diff --git a/springboot/fastbee-framework/src/main/java/com/fastbee/framework/config/SecurityConfig.java b/springboot/fastbee-framework/src/main/java/com/fastbee/framework/config/SecurityConfig.java
index 74f4a9a0..ed924f6b 100644
--- a/springboot/fastbee-framework/src/main/java/com/fastbee/framework/config/SecurityConfig.java
+++ b/springboot/fastbee-framework/src/main/java/com/fastbee/framework/config/SecurityConfig.java
@@ -121,7 +121,7 @@ public class SecurityConfig
                     .antMatchers("/goview/sys/login","/goview/project/getData").permitAll()
                     // 静态资源，可匿名访问
                     .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
-                    .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
+                    .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/druid/**").permitAll()
                     // 除上面外的所有请求全部需要鉴权认证
                     .anyRequest().authenticated();
             })
diff --git a/springboot/fastbee-framework/src/main/java/com/fastbee/framework/web/service/TokenService.java b/springboot/fastbee-framework/src/main/java/com/fastbee/framework/web/service/TokenService.java
index 121e71bb..83f58395 100644
--- a/springboot/fastbee-framework/src/main/java/com/fastbee/framework/web/service/TokenService.java
+++ b/springboot/fastbee-framework/src/main/java/com/fastbee/framework/web/service/TokenService.java
@@ -22,10 +22,9 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Component;
 
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Objects;
+import java.util.*;
 import java.util.concurrent.TimeUnit;
 
 
@@ -334,6 +333,19 @@ public class TokenService {
      */
     private String getToken(HttpServletRequest request) {
         String token = request.getHeader(header);
+
+        if (StringUtils.isEmpty(token)) {
+            String uri = request.getRequestURI();
+            if (uri.contains("/v2/api-docs") || uri.contains("/v3/api-docs")) {
+                token = Optional.ofNullable(request.getCookies())
+                        .flatMap(cookies -> Arrays.stream(cookies)
+                                .filter(c -> "Admin-Token".equals(c.getName()))
+                                .map(Cookie::getValue)
+                                .findFirst())
+                        .orElse(null);
+            }
+        }
+
         if (StringUtils.isNotEmpty(token) && token.startsWith(Constants.TOKEN_PREFIX)) {
             token = token.replace(Constants.TOKEN_PREFIX, "");
         }