diff --git a/src/main/java/com/youlai/system/common/exception/GlobalExceptionHandler.java b/src/main/java/com/youlai/system/common/exception/GlobalExceptionHandler.java
index 5091b681..ae7e9041 100644
--- a/src/main/java/com/youlai/system/common/exception/GlobalExceptionHandler.java
+++ b/src/main/java/com/youlai/system/common/exception/GlobalExceptionHandler.java
@@ -10,6 +10,8 @@ import org.springframework.context.support.DefaultMessageSourceResolvable;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.converter.HttpMessageNotReadableException;
 import org.springframework.jdbc.BadSqlGrammarException;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.validation.BindException;
 import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.MissingServletRequestParameterException;
@@ -183,7 +185,12 @@ public class GlobalExceptionHandler {
 
     @ExceptionHandler(Exception.class)
     @ResponseStatus(HttpStatus.BAD_REQUEST)
-    public <T> Result<T> handleException(Exception e) {
+    public <T> Result<T> handleException(Exception e) throws Exception{
+        // 将 Spring Security 异常继续抛出，以便交给自定义处理器处理
+        if (e instanceof AccessDeniedException
+                || e instanceof AuthenticationException) {
+            throw e;
+        }
         log.error("unknown exception: {}", e.getMessage());
         return Result.failed(e.getLocalizedMessage());
     }
@@ -203,7 +210,7 @@ public class GlobalExceptionHandler {
         if (matcher.find()) {
             String matchString = matcher.group();
             matchString = matchString.replace("[", "").replace("]", "");
-            matchString = "%s字段类型错误".formatted(matchString.replaceAll("\\\"", ""));
+            matchString = "%s字段类型错误".formatted(matchString.replaceAll("\"", ""));
             group += matchString;
         }
         return group;
diff --git a/src/main/java/com/youlai/system/core/security/exception/MyAccessDeniedHandler.java b/src/main/java/com/youlai/system/core/security/exception/MyAccessDeniedHandler.java
index 9bfa52bd..c7979301 100644
--- a/src/main/java/com/youlai/system/core/security/exception/MyAccessDeniedHandler.java
+++ b/src/main/java/com/youlai/system/core/security/exception/MyAccessDeniedHandler.java
@@ -20,6 +20,6 @@ import java.io.IOException;
 public class MyAccessDeniedHandler implements AccessDeniedHandler {
     @Override
     public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException {
-        ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_ACCESS_FORBIDDEN);
+        ResponseUtils.writeErrMsg(response, ResultCode.ACCESS_UNAUTHORIZED);
     }
 }
diff --git a/src/main/java/com/youlai/system/core/security/jwt/JwtTokenProvider.java b/src/main/java/com/youlai/system/core/security/jwt/JwtTokenProvider.java
index 0bc5fffc..2f34d6c3 100644
--- a/src/main/java/com/youlai/system/core/security/jwt/JwtTokenProvider.java
+++ b/src/main/java/com/youlai/system/core/security/jwt/JwtTokenProvider.java
@@ -78,7 +78,8 @@ public class JwtTokenProvider {
 
         // claims 中添加角色信息
         Set<String> roles = userDetails.getAuthorities().stream()
-                .map(GrantedAuthority::getAuthority).collect(Collectors.toSet());
+                .map(GrantedAuthority::getAuthority)
+                .collect(Collectors.toSet());
         claims.put(JwtClaimConstants.AUTHORITIES, roles);
 
         Date now = new Date();
@@ -107,7 +108,7 @@ public class JwtTokenProvider {
         userDetails.setDataScope(Convert.toInt(claims.get(JwtClaimConstants.DATA_SCOPE))); // 数据权限范围
 
         // 角色集合
-        Set<SimpleGrantedAuthority> authorities = ((Set<String>) claims.get(JwtClaimConstants.AUTHORITIES))
+        Set<SimpleGrantedAuthority> authorities = ((ArrayList<String>) claims.get(JwtClaimConstants.AUTHORITIES))
                 .stream()
                 .map(SimpleGrantedAuthority::new)
                 .collect(Collectors.toSet());
diff --git a/src/main/java/com/youlai/system/core/security/service/PermissionService.java b/src/main/java/com/youlai/system/core/security/service/PermissionService.java
index 98fbf05c..b13b8784 100644
--- a/src/main/java/com/youlai/system/core/security/service/PermissionService.java
+++ b/src/main/java/com/youlai/system/core/security/service/PermissionService.java
@@ -72,7 +72,7 @@ public class PermissionService {
             }
         }
         if (!hasPermission) {
-            log.error("用户无访问权限");
+            log.error("用户无操作权限");
         }
         return hasPermission;
     }