diff --git a/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/filter/security/TokenAuthenticationFilter.java b/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/filter/security/TokenAuthenticationFilter.java
index e02a4bb62..2bc7f84ef 100644
--- a/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/filter/security/TokenAuthenticationFilter.java
+++ b/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/filter/security/TokenAuthenticationFilter.java
@@ -81,9 +81,9 @@ public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
     }
 
     @Override
-    public Mono<Void> filter(final ServerWebExchange exchange, GatewayFilterChain chain) {
+    public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
         // 移除 login-user 的请求头，避免伪造模拟
-        SecurityFrameworkUtils.removeLoginUser(exchange);
+        exchange = SecurityFrameworkUtils.removeLoginUser(exchange);
 
         // 情况一，如果没有 Token 令牌，则直接继续 filter
         String token = SecurityFrameworkUtils.obtainAuthorization(exchange);
@@ -93,17 +93,18 @@ public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
 
         // 情况二，如果有 Token 令牌，则解析对应 userId、userType、tenantId 等字段，并通过 通过 Header 转发给服务
         // 重要说明：defaultIfEmpty 作用，保证 Mono.empty() 情况，可以继续执行 `flatMap 的 chain.filter(exchange)` 逻辑，避免返回给前端空的 Response！！
+        ServerWebExchange finalExchange = exchange;
         return getLoginUser(exchange, token).defaultIfEmpty(LOGIN_USER_EMPTY).flatMap(user -> {
             // 1. 无用户，直接 filter 继续请求
             if (user == LOGIN_USER_EMPTY || // 下面 expiresTime 的判断，为了解决 token 实际已经过期的情况
                     user.getExpiresTime() == null || LocalDateTimeUtils.beforeNow(user.getExpiresTime())) {
-                return chain.filter(exchange);
+                return chain.filter(finalExchange);
             }
 
             // 2.1 有用户，则设置登录用户
-            SecurityFrameworkUtils.setLoginUser(exchange, user);
+            SecurityFrameworkUtils.setLoginUser(finalExchange, user);
             // 2.2 将 user 并设置到 login-user 的请求头，使用 json 存储值
-            ServerWebExchange newExchange = exchange.mutate()
+            ServerWebExchange newExchange = finalExchange.mutate()
                     .request(builder -> SecurityFrameworkUtils.setLoginUserHeader(builder, user)).build();
             return chain.filter(newExchange);
         });