diff --git a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/ParsedToken.java b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/ParsedToken.java
index e058775da..c8fa2458e 100644
--- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/ParsedToken.java
+++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/ParsedToken.java
@@ -1,5 +1,9 @@
 package org.hswebframework.web.authorization.token;
 
+import org.springframework.http.HttpHeaders;
+
+import java.util.function.BiConsumer;
+
 /**
  * 令牌解析结果
  *
@@ -16,7 +20,25 @@ public interface ParsedToken {
      */
     String getType();
 
+    /**
+     * 将token应用到Http Header
+     *
+     * @param headers headers
+     * @since 4.0.17
+     */
+    default void apply(HttpHeaders headers) {
+        throw new UnsupportedOperationException("unsupported apply "+getType()+" token to headers");
+    }
+
+    static ParsedToken ofBearer(String token) {
+        return SimpleParsedToken.of("bearer", token, HttpHeaders::setBearerAuth);
+    }
+
     static ParsedToken of(String type, String token) {
-        return SimpleParsedToken.of(type, token);
+        return of(type, token, (_header, _token) -> _header.set(HttpHeaders.AUTHORIZATION, type + " " + _token));
+    }
+
+    static ParsedToken of(String type, String token, BiConsumer<HttpHeaders, String> headerSetter) {
+        return SimpleParsedToken.of(type, token, headerSetter);
     }
 }
diff --git a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/SimpleParsedToken.java b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/SimpleParsedToken.java
index cedcac0cd..a11d95f05 100644
--- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/SimpleParsedToken.java
+++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/SimpleParsedToken.java
@@ -3,15 +3,25 @@ package org.hswebframework.web.authorization.token;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.Setter;
+import org.springframework.http.HttpHeaders;
+
+import java.util.function.BiConsumer;
 
 @Getter
 @Setter
 @AllArgsConstructor(staticName = "of")
-public class SimpleParsedToken implements ParsedToken{
+public class SimpleParsedToken implements ParsedToken {
 
     private String type;
 
     private String token;
 
+    private BiConsumer<HttpHeaders,String> headerSetter;
 
+    @Override
+    public void apply(HttpHeaders headers) {
+        if (headerSetter != null) {
+            headerSetter.accept(headers,token);
+        }
+    }
 }
diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/BearerTokenParser.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/BearerTokenParser.java
index d7c49d176..6a848b14a 100644
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/BearerTokenParser.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/BearerTokenParser.java
@@ -15,7 +15,7 @@ public class BearerTokenParser implements ReactiveUserTokenParser {
                 .getFirst(HttpHeaders.AUTHORIZATION);
 
         if (token != null && token.startsWith("Bearer ")) {
-            return Mono.just(ParsedToken.of("bearer", token.substring(7)));
+            return Mono.just(ParsedToken.ofBearer(token.substring(7)));
         }
         return Mono.empty();
     }
diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/DefaultUserTokenGenPar.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/DefaultUserTokenGenPar.java
index b1948ef42..685498503 100644
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/DefaultUserTokenGenPar.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/DefaultUserTokenGenPar.java
@@ -19,8 +19,11 @@ public class DefaultUserTokenGenPar implements ReactiveUserTokenGenerator, React
 
     private long timeout = TimeUnit.MINUTES.toMillis(30);
 
+    @SuppressWarnings("all")
     private String headerName = "X-Access-Token";
 
+    private String parameterName = ":X_Access_Token";
+
     @Override
     public String getTokenType() {
         return "default";
@@ -58,10 +61,10 @@ public class DefaultUserTokenGenPar implements ReactiveUserTokenGenerator, React
         String token = Optional.ofNullable(exchange.getRequest()
                 .getHeaders()
                 .getFirst(headerName))
-                .orElseGet(() -> exchange.getRequest().getQueryParams().getFirst(":X_Access_Token"));
+                .orElseGet(() -> exchange.getRequest().getQueryParams().getFirst(parameterName));
         if (token == null) {
             return Mono.empty();
         }
-        return Mono.just(ParsedToken.of(getTokenType(),token));
+        return Mono.just(ParsedToken.of(getTokenType(),token,(_header,_token)->_header.set(headerName,_token)));
     }
 }
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/auth/ReactiveOAuth2AccessTokenParser.java b/hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/auth/ReactiveOAuth2AccessTokenParser.java
index 152d0b525..b25b5025d 100644
--- a/hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/auth/ReactiveOAuth2AccessTokenParser.java
+++ b/hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/auth/ReactiveOAuth2AccessTokenParser.java
@@ -5,9 +5,6 @@ import org.hswebframework.web.authorization.Authentication;
 import org.hswebframework.web.authorization.ReactiveAuthenticationSupplier;
 import org.hswebframework.web.authorization.basic.web.ReactiveUserTokenParser;
 import org.hswebframework.web.authorization.token.ParsedToken;
-import org.hswebframework.web.context.ContextKey;
-import org.hswebframework.web.context.ContextUtils;
-import org.hswebframework.web.logger.ReactiveLogger;
 import org.hswebframework.web.oauth2.server.AccessTokenManager;
 import org.springframework.http.HttpHeaders;
 import org.springframework.util.StringUtils;
@@ -23,7 +20,7 @@ public class ReactiveOAuth2AccessTokenParser implements ReactiveUserTokenParser,
     public Mono<ParsedToken> parseToken(ServerWebExchange exchange) {
 
         String token = exchange.getRequest().getQueryParams().getFirst("access_token");
-        if (StringUtils.isEmpty(token)) {
+        if (!StringUtils.hasText(token)) {
             token = exchange.getRequest().getHeaders().getFirst(HttpHeaders.AUTHORIZATION);
             if (StringUtils.hasText(token)) {
                 String[] typeAndToken = token.split("[ ]");