diff --git a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/auth/AuthAction.java b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/auth/AuthAction.java
new file mode 100644
index 0000000000..74f9c877a4
--- /dev/null
+++ b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/auth/AuthAction.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.csp.sentinel.dashboard.auth;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+@Target({ElementType.METHOD})
+public @interface AuthAction {
+
+    AuthService.PrivilegeType value();
+
+    String targetName() default "app";
+
+    String message() default "No privilege";
+}
diff --git a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/auth/AuthInterceptor.java b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/auth/AuthInterceptor.java
new file mode 100644
index 0000000000..5cfcb706cf
--- /dev/null
+++ b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/auth/AuthInterceptor.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.csp.sentinel.dashboard.auth;
+
+import com.alibaba.csp.sentinel.dashboard.domain.Result;
+import com.alibaba.fastjson.JSON;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.lang.reflect.Method;
+
+@Component
+public class AuthInterceptor implements HandlerInterceptor {
+
+    @Autowired
+    private AuthService<HttpServletRequest> authService;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+            throws Exception {
+        if (handler.getClass().isAssignableFrom(HandlerMethod.class)) {
+            Method method = ((HandlerMethod) handler).getMethod();
+
+            AuthAction authAction = method.getAnnotation(AuthAction.class);
+            if (authAction != null) {
+                AuthService.AuthUser authUser = authService.getAuthUser(request);
+                if (authUser == null) {
+                    responseNoPrivilegeMsg(response, authAction.message());
+                    return false;
+                }
+                String target = request.getParameter(authAction.targetName());
+
+                if (!authUser.authTarget(target, authAction.value())) {
+                    responseNoPrivilegeMsg(response, authAction.message());
+                    return false;
+                }
+            }
+        }
+
+        return true;
+    }
+
+    private void responseNoPrivilegeMsg(HttpServletResponse response, String message) throws IOException {
+        Result result = Result.ofFail(-1, message);
+        response.addHeader("Content-Type", "application/json;charset=UTF-8");
+        response.getOutputStream().write(JSON.toJSONBytes(result));
+    }
+}
diff --git a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/config/WebConfig.java b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/config/WebConfig.java
index 3307fc0c02..cd9194c925 100755
--- a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/config/WebConfig.java
+++ b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/config/WebConfig.java
@@ -16,6 +16,7 @@
 package com.alibaba.csp.sentinel.dashboard.config;
 
 import com.alibaba.csp.sentinel.adapter.servlet.CommonFilter;
+import com.alibaba.csp.sentinel.dashboard.auth.AuthInterceptor;
 import com.alibaba.csp.sentinel.dashboard.filter.AuthFilter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -23,6 +24,7 @@
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@@ -40,6 +42,14 @@ public class WebConfig implements WebMvcConfigurer {
     @Autowired
     private AuthFilter authFilter;
 
+    @Autowired
+    private AuthInterceptor authInterceptor;
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(authInterceptor).addPathPatterns("/**");
+    }
+
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
         registry.addResourceHandler("/**").addResourceLocations("classpath:/resources/");
diff --git a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/AuthorityRuleController.java b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/AuthorityRuleController.java
index 2b285eff80..294455f02a 100644
--- a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/AuthorityRuleController.java
+++ b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/AuthorityRuleController.java
@@ -18,12 +18,9 @@
 import java.util.Date;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-
+import com.alibaba.csp.sentinel.dashboard.auth.AuthAction;
 import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient;
 import com.alibaba.csp.sentinel.dashboard.discovery.MachineInfo;
-import com.alibaba.csp.sentinel.dashboard.auth.AuthService;
-import com.alibaba.csp.sentinel.dashboard.auth.AuthService.AuthUser;
 import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType;
 import com.alibaba.csp.sentinel.slots.block.RuleConstant;
 import com.alibaba.csp.sentinel.util.StringUtil;
@@ -60,16 +57,11 @@ public class AuthorityRuleController {
     @Autowired
     private RuleRepository<AuthorityRuleEntity, Long> repository;
 
-    @Autowired
-    private AuthService<HttpServletRequest> authService;
-
     @GetMapping("/rules")
-    public Result<List<AuthorityRuleEntity>> apiQueryAllRulesForMachine(HttpServletRequest request,
-                                                                        @RequestParam String app,
+    @AuthAction(PrivilegeType.READ_RULE)
+    public Result<List<AuthorityRuleEntity>> apiQueryAllRulesForMachine(@RequestParam String app,
                                                                         @RequestParam String ip,
                                                                         @RequestParam Integer port) {
-        AuthUser authUser = authService.getAuthUser(request);
-        authUser.authTarget(app, PrivilegeType.READ_RULE);
         if (StringUtil.isEmpty(app)) {
             return Result.ofFail(-1, "app cannot be null or empty");
         }
@@ -119,10 +111,8 @@ private <R> Result<R> checkEntityInternal(AuthorityRuleEntity entity) {
     }
 
