diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java
index 9b4bc08b6..313c14482 100644
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java
@@ -78,7 +78,6 @@ public class AuthorizingHandlerAutoConfiguration {
     }
 
     @Bean
-    @ConditionalOnProperty("hsweb.authorize.allows")
     public UserAllowPermissionHandler userAllowPermissionHandler() {
         return new UserAllowPermissionHandler();
     }
diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/UserAllowPermissionHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/UserAllowPermissionHandler.java
index 920f7f8da..68df503aa 100644
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/UserAllowPermissionHandler.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/UserAllowPermissionHandler.java
@@ -3,6 +3,7 @@ package org.hswebframework.web.authorization.basic.handler;
 import lombok.Getter;
 import lombok.Setter;
 import org.hswebframework.web.authorization.define.AuthorizingContext;
+import org.hswebframework.web.authorization.define.HandleType;
 import org.hswebframework.web.authorization.listener.event.AuthorizingHandleBeforeEvent;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.event.EventListener;
@@ -39,11 +40,13 @@ public class UserAllowPermissionHandler {
 
     @EventListener
     public void handEvent(AuthorizingHandleBeforeEvent event) {
-        AuthorizingContext context = event.getContext();
-        if (allows.isEmpty()) {
+
+        if (allows.isEmpty() || event.getHandleType() == HandleType.DATA) {
             return;
         }
-        // package.method
+        AuthorizingContext context = event.getContext();
+
+        // class full name.method
         String path = ClassUtils.getUserClass(context.getParamContext()
                 .getTarget())
                 .getName().concat(".")
diff --git a/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/embed/TestApplication.java b/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/TestApplication.java
similarity index 52%
rename from hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/embed/TestApplication.java
rename to hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/TestApplication.java
index c5b2310a7..797c1ff4d 100644
--- a/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/embed/TestApplication.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/TestApplication.java
@@ -1,9 +1,6 @@
-package org.hswebframework.web.authorization.basic.embed;
+package org.hswebframework.web.authorization;
 
-import org.hswebframework.web.authorization.basic.configuration.AopAuthorizeAutoConfiguration;
-import org.hswebframework.web.authorization.basic.configuration.AuthorizingHandlerAutoConfiguration;
 import org.hswebframework.web.authorization.basic.configuration.EnableAopAuthorize;
-import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.test.context.web.WebAppConfiguration;
 
diff --git a/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/embed/EmbedAuthenticationManagerTest.groovy b/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/embed/EmbedAuthenticationManagerTest.groovy
index c81e7cc4d..d798da84e 100644
--- a/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/embed/EmbedAuthenticationManagerTest.groovy
+++ b/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/embed/EmbedAuthenticationManagerTest.groovy
@@ -2,6 +2,7 @@ package org.hswebframework.web.authorization.basic.embed
 
 import org.hswebframework.web.authorization.Authentication
 import org.hswebframework.web.authorization.AuthenticationManager
+import org.hswebframework.web.authorization.TestApplication
 import org.hswebframework.web.authorization.simple.PlainTextUsernamePasswordAuthenticationRequest
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.context.SpringBootTest
diff --git a/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/handler/TestController.java b/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/handler/TestController.java
new file mode 100644
index 000000000..390429596
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/handler/TestController.java
@@ -0,0 +1,24 @@
+package org.hswebframework.web.authorization.basic.handler;
+
+import org.hswebframework.web.authorization.annotation.Authorize;
+import org.hswebframework.web.controller.message.ResponseMessage;
+
+/**
+ * @author zhouhao
+ * @since 3.0.1
+ */
+public class TestController {
+
+    public ResponseMessage<String> query() {
+        return ResponseMessage.ok();
+    }
+
+    public ResponseMessage<String> update() {
+        return ResponseMessage.ok();
+    }
+
+    public ResponseMessage<String> delete() {
+        return ResponseMessage.ok();
+    }
+
+}
diff --git a/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/handler/UserAllowPermissionHandlerTest.groovy b/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/handler/UserAllowPermissionHandlerTest.groovy
new file mode 100644
index 000000000..f809f2568
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/handler/UserAllowPermissionHandlerTest.groovy
@@ -0,0 +1,61 @@
+package org.hswebframework.web.authorization.basic.handler
+
+import org.hswebframework.web.authorization.Authentication
+import org.hswebframework.web.authorization.AuthenticationManager
+import org.hswebframework.web.authorization.TestApplication
+import org.hswebframework.web.authorization.basic.define.EmptyAuthorizeDefinition
+import org.hswebframework.web.authorization.define.AuthorizeDefinition
+import org.hswebframework.web.authorization.define.AuthorizingContext
+import org.hswebframework.web.authorization.define.HandleType
+import org.hswebframework.web.authorization.listener.event.AuthorizingHandleBeforeEvent
+import org.hswebframework.web.authorization.simple.PlainTextUsernamePasswordAuthenticationRequest
+import org.hswebframework.web.boost.aop.context.MethodInterceptorContext
+import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.boot.test.context.SpringBootTest
+import org.springframework.test.context.ContextConfiguration
+import org.springframework.test.context.web.WebAppConfiguration
+import spock.lang.Specification
+
+/**
+ * @author zhouhao
+ * @since 3.0.1
+ */
+@WebAppConfiguration
+@ContextConfiguration
+@SpringBootTest(classes = [TestApplication.class], properties = ["classpath:application.yml"])
+class UserAllowPermissionHandlerTest extends Specification {
+
+    @Autowired
+    UserAllowPermissionHandler handler;
+
+    @Autowired
+    private AuthenticationManager manager;
+
+    def createMethodInterceptorContext(TestController controller, String name) {
+        return new MethodInterceptorHolder(
+                "test"
+                , TestController.class.getMethod(name)
+                , controller
+                , new HashMap<String, Object>())
+                .createParamContext()
+    }
+
+    def "Test"() {
+        setup:
+        def authentication = manager.authenticate(new PlainTextUsernamePasswordAuthenticationRequest("admin", "admin"));
+        def definition = EmptyAuthorizeDefinition.instance;
+        def controller = new TestController();
+        def context = createMethodInterceptorContext(controller, "query");
+        def authorizingContext = new AuthorizingContext(
+                authentication: authentication
+                , definition: definition
+                , paramContext: context);
+        def event = new AuthorizingHandleBeforeEvent(authorizingContext, HandleType.RBAC);
+        handler.handEvent(event);
+        expect:
+        authentication != null
+        event.isAllow()
+
+    }
+}
diff --git a/hsweb-authorization/hsweb-authorization-basic/src/test/resources/application.yml b/hsweb-authorization/hsweb-authorization-basic/src/test/resources/application.yml
index 6869b9210..febdaf1a8 100644
--- a/hsweb-authorization/hsweb-authorization-basic/src/test/resources/application.yml
+++ b/hsweb-authorization/hsweb-authorization-basic/src/test/resources/application.yml
@@ -15,6 +15,10 @@ hsweb:
     app:
       name: hsweb-oauth2 客户端示例
       version: 3.0.0
+    authorize:
+        allows:
+          users:
+            admin: "**.TestController.*"
     users:
         admin:
           name: 超级管理员