diff --git a/threadpool/core/src/main/java/cn/hippo4j/core/enable/BeforeCheckConfiguration.java b/threadpool/core/src/main/java/cn/hippo4j/core/enable/BeforeCheckConfiguration.java
index 65f0cb5d..cf56f4ae 100644
--- a/threadpool/core/src/main/java/cn/hippo4j/core/enable/BeforeCheckConfiguration.java
+++ b/threadpool/core/src/main/java/cn/hippo4j/core/enable/BeforeCheckConfiguration.java
@@ -28,7 +28,6 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.core.env.ConfigurableEnvironment;
 
 import java.util.Map;
-import java.util.Objects;
 
 /**
  * Before check configuration.
@@ -92,15 +91,15 @@ public class BeforeCheckConfiguration {
                         }
                     }
                     Map<String, String> etcd = properties.getEtcd();
-                    if (MapUtil.isNotEmpty(etcd)){
+                    if (MapUtil.isNotEmpty(etcd)) {
                         String endpoints = etcd.get("endpoints");
-                        if ((StringUtil.isBlank(endpoints))){
+                        if ((StringUtil.isBlank(endpoints))) {
                             throw new ConfigEmptyException(
                                     "Web server failed to start. The dynamic thread pool etcd endpoints is empty.",
                                     "Please check whether the [spring.dynamic.thread-pool.etcd.endpoints] configuration is empty or an empty string.");
                         }
                         String key = etcd.get("key");
-                        if ((StringUtil.isBlank(key))){
+                        if ((StringUtil.isBlank(key))) {
                             throw new ConfigEmptyException(
                                     "Web server failed to start. The dynamic thread pool etcd key is empty.",
                                     "Please check whether the [spring.dynamic.thread-pool.etcd.key] configuration is empty or an empty string.");
diff --git a/threadpool/server/auth/src/main/java/cn/hippo4j/auth/config/RFC7230Config.java b/threadpool/server/auth/src/main/java/cn/hippo4j/auth/config/RFC7230Config.java
new file mode 100644
index 00000000..cce59b88
--- /dev/null
+++ b/threadpool/server/auth/src/main/java/cn/hippo4j/auth/config/RFC7230Config.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cn.hippo4j.auth.config;
+
+import org.springframework.boot.web.embedded.tomcat.TomcatConnectorCustomizer;
+import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
+import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class RFC7230Config {
+
+    /**
+     * Solve the Tomcat RFC7230 problem
+     *
+     * @return
+     */
+    @Bean
+    public ConfigurableServletWebServerFactory webServerFactory() {
+        TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
+        factory.addConnectorCustomizers((TomcatConnectorCustomizer) connector -> {
+            connector.setProperty("relaxedQueryChars", "|{}[](),/:;<=>?@[\\]{}\\");
+            connector.setProperty("relaxedPathChars", "|{}[](),/:;<=>?@[\\]{}\\");
+            connector.setProperty("rejectIllegalHeader", "false");
+        });
+
+        return factory;
+    }
+}
diff --git a/threadpool/server/auth/src/main/java/cn/hippo4j/auth/security/AuthManager.java b/threadpool/server/auth/src/main/java/cn/hippo4j/auth/security/AuthManager.java
index 765104d4..c2ac9be0 100644
--- a/threadpool/server/auth/src/main/java/cn/hippo4j/auth/security/AuthManager.java
+++ b/threadpool/server/auth/src/main/java/cn/hippo4j/auth/security/AuthManager.java
@@ -17,13 +17,19 @@
 
 package cn.hippo4j.auth.security;
 
+import cn.hippo4j.auth.model.biz.user.LoginUser;
 import lombok.AllArgsConstructor;
 import lombok.SneakyThrows;
 import org.springframework.expression.AccessException;
 import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.servlet.http.HttpServletRequest;
 
 /**
  * Auth manager.
@@ -36,6 +42,8 @@ public class AuthManager {
 
     private final AuthenticationManager authenticationManager;
 
+    private final UserDetailsService userDetailsService;
+
     /**
      * Resolve token from user.
      *
@@ -47,9 +55,11 @@ public class AuthManager {
     @SneakyThrows
     public String resolveTokenFromUser(String userName, String rawPassword) {
         try {
-            UsernamePasswordAuthenticationToken authenticationToken =
-                    new UsernamePasswordAuthenticationToken(userName, rawPassword);
-            authenticationManager.authenticate(authenticationToken);
+            HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+            LoginUser loginUser = new LoginUser();
+            loginUser.setPassword(rawPassword);
+            request.setAttribute("loginUser", loginUser);
+            UserDetails userDetails = userDetailsService.loadUserByUsername(userName);
         } catch (AuthenticationException e) {
             throw new AccessException("Unknown user.");
         }
diff --git a/threadpool/server/auth/src/main/java/cn/hippo4j/auth/service/impl/UserDetailsServiceImpl.java b/threadpool/server/auth/src/main/java/cn/hippo4j/auth/service/impl/UserDetailsServiceImpl.java
index 5029024c..9a8e7ccd 100644
--- a/threadpool/server/auth/src/main/java/cn/hippo4j/auth/service/impl/UserDetailsServiceImpl.java
+++ b/threadpool/server/auth/src/main/java/cn/hippo4j/auth/service/impl/UserDetailsServiceImpl.java
@@ -24,6 +24,7 @@ import cn.hippo4j.auth.model.biz.user.LoginUser;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Primary;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -46,6 +47,7 @@ import java.util.Set;
  */
 @Slf4j
 @Service
+@Primary
 public class UserDetailsServiceImpl implements UserDetailsService {
 
     @Value("${hippo4j.core.auth.enabled:true}")