     @PostMapping("/rule")
-    public Result<AuthorityRuleEntity> apiAddAuthorityRule(HttpServletRequest request,
-                                                           @RequestBody AuthorityRuleEntity entity) {
-        AuthUser authUser = authService.getAuthUser(request);
-        authUser.authTarget(entity.getApp(), PrivilegeType.WRITE_RULE);
+    @AuthAction(PrivilegeType.WRITE_RULE)
+    public Result<AuthorityRuleEntity> apiAddAuthorityRule(@RequestBody AuthorityRuleEntity entity) {
         Result<AuthorityRuleEntity> checkResult = checkEntityInternal(entity);
         if (checkResult != null) {
             return checkResult;
@@ -144,11 +134,9 @@ public Result<AuthorityRuleEntity> apiAddAuthorityRule(HttpServletRequest reques
     }
 
     @PutMapping("/rule/{id}")
-    public Result<AuthorityRuleEntity> apiUpdateParamFlowRule(HttpServletRequest request,
-                                                              @PathVariable("id") Long id,
+    @AuthAction(PrivilegeType.WRITE_RULE)
+    public Result<AuthorityRuleEntity> apiUpdateParamFlowRule(@PathVariable("id") Long id,
                                                               @RequestBody AuthorityRuleEntity entity) {
-        AuthUser authUser = authService.getAuthUser(request);
-        authUser.authTarget(entity.getApp(), PrivilegeType.WRITE_RULE);
         if (id == null || id <= 0) {
             return Result.ofFail(-1, "Invalid id");
         }
@@ -176,8 +164,8 @@ public Result<AuthorityRuleEntity> apiUpdateParamFlowRule(HttpServletRequest req
     }
 
     @DeleteMapping("/rule/{id}")
-    public Result<Long> apiDeleteRule(HttpServletRequest request, @PathVariable("id") Long id) {
-        AuthUser authUser = authService.getAuthUser(request);
+    @AuthAction(PrivilegeType.DELETE_RULE)
+    public Result<Long> apiDeleteRule(@PathVariable("id") Long id) {
         if (id == null) {
             return Result.ofFail(-1, "id cannot be null");
         }
@@ -185,7 +173,6 @@ public Result<Long> apiDeleteRule(HttpServletRequest request, @PathVariable("id"
         if (oldEntity == null) {
             return Result.ofSuccess(null);
         }
-        authUser.authTarget(oldEntity.getApp(), PrivilegeType.DELETE_RULE);
         try {
             repository.delete(id);
         } catch (Exception e) {
diff --git a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/DegradeController.java b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/DegradeController.java
index 7733129a00..61aaee68aa 100755
--- a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/DegradeController.java
+++ b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/DegradeController.java
@@ -18,12 +18,9 @@
 import java.util.Date;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-
+import com.alibaba.csp.sentinel.dashboard.auth.AuthAction;
 import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient;
 import com.alibaba.csp.sentinel.dashboard.discovery.MachineInfo;
-import com.alibaba.csp.sentinel.dashboard.auth.AuthService;
-import com.alibaba.csp.sentinel.dashboard.auth.AuthService.AuthUser;
 import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType;
 import com.alibaba.csp.sentinel.slots.block.RuleConstant;
 import com.alibaba.csp.sentinel.util.StringUtil;
@@ -54,14 +51,10 @@ public class DegradeController {
     @Autowired
     private SentinelApiClient sentinelApiClient;
 
-    @Autowired
-    private AuthService<HttpServletRequest> authService;
-
     @ResponseBody
     @RequestMapping("/rules.json")
-    public Result<List<DegradeRuleEntity>> queryMachineRules(HttpServletRequest request, String app, String ip, Integer port) {
-        AuthUser authUser = authService.getAuthUser(request);
-        authUser.authTarget(app, PrivilegeType.READ_RULE);
+    @AuthAction(PrivilegeType.READ_RULE)
+    public Result<List<DegradeRuleEntity>> queryMachineRules(String app, String ip, Integer port) {
 
         if (StringUtil.isEmpty(app)) {
             return Result.ofFail(-1, "app can't be null or empty");
@@ -84,12 +77,9 @@ public Result<List<DegradeRuleEntity>> queryMachineRules(HttpServletRequest requ
 
     @ResponseBody
     @RequestMapping("/new.json")
-    public Result<DegradeRuleEntity> add(HttpServletRequest request,
-                                         String app, String ip, Integer port, String limitApp, String resource,
+    @AuthAction(PrivilegeType.WRITE_RULE)
+    public Result<DegradeRuleEntity> add(String app, String ip, Integer port, String limitApp, String resource,
                                          Double count, Integer timeWindow, Integer grade) {
-        AuthUser authUser = authService.getAuthUser(request);
-        authUser.authTarget(app, PrivilegeType.WRITE_RULE);
-
         if (StringUtil.isBlank(app)) {
             return Result.ofFail(-1, "app can't be null or empty");
         }
@@ -143,10 +133,9 @@ public Result<DegradeRuleEntity> add(HttpServletRequest request,
 
     @ResponseBody
     @RequestMapping("/save.json")
-    public Result<DegradeRuleEntity> updateIfNotNull(HttpServletRequest request,
-                                                     Long id, String app, String limitApp, String resource,
+    @AuthAction(PrivilegeType.WRITE_RULE)
+    public Result<DegradeRuleEntity> updateIfNotNull(Long id, String app, String limitApp, String resource,
                                                      Double count, Integer timeWindow, Integer grade) {
-        AuthUser authUser = authService.getAuthUser(request);
         if (id == null) {
             return Result.ofFail(-1, "id can't be null");
         }
@@ -159,7 +148,7 @@ public Result<DegradeRuleEntity> updateIfNotNull(HttpServletRequest request,
         if (entity == null) {
             return Result.ofFail(-1, "id " + id + " dose not exist");
         }
-        authUser.authTarget(entity.getApp(), PrivilegeType.WRITE_RULE);
+
         if (StringUtil.isNotBlank(app)) {
             entity.setApp(app.trim());
         }
@@ -195,8 +184,8 @@ public Result<DegradeRuleEntity> updateIfNotNull(HttpServletRequest request,
 
