diff --git a/api-web/api-interface/src/main/java/com/heyu/api/aop/LogAop.java b/api-web/api-interface/src/main/java/com/heyu/api/aop/LogAop.java
index c1aab81..9ae21d1 100644
--- a/api-web/api-interface/src/main/java/com/heyu/api/aop/LogAop.java
+++ b/api-web/api-interface/src/main/java/com/heyu/api/aop/LogAop.java
@@ -120,6 +120,9 @@ public class LogAop {
             // 如果方法和类上都没有配置NotIntercept注解 ，则需要拦截
             if (intercept && classMethodConfigNotIntercept) {
                 String authConfig = request.getHeader("X-TCloudMarket-Custom-AuthConfig");
+                if(StringUtils.isBlank(authConfig) || !authConfig.startsWith("{")){
+                    return R.error("auth error");
+                }
                 Map<String, Object> authConfigMap = JSONObject.parseObject(authConfig, Map.class);
                 String auth = faceAuthTentMap.get(classNameAndMethodNametencent);
                 if(StringUtils.isBlank(auth) || !auth.equals(authConfigMap.get(ApiConstants.t_auth))){