diff --git a/src/main/java/com/boot/security/server/dto/LoginUser.java b/src/main/java/com/boot/security/server/dto/LoginUser.java
index 56c5237..7bc123e 100644
--- a/src/main/java/com/boot/security/server/dto/LoginUser.java
+++ b/src/main/java/com/boot/security/server/dto/LoginUser.java
@@ -1,34 +1,34 @@
 package com.boot.security.server.dto;
 
 import java.util.Collection;
-import java.util.Set;
+import java.util.List;
 import java.util.stream.Collectors;
 
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.util.StringUtils;
 
+import com.boot.security.server.model.Permission;
 import com.boot.security.server.model.SysUser;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 
+import lombok.Getter;
+import lombok.Setter;
+
 public class LoginUser extends SysUser implements UserDetails {
 
-	private static final long serialVersionUID = 1422037805178348848L;
+	private static final long serialVersionUID = 5847622956044304250L;
 
-	private Set<String> permissions;
-
-	public Set<String> getPermissions() {
-		return permissions;
-	}
-
-	public void setPermissions(Set<String> permissions) {
-		this.permissions = permissions;
-	}
+	@Getter
+	@Setter
+	private List<Permission> permissions;
 
 	@Override
 	@JsonIgnore
 	public Collection<? extends GrantedAuthority> getAuthorities() {
-		return permissions.parallelStream().map(a -> new SimpleGrantedAuthority(a)).collect(Collectors.toSet());
+		return permissions.parallelStream().filter(p -> !StringUtils.isEmpty(p.getPermission()))
+				.map(p -> new SimpleGrantedAuthority(p.getPermission())).collect(Collectors.toSet());
 	}
 
 	// 账户是否未过期
diff --git a/src/main/java/com/boot/security/server/service/impl/UserDetailsServiceImpl.java b/src/main/java/com/boot/security/server/service/impl/UserDetailsServiceImpl.java
index 3285f6b..a78667f 100644
--- a/src/main/java/com/boot/security/server/service/impl/UserDetailsServiceImpl.java
+++ b/src/main/java/com/boot/security/server/service/impl/UserDetailsServiceImpl.java
@@ -1,8 +1,6 @@
 package com.boot.security.server.service.impl;
 
 import java.util.List;
-import java.util.Set;
-import java.util.stream.Collectors;
 
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -13,7 +11,6 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
-import org.springframework.util.StringUtils;
 
 import com.boot.security.server.dao.PermissionDao;
 import com.boot.security.server.dto.LoginUser;
@@ -41,13 +38,10 @@ public class UserDetailsServiceImpl implements UserDetailsService {
 			throw new DisabledException("用户已作废");
 		}
 
-		// 查询权限
-		List<Permission> permissionList = permissionDao.listByUserId(sysUser.getId());
-		Set<String> permissions = permissionList.parallelStream().filter(p -> !StringUtils.isEmpty(p.getPermission()))
-				.map(Permission::getPermission).collect(Collectors.toSet());
-
 		LoginUser loginUser = new LoginUser();
 		BeanUtils.copyProperties(sysUser, loginUser);
+
+		List<Permission> permissions = permissionDao.listByUserId(sysUser.getId());
 		loginUser.setPermissions(permissions);
 
 		return loginUser;