     @ResponseBody
     @RequestMapping("/delete.json")
-    public Result<Long> delete(HttpServletRequest request, Long id) {
-        AuthUser authUser = authService.getAuthUser(request);
+    @AuthAction(PrivilegeType.DELETE_RULE)
+    public Result<Long> delete(Long id) {
         if (id == null) {
             return Result.ofFail(-1, "id can't be null");
         }
@@ -205,7 +194,7 @@ public Result<Long> delete(HttpServletRequest request, Long id) {
         if (oldEntity == null) {
             return Result.ofSuccess(null);
         }
-        authUser.authTarget(oldEntity.getApp(), PrivilegeType.DELETE_RULE);
+
         try {
             repository.delete(id);
         } catch (Throwable throwable) {
diff --git a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/FlowControllerV1.java b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/FlowControllerV1.java
index 71e5b70122..3c3a731881 100755
--- a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/FlowControllerV1.java
+++ b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/FlowControllerV1.java
@@ -18,10 +18,7 @@
 import java.util.Date;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-
-import com.alibaba.csp.sentinel.dashboard.auth.AuthService;
-import com.alibaba.csp.sentinel.dashboard.auth.AuthService.AuthUser;
+import com.alibaba.csp.sentinel.dashboard.auth.AuthAction;
 import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType;
 import com.alibaba.csp.sentinel.util.StringUtil;
 
@@ -57,19 +54,15 @@ public class FlowControllerV1 {
 
     @Autowired
     private InMemoryRuleRepositoryAdapter<FlowRuleEntity> repository;
-    @Autowired
-    private AuthService<HttpServletRequest> authService;
 
     @Autowired
     private SentinelApiClient sentinelApiClient;
 
     @GetMapping("/rules")
-    public Result<List<FlowRuleEntity>> apiQueryMachineRules(HttpServletRequest request,
-                                                             @RequestParam String app,
+    @AuthAction(PrivilegeType.READ_RULE)
+    public Result<List<FlowRuleEntity>> apiQueryMachineRules(@RequestParam String app,
                                                              @RequestParam String ip,
                                                              @RequestParam Integer port) {
-        AuthUser authUser = authService.getAuthUser(request);
-        authUser.authTarget(app, PrivilegeType.READ_RULE);
 
         if (StringUtil.isEmpty(app)) {
             return Result.ofFail(-1, "app can't be null or empty");
@@ -138,10 +131,8 @@ private <R> Result<R> checkEntityInternal(FlowRuleEntity entity) {
     }
 
     @PostMapping("/rule")
-    public Result<FlowRuleEntity> apiAddFlowRule(HttpServletRequest request, @RequestBody FlowRuleEntity entity) {
-        AuthUser authUser = authService.getAuthUser(request);
-        authUser.authTarget(entity.getApp(), PrivilegeType.WRITE_RULE);
-
+    @AuthAction(PrivilegeType.WRITE_RULE)
+    public Result<FlowRuleEntity> apiAddFlowRule(@RequestBody FlowRuleEntity entity) {
         Result<FlowRuleEntity> checkResult = checkEntityInternal(entity);
         if (checkResult != null) {
             return checkResult;
@@ -165,14 +156,12 @@ public Result<FlowRuleEntity> apiAddFlowRule(HttpServletRequest request, @Reques
     }
 
     @PutMapping("/save.json")
-    public Result<FlowRuleEntity> updateIfNotNull(HttpServletRequest request, Long id, String app,
+    @AuthAction(PrivilegeType.WRITE_RULE)
+    public Result<FlowRuleEntity> updateIfNotNull(Long id, String app,
                                                   String limitApp, String resource, Integer grade,
                                                   Double count, Integer strategy, String refResource,
                                                   Integer controlBehavior, Integer warmUpPeriodSec,
                                                   Integer maxQueueingTimeMs) {
-        AuthUser authUser = authService.getAuthUser(request);
-        authUser.authTarget(app, PrivilegeType.WRITE_RULE);
-
         if (id == null) {
             return Result.ofFail(-1, "id can't be null");
         }
@@ -246,8 +235,9 @@ public Result<FlowRuleEntity> updateIfNotNull(HttpServletRequest request, Long i
     }
 
     @DeleteMapping("/delete.json")
-    public Result<Long> delete(HttpServletRequest request, Long id) {
-        AuthUser authUser = authService.getAuthUser(request);
+    @AuthAction(PrivilegeType.WRITE_RULE)
+    public Result<Long> delete(Long id) {
+
         if (id == null) {
             return Result.ofFail(-1, "id can't be null");
         }
@@ -255,7 +245,7 @@ public Result<Long> delete(HttpServletRequest request, Long id) {
         if (oldEntity == null) {
             return Result.ofSuccess(null);
         }
-        authUser.authTarget(oldEntity.getApp(), PrivilegeType.DELETE_RULE);
+
         try {
             repository.delete(id);
         } catch (Exception e) {
diff --git a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/ParamFlowRuleController.java b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/ParamFlowRuleController.java
index 1a456488cc..4039ca6746 100644
--- a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/ParamFlowRuleController.java
+++ b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/ParamFlowRuleController.java
@@ -21,18 +21,15 @@
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutionException;
 
