diff --git a/core/core-backend/src/main/java/io/gisbi/substitute/permissions/login/SubstituleLoginServer.java b/core/core-backend/src/main/java/io/gisbi/substitute/permissions/login/SubstituleLoginServer.java
index 25c5b6c..93e8871 100644
--- a/core/core-backend/src/main/java/io/gisbi/substitute/permissions/login/SubstituleLoginServer.java
+++ b/core/core-backend/src/main/java/io/gisbi/substitute/permissions/login/SubstituleLoginServer.java
@@ -9,9 +9,7 @@ import io.gisbi.auth.config.SubstituleLoginConfig;
 import io.gisbi.auth.vo.TokenVO;
 import io.gisbi.exception.DEException;
 import io.gisbi.i18n.Translator;
-import io.gisbi.utils.LogUtil;
-import io.gisbi.utils.Md5Utils;
-import io.gisbi.utils.RsaUtils;
+import io.gisbi.utils.*;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.stereotype.Component;
@@ -47,6 +45,21 @@ public class SubstituleLoginServer {
         return generate(tokenUserBO, md5Pwd);
     }
 
+    @GetMapping("/login/refresh")
+    public TokenVO refresh() {
+        // 从请求头中获取现有的 token
+        String oldToken = ServletUtils.getToken();
+
+        if (StringUtils.isBlank(oldToken)) {
+            DEException.throwException("token为空！");
+        }
+        // 解析旧 token 获取用户信息
+        TokenUserBO userBO = TokenUtils.validate(oldToken);
+
+        // 生成新的 token
+        String secret = SubstituleLoginConfig.getPwd(); // 获取密钥
+        return generate(userBO, secret);
+    }
 
     @GetMapping("/logout")
     public void logout() {
diff --git a/sdk/common/src/main/java/io/gisbi/auth/filter/TokenFilter.java b/sdk/common/src/main/java/io/gisbi/auth/filter/TokenFilter.java
index df9c254..f354926 100644
--- a/sdk/common/src/main/java/io/gisbi/auth/filter/TokenFilter.java
+++ b/sdk/common/src/main/java/io/gisbi/auth/filter/TokenFilter.java
@@ -80,9 +80,9 @@ public class TokenFilter implements Filter {
                 filterChain.doFilter(servletRequest, servletResponse);
                 return;
             }
-//            String token = ServletUtils.getToken();
-//            TokenUserBO userBO = TokenUtils.validate(token);
-//            UserUtils.setUserInfo(userBO);
+            String token = ServletUtils.getToken();
+            TokenUserBO userBO = TokenUtils.validate(token);
+            UserUtils.setUserInfo(userBO);
             filterChain.doFilter(servletRequest, servletResponse);
         } catch (Exception e) {
             throw e;