diff --git a/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/securityPolicy/SecurityPolicyAccessController.java b/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/securityPolicy/SecurityPolicyAccessController.java
index b7f54f2df..42277ecae 100644
--- a/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/securityPolicy/SecurityPolicyAccessController.java
+++ b/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/securityPolicy/SecurityPolicyAccessController.java
@@ -14,7 +14,7 @@
  */
 package com.huaweicloud.governance.authentication.securityPolicy;
 
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -49,6 +49,9 @@ public boolean isAllowed(AuthRequestExtractor extractor) throws Exception {
     if (StringUtils.isEmpty(currentServiceName)) {
       currentServiceName = authenticationAdapter.getServiceName(extractor.serviceId());
     }
+    if (StringUtils.isEmpty(securityPolicyProperties.getMode())) {
+      return true;
+    }
     return checkAllowAndDeny(currentServiceName, extractor);
   }
 
diff --git a/spring-cloud-huawei-governance/src/test/java/com/huaweicloud/governance/authentication/securityPolicy/SecurityPolicyAccessControllerTest.java b/spring-cloud-huawei-governance/src/test/java/com/huaweicloud/governance/authentication/securityPolicy/SecurityPolicyAccessControllerTest.java
index ef0186a27..34740edd9 100644
--- a/spring-cloud-huawei-governance/src/test/java/com/huaweicloud/governance/authentication/securityPolicy/SecurityPolicyAccessControllerTest.java
+++ b/spring-cloud-huawei-governance/src/test/java/com/huaweicloud/governance/authentication/securityPolicy/SecurityPolicyAccessControllerTest.java
@@ -34,6 +34,7 @@
 import com.huaweicloud.governance.authentication.AuthRequestExtractor;
 import com.huaweicloud.governance.authentication.AuthRequestExtractorUtils;
 import com.huaweicloud.governance.authentication.AuthenticationAdapter;
+import com.huaweicloud