-import javax.servlet.http.HttpServletRequest;
-
+import com.alibaba.csp.sentinel.dashboard.auth.AuthAction;
 import com.alibaba.csp.sentinel.dashboard.client.CommandNotFoundException;
 import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient;
 import com.alibaba.csp.sentinel.dashboard.discovery.AppManagement;
 import com.alibaba.csp.sentinel.dashboard.discovery.MachineInfo;
 import com.alibaba.csp.sentinel.dashboard.auth.AuthService;
-import com.alibaba.csp.sentinel.dashboard.auth.AuthService.AuthUser;
 import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType;
 import com.alibaba.csp.sentinel.slots.block.RuleConstant;
 import com.alibaba.csp.sentinel.util.StringUtil;
-
 import com.alibaba.csp.sentinel.dashboard.datasource.entity.SentinelVersion;
 import com.alibaba.csp.sentinel.dashboard.datasource.entity.rule.ParamFlowRuleEntity;
 import com.alibaba.csp.sentinel.dashboard.domain.Result;
@@ -69,9 +66,6 @@ public class ParamFlowRuleController {
     @Autowired
     private RuleRepository<ParamFlowRuleEntity, Long> repository;
 
-    @Autowired
-    private AuthService<HttpServletRequest> authService;
-
     private boolean checkIfSupported(String app, String ip, int port) {
         try {
             return Optional.ofNullable(appManagement.getDetailApp(app))
@@ -86,12 +80,10 @@ private boolean checkIfSupported(String app, String ip, int port) {
     }
 
     @GetMapping("/rules")
-    public Result<List<ParamFlowRuleEntity>> apiQueryAllRulesForMachine(HttpServletRequest request,
-                                                                        @RequestParam String app,
+    @AuthAction(PrivilegeType.READ_RULE)
+    public Result<List<ParamFlowRuleEntity>> apiQueryAllRulesForMachine(@RequestParam String app,
                                                                         @RequestParam String ip,
                                                                         @RequestParam Integer port) {
-        AuthUser authUser = authService.getAuthUser(request);
-        authUser.authTarget(app, PrivilegeType.READ_RULE);
         if (StringUtil.isEmpty(app)) {
             return Result.ofFail(-1, "app cannot be null or empty");
         }
@@ -127,10 +119,8 @@ private boolean isNotSupported(Throwable ex) {
     }
 
     @PostMapping("/rule")
-    public Result<ParamFlowRuleEntity> apiAddParamFlowRule(HttpServletRequest request,
-                                                           @RequestBody ParamFlowRuleEntity entity) {
-        AuthUser authUser = authService.getAuthUser(request);
-        authUser.authTarget(entity.getApp(), PrivilegeType.WRITE_RULE);
+    @AuthAction(AuthService.PrivilegeType.WRITE_RULE)
+    public Result<ParamFlowRuleEntity> apiAddParamFlowRule(@RequestBody ParamFlowRuleEntity entity) {
         Result<ParamFlowRuleEntity> checkResult = checkEntityInternal(entity);
         if (checkResult != null) {
             return checkResult;
@@ -198,10 +188,9 @@ private <R> Result<R> checkEntityInternal(ParamFlowRuleEntity entity) {
     }
 
     @PutMapping("/rule/{id}")
-    public Result<ParamFlowRuleEntity> apiUpdateParamFlowRule(HttpServletRequest request,
-                                                              @PathVariable("id") Long id,
+    @AuthAction(AuthService.PrivilegeType.WRITE_RULE)
+    public Result<ParamFlowRuleEntity> apiUpdateParamFlowRule(@PathVariable("id") Long id,
                                                               @RequestBody ParamFlowRuleEntity entity) {
-        AuthUser authUser = authService.getAuthUser(request);
         if (id == null || id <= 0) {
             return Result.ofFail(-1, "Invalid id");
         }
@@ -209,7 +198,7 @@ public Result<ParamFlowRuleEntity> apiUpdateParamFlowRule(HttpServletRequest req
         if (oldEntity == null) {
             return Result.ofFail(-1, "id " + id + " does not exist");
         }
-        authUser.authTarget(oldEntity.getApp(), PrivilegeType.WRITE_RULE);
+
         Result<ParamFlowRuleEntity> checkResult = checkEntityInternal(entity);
         if (checkResult != null) {
             return checkResult;
@@ -239,8 +228,8 @@ public Result<ParamFlowRuleEntity> apiUpdateParamFlowRule(HttpServletRequest req
     }
 
