diff --git a/blade-gateway/src/main/java/org/springblade/gateway/filter/AuthFilter.java b/blade-gateway/src/main/java/org/springblade/gateway/filter/AuthFilter.java
index eb453748..277a04a1 100644
--- a/blade-gateway/src/main/java/org/springblade/gateway/filter/AuthFilter.java
+++ b/blade-gateway/src/main/java/org/springblade/gateway/filter/AuthFilter.java
@@ -22,9 +22,11 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import io.jsonwebtoken.Claims;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springblade.core.jwt.JwtCrypto;
 import org.springblade.core.jwt.JwtUtil;
 import org.springblade.core.jwt.props.JwtProperties;
 import org.springblade.core.launch.constant.TokenConstant;
+import org.springblade.core.launch.props.BladeProperties;
 import org.springblade.gateway.props.AuthProperties;
 import org.springblade.gateway.provider.AuthProvider;
 import org.springblade.gateway.provider.RequestProvider;
@@ -43,6 +45,8 @@ import reactor.core.publisher.Mono;
 
 import java.nio.charset.StandardCharsets;
 
+import static org.springblade.core.jwt.JwtCrypto.BLADE_CRYPTO_AES_KEY;
+
 /**
  * 鉴权认证
  *
@@ -55,6 +59,7 @@ public class AuthFilter implements GlobalFilter, Ordered {
 	private final AuthProperties authProperties;
 	private final ObjectMapper objectMapper;
 	private final JwtProperties jwtProperties;
+	private final BladeProperties bladeProperties;
 	private final AntPathMatcher antPathMatcher = new AntPathMatcher();
 
 	@Override
@@ -74,6 +79,10 @@ public class AuthFilter implements GlobalFilter, Ordered {
 		}
 		String auth = StringUtils.isBlank(headerToken) ? paramToken : headerToken;
 		String token = JwtUtil.getToken(auth);
+		//校验 加密Token 合法性
+		if (JwtUtil.isCrypto(auth)) {
+			token = JwtCrypto.decryptToString(token, bladeProperties.getEnvironment().getProperty(BLADE_CRYPTO_AES_KEY));
+		}
 		Claims claims = JwtUtil.parseJWT(token);
 		if (token == null || claims == null) {
 			return unAuth(resp, "请求未授权");