.DATA_ERROR);
         }
         //获取下一级
         List<SysPermission> childs = sysPermissionMapper.selectList(Wrappers.<SysPermission>lambdaQuery().eq(SysPermission::getPid, permissionId));
         if (!CollectionUtils.isEmpty(childs)) {
-            throw new BusinessException(BaseResponseCode.ROLE_PERMISSION_RELATION);
+            throw new UnauthorizedException(BaseResponseCode.ROLE_PERMISSION_RELATION);
         }
         sysPermissionMapper.deleteById(permissionId);
         //删除和角色关联