     @DeleteMapping("/rule/{id}")
-    public Result<Long> apiDeleteRule(HttpServletRequest request, @PathVariable("id") Long id) {
-        AuthUser authUser = authService.getAuthUser(request);
+    @AuthAction(PrivilegeType.DELETE_RULE)
+    public Result<Long> apiDeleteRule(@PathVariable("id") Long id) {
         if (id == null) {
             return Result.ofFail(-1, "id cannot be null");
         }
@@ -248,7 +237,7 @@ public Result<Long> apiDeleteRule(HttpServletRequest request, @PathVariable("id"
         if (oldEntity == null) {
             return Result.ofSuccess(null);
         }
-        authUser.authTarget(oldEntity.getApp(), PrivilegeType.DELETE_RULE);
+
         try {
             repository.delete(id);
             publishRules(oldEntity.getApp(), oldEntity.getIp(), oldEntity.getPort()).get();
diff --git a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/SystemController.java b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/SystemController.java
index 66d29f580a..daa0b98b5a 100755
--- a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/SystemController.java
+++ b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/SystemController.java
@@ -18,10 +18,7 @@
 import java.util.Date;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-
-import com.alibaba.csp.sentinel.dashboard.auth.AuthService;
-import com.alibaba.csp.sentinel.dashboard.auth.AuthService.AuthUser;
+import com.alibaba.csp.sentinel.dashboard.auth.AuthAction;
 import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType;
 import com.alibaba.csp.sentinel.dashboard.repository.rule.RuleRepository;
 import com.alibaba.csp.sentinel.util.StringUtil;
@@ -51,8 +48,6 @@ public class SystemController {
     private RuleRepository<SystemRuleEntity, Long> repository;
     @Autowired
     private SentinelApiClient sentinelApiClient;
-    @Autowired
-    private AuthService<HttpServletRequest> authService;
 
     private <R> Result<R> checkBasicParams(String app, String ip, Integer port) {
         if (StringUtil.isEmpty(app)) {
@@ -71,11 +66,9 @@ private <R> Result<R> checkBasicParams(String app, String ip, Integer port) {
     }
 
     @GetMapping("/rules.json")
-    public Result<List<SystemRuleEntity>> apiQueryMachineRules(HttpServletRequest request, String app, String ip,
+    @AuthAction(PrivilegeType.READ_RULE)
+    public Result<List<SystemRuleEntity>> apiQueryMachineRules(String app, String ip,
                                                                Integer port) {
-        AuthUser authUser = authService.getAuthUser(request);
-        authUser.authTarget(app, PrivilegeType.READ_RULE);
-
         Result<List<SystemRuleEntity>> checkResult = checkBasicParams(app, ip, port);
         if (checkResult != null) {
             return checkResult;
@@ -101,11 +94,10 @@ private int countNotNullAndNotNegative(Number... values) {
     }
 
     @RequestMapping("/new.json")
-    public Result<SystemRuleEntity> apiAdd(HttpServletRequest request, String app, String ip, Integer port,
+    @AuthAction(PrivilegeType.WRITE_RULE)
+    public Result<SystemRuleEntity> apiAdd(String app, String ip, Integer port,
                                            Double highestSystemLoad, Double highestCpuUsage, Long avgRt,
                                            Long maxThread, Double qps) {
-        AuthUser authUser = authService.getAuthUser(request);
-        authUser.authTarget(app, PrivilegeType.WRITE_RULE);
 
         Result<SystemRuleEntity> checkResult = checkBasicParams(app, ip, port);
         if (checkResult != null) {
@@ -168,10 +160,9 @@ public Result<SystemRuleEntity> apiAdd(HttpServletRequest request, String app, S
     }
 
     @GetMapping("/save.json")
-    public Result<SystemRuleEntity> apiUpdateIfNotNull(HttpServletRequest request,
-                                        Long id, String app, Double highestSystemLoad, Double highestCpuUsage,
-                                        Long avgRt, Long maxThread, Double qps) {
-        AuthUser authUser = authService.getAuthUser(request);
+    @AuthAction(PrivilegeType.WRITE_RULE)
+    public Result<SystemRuleEntity> apiUpdateIfNotNull(Long id, String app, Double highestSystemLoad,
+            Double highestCpuUsage, Long avgRt, Long maxThread, Double qps) {
         if (id == null) {
             return Result.ofFail(-1, "id can't be null");
         }
@@ -179,7 +170,7 @@ public Result<SystemRuleEntity> apiUpdateIfNotNull(HttpServletRequest request,
         if (entity == null) {
             return Result.ofFail(-1, "id " + id + " dose not exist");
         }
-        authUser.authTarget(entity.getApp(), PrivilegeType.WRITE_RULE);
+
         if (StringUtil.isNotBlank(app)) {
             entity.setApp(app.trim());
         }
@@ -231,8 +222,8 @@ public Result<SystemRuleEntity> apiUpdateIfNotNull(HttpServletRequest request,
     }
 
     @RequestMapping("/delete.json")
-    public Result<?> delete(HttpServletRequest request, Long id) {
-        AuthUser authUser = authService.getAuthUser(request);
+    @AuthAction(PrivilegeType.DELETE_RULE)
+    public Result<?> delete(Long id) {
         if (id == null) {
             return Result.ofFail(-1, "id can't be null");
         }
@@ -240,7 +231,6 @@ public Result<?> delete(HttpServletRequest request, Long id) {
         if (oldEntity == null) {
             return Result.ofSuccess(null);
         }
-        authUser.authTarget(oldEntity.getApp(), PrivilegeType.DELETE_RULE);
         try {
             repository.delete(id);
         } catch (Throwable throwable) {
diff --git a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayApiController.java b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayApiController.java
index 378e3cc3cd..c7a405d9c4 100644
--- a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayApiController.java
+++ b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayApiController.java
@@ -15,6 +15,7 @@
  */
 package com.alibaba.csp.sentinel.dashboard.controller.gateway;
 
+import com.alibaba.csp.sentinel.dashboard.auth.AuthAction;
 import com.alibaba.csp.sentinel.dashboard.auth.AuthService;
 import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient;
 import com.alibaba.csp.sentinel.dashboard.datasource.entity.gateway.ApiDefinitionEntity;
@@ -55,13 +56,9 @@ public class GatewayApiController {
     @Autowired
     private SentinelApiClient sentinelApiClient;
 
-    @Autowired
-    private AuthService<HttpServletRequest> authService;
-
     @GetMapping("/list.json")
-    public Result<List<ApiDefinitionEntity>> queryApis(HttpServletRequest request, String app, String ip, Integer port) {
-        AuthService.AuthUser authUser = authService.getAuthUser(request);
-        authUser.authTarget(app, AuthService.PrivilegeType.READ_RULE);
+    @AuthAction(AuthService.PrivilegeType.READ_RULE)
+    public Result<List<ApiDefinitionEntity>> queryApis(String app, String ip, Integer port) {
 
         if (StringUtil.isEmpty(app)) {
             return Result.ofFail(-1, "app can't be null or empty");
@@ -84,16 +81,14 @@ public Result<List<ApiDefinitionEntity>> queryApis(HttpServletRequest request, S
     }
 
     @PostMapping("/new.json")
+    @AuthAction(AuthService.PrivilegeType.WRITE_RULE)
     public Result<ApiDefinitionEntity> addApi(HttpServletRequest request, @RequestBody AddApiReqVo reqVo) {
-        AuthService.AuthUser authUser = authService.getAuthUser(request);
 
         String app = reqVo.getApp();
         if (StringUtil.isBlank(app)) {
             return Result.ofFail(-1, "app can't be null or empty");
         }
 
-        authUser.authTarget(app, AuthService.PrivilegeType.WRITE_RULE);
-
         ApiDefinitionEntity entity = new ApiDefinitionEntity();
         entity.setApp(app.trim());
 
@@ -169,16 +164,13 @@ public Result<ApiDefinitionEntity> addApi(HttpServletRequest request, @RequestBo
     }
 
     @PostMapping("/save.json")
-    public Result<ApiDefinitionEntity> updateApi(HttpServletRequest request, @RequestBody UpdateApiReqVo reqVo) {
-        AuthService.AuthUser authUser = authService.getAuthUser(request);
-
+    @AuthAction(AuthService.PrivilegeType.WRITE_RULE)
+    public Result<ApiDefinitionEntity> updateApi(@RequestBody UpdateApiReqVo reqVo) {
         String app = reqVo.getApp();
         if (StringUtil.isBlank(app)) {
             return Result.ofFail(-1, "app can't be null or empty");
         }
 
-        authUser.authTarget(app, AuthService.PrivilegeType.WRITE_RULE);
-
         Long id = reqVo.getId();
         if (id == null) {
             return Result.ofFail(-1, "id can't be null");
@@ -235,9 +227,9 @@ public Result<ApiDefinitionEntity> updateApi(HttpServletRequest request, @Reques
     }
 
     @PostMapping("/delete.json")
-    public Result<Long> deleteApi(HttpServletRequest request, Long id) {
-        AuthService.AuthUser authUser = authService.getAuthUser(request);
+    @AuthAction(AuthService.PrivilegeType.DELETE_RULE)
 
+    public Result<Long> deleteApi(Long id) {
         if (id == null) {
             return Result.ofFail(-1, "id can't be null");
         }
@@ -247,8 +239,6 @@ public Result<Long> deleteApi(HttpServletRequest request, Long id) {
             return Result.ofSuccess(null);
         }
 
-        authUser.authTarget(oldEntity.getApp(), AuthService.PrivilegeType.DELETE_RULE);
-
         try {
             repository.delete(id);
         } catch (Throwable throwable) {
diff --git a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayFlowRuleController.java b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayFlowRuleController.java
index 7d84262fe3..0189163781 100644
--- a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayFlowRuleController.java
+++ b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayFlowRuleController.java
@@ -16,6 +16,7 @@
 package com.alibaba.csp.sentinel.dashboard.controller.gateway;
 
 
+import com.alibaba.csp.sentinel.dashboard.auth.AuthAction;
 import com.alibaba.csp.sentinel.dashboard.auth.AuthService;
 import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient;
 import com.alibaba.csp.sentinel.dashboard.datasource.entity.gateway.GatewayFlowRuleEntity;
@@ -32,7 +33,6 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 
-import javax.servlet.http.HttpServletRequest;
 import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
@@ -59,13 +59,9 @@ public class GatewayFlowRuleController {
     @Autowired
     private SentinelApiClient sentinelApiClient;
 
-    @Autowired
-    private AuthService<HttpServletRequest> authService;
-
     @GetMapping("/list.json")
-    public Result<List<GatewayFlowRuleEntity>> queryFlowRules(HttpServletRequest request, String app, String ip, Integer port) {
-        AuthService.AuthUser authUser = authService.getAuthUser(request);
-        authUser.authTarget(app, AuthService.PrivilegeType.READ_RULE);
+    @AuthAction(AuthService.PrivilegeType.READ_RULE)
+    public Result<List<GatewayFlowRuleEntity>> queryFlowRules(String app, String ip, Integer port) {
 
         if (StringUtil.isEmpty(app)) {
             return Result.ofFail(-1, "app can't be null or empty");
@@ -88,16 +84,14 @@ public Result<List<GatewayFlowRuleEntity>> queryFlowRules(HttpServletRequest req
     }
 
     @PostMapping("/new.json")
-    public Result<GatewayFlowRuleEntity> addFlowRule(HttpServletRequest request, @RequestBody AddFlowRuleReqVo reqVo) {
-        AuthService.AuthUser authUser = authService.getAuthUser(request);
+    @AuthAction(AuthService.PrivilegeType.WRITE_RULE)
+    public Result<GatewayFlowRuleEntity> addFlowRule(@RequestBody AddFlowRuleReqVo reqVo) {
 
         String app = reqVo.getApp();
         if (StringUtil.isBlank(app)) {
             return Result.ofFail(-1, "app can't be null or empty");
         }
 
-        authUser.authTarget(app, AuthService.PrivilegeType.WRITE_RULE);
-
         GatewayFlowRuleEntity entity = new GatewayFlowRuleEntity();
         entity.setApp(app.trim());
 
@@ -258,16 +252,14 @@ public Result<GatewayFlowRuleEntity> addFlowRule(HttpServletRequest request, @Re
     }
 
     @PostMapping("/save.json")
-    public Result<GatewayFlowRuleEntity> updateFlowRule(HttpServletRequest request, @RequestBody UpdateFlowRuleReqVo reqVo) {
-        AuthService.AuthUser authUser = authService.getAuthUser(request);
+    @AuthAction(AuthService.PrivilegeType.WRITE_RULE)
+    public Result<GatewayFlowRuleEntity> updateFlowRule(@RequestBody UpdateFlowRuleReqVo reqVo) {
 
         String app = reqVo.getApp();
         if (StringUtil.isBlank(app)) {
             return Result.ofFail(-1, "app can't be null or empty");
         }
 
-        authUser.authTarget(app, AuthService.PrivilegeType.WRITE_RULE);
-
         Long id = reqVo.getId();
         if (id == null) {
             return Result.ofFail(-1, "id can't be null");
@@ -408,8 +400,8 @@ public Result<GatewayFlowRuleEntity> updateFlowRule(HttpServletRequest request,
 
 
     @PostMapping("/delete.json")
-    public Result<Long> deleteFlowRule(HttpServletRequest request, Long id) {
-        AuthService.AuthUser authUser = authService.getAuthUser(request);
+    @AuthAction(AuthService.PrivilegeType.DELETE_RULE)
+    public Result<Long> deleteFlowRule(Long id) {
 
         if (id == null) {
             return Result.ofFail(-1, "id can't be null");
@@ -420,8 +412,6 @@ public Result<Long> deleteFlowRule(HttpServletRequest request, Long id) {
             return Result.ofSuccess(null);
         }
 
-        authUser.authTarget(oldEntity.getApp(), AuthService.PrivilegeType.DELETE_RULE);
-
         try {
             repository.delete(id);
         } catch (Throwable throwable) {
diff --git a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/v2/FlowControllerV2.java b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/v2/FlowControllerV2.java
index 41aea755be..96bea1d741 100755
--- a/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/v2/FlowControllerV2.java
+++ b/sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/v2/FlowControllerV2.java
@@ -18,10 +18,8 @@
 import java.util.Date;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-
+import com.alibaba.csp.sentinel.dashboard.auth.AuthAction;
 import com.alibaba.csp.sentinel.dashboard.auth.AuthService;
-import com.alibaba.csp.sentinel.dashboard.auth.AuthService.AuthUser;
 import com.alibaba.csp.sentinel.dashboard.auth.AuthService.PrivilegeType;
 import com.alibaba.csp.sentinel.util.StringUtil;
 
@@ -67,13 +65,9 @@ public class FlowControllerV2 {
     @Qualifier("flowRuleDefaultPublisher")
     private DynamicRulePublisher<List<FlowRuleEntity>> rulePublisher;
 
-    @Autowired
-    private AuthService<HttpServletRequest> authService;
-
     @GetMapping("/rules")
-    public Result<List<FlowRuleEntity>> apiQueryMachineRules(HttpServletRequest request, @RequestParam String app) {
-        AuthUser authUser = authService.getAuthUser(request);
-        authUser.authTarget(app, PrivilegeType.READ_RULE);
+    @AuthAction(PrivilegeType.READ_RULE)
+    public Result<List<FlowRuleEntity>> apiQueryMachineRules(@RequestParam String app) {
 
         if (StringUtil.isEmpty(app)) {
             return Result.ofFail(-1, "app can't be null or empty");
@@ -141,9 +135,8 @@ private <R> Result<R> checkEntityInternal(FlowRuleEntity entity) {
     }
 
     @PostMapping("/rule")
-    public Result<FlowRuleEntity> apiAddFlowRule(HttpServletRequest request, @RequestBody FlowRuleEntity entity) {
-        AuthUser authUser = authService.getAuthUser(request);
-        authUser.authTarget(entity.getApp(), PrivilegeType.WRITE_RULE);
+    @AuthAction(value = AuthService.PrivilegeType.WRITE_RULE)
+    public Result<FlowRuleEntity> apiAddFlowRule(@RequestBody FlowRuleEntity entity) {
 
         Result<FlowRuleEntity> checkResult = checkEntityInternal(entity);
         if (checkResult != null) {
@@ -166,10 +159,10 @@ public Result<FlowRuleEntity> apiAddFlowRule(HttpServletRequest request, @Reques
     }
 
     @PutMapping("/rule/{id}")
-    public Result<FlowRuleEntity> apiUpdateFlowRule(HttpServletRequest request,
-                                                    @PathVariable("id") Long id,
+    @AuthAction(AuthService.PrivilegeType.WRITE_RULE)
+
+    public Result<FlowRuleEntity> apiUpdateFlowRule(@PathVariable("id") Long id,
                                                     @RequestBody FlowRuleEntity entity) {
-        AuthUser authUser = authService.getAuthUser(request);
         if (id == null || id <= 0) {
             return Result.ofFail(-1, "Invalid id");
         }
@@ -180,7 +173,6 @@ public Result<FlowRuleEntity> apiUpdateFlowRule(HttpServletRequest request,
         if (entity == null) {
             return Result.ofFail(-1, "invalid body");
         }
-        authUser.authTarget(oldEntity.getApp(), PrivilegeType.WRITE_RULE);
 
         entity.setApp(oldEntity.getApp());
         entity.setIp(oldEntity.getIp());
@@ -208,8 +200,8 @@ public Result<FlowRuleEntity> apiUpdateFlowRule(HttpServletRequest request,
     }
 
     @DeleteMapping("/rule/{id}")
-    public Result<Long> apiDeleteRule(HttpServletRequest request, @PathVariable("id") Long id) {
-        AuthUser authUser = authService.getAuthUser(request);
+    @AuthAction(PrivilegeType.DELETE_RULE)
+    public Result<Long> apiDeleteRule(@PathVariable("id") Long id) {
         if (id == null || id <= 0) {
             return Result.ofFail(-1, "Invalid id");
         }
@@ -217,7 +209,7 @@ public Result<Long> apiDeleteRule(HttpServletRequest request, @PathVariable("id"
         if (oldEntity == null) {
             return Result.ofSuccess(null);
         }
-        authUser.authTarget(oldEntity.getApp(), PrivilegeType.DELETE_RULE);
+
         try {
             repository.delete(id);
             publishRules(oldEntity.getApp());
diff --git a/sentinel-dashboard/src/test/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayApiControllerTest.java b/sentinel-dashboard/src/test/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayApiControllerTest.java
index a79adfd6fa..c4d2cb1740 100644
--- a/sentinel-dashboard/src/test/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayApiControllerTest.java
+++ b/sentinel-dashboard/src/test/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayApiControllerTest.java
@@ -15,6 +15,7 @@
  */
 package com.alibaba.csp.sentinel.dashboard.controller.gateway;
 
+import com.alibaba.csp.sentinel.dashboard.auth.AuthInterceptor;
 import com.alibaba.csp.sentinel.dashboard.auth.FakeAuthServiceImpl;
 import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient;
 import com.alibaba.csp.sentinel.dashboard.datasource.entity.gateway.ApiDefinitionEntity;
@@ -60,7 +61,7 @@
  */
 @RunWith(SpringRunner.class)
 @WebMvcTest(GatewayApiController.class)
-@Import({FakeAuthServiceImpl.class, InMemApiDefinitionStore.class, AppManagement.class, SimpleMachineDiscovery.class})
+@Import({FakeAuthServiceImpl.class, InMemApiDefinitionStore.class, AppManagement.class, SimpleMachineDiscovery.class, AuthInterceptor.class})
 public class GatewayApiControllerTest {
 
     private static final String TEST_APP = "test_app";
diff --git a/sentinel-dashboard/src/test/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayFlowRuleControllerTest.java b/sentinel-dashboard/src/test/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayFlowRuleControllerTest.java
index 74b9bc6b5f..b3ffce83ef 100644
--- a/sentinel-dashboard/src/test/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayFlowRuleControllerTest.java
+++ b/sentinel-dashboard/src/test/java/com/alibaba/csp/sentinel/dashboard/controller/gateway/GatewayFlowRuleControllerTest.java
@@ -15,6 +15,7 @@
  */
 package com.alibaba.csp.sentinel.dashboard.controller.gateway;
 
+import com.alibaba.csp.sentinel.dashboard.auth.AuthInterceptor;
 import com.alibaba.csp.sentinel.dashboard.auth.FakeAuthServiceImpl;
 import com.alibaba.csp.sentinel.dashboard.client.SentinelApiClient;
 import com.alibaba.csp.sentinel.dashboard.datasource.entity.gateway.GatewayFlowRuleEntity;
@@ -63,7 +64,8 @@
  */
 @RunWith(SpringRunner.class)
 @WebMvcTest(GatewayFlowRuleController.class)
-@Import({FakeAuthServiceImpl.class, InMemGatewayFlowRuleStore.class, AppManagement.class, SimpleMachineDiscovery.class})
+@Import({FakeAuthServiceImpl.class, InMemGatewayFlowRuleStore.class, AppManagement.class, SimpleMachineDiscovery.class,
+        AuthInterceptor.class })
 public class GatewayFlowRuleControllerTest {
 
     private static final String TEST_APP = "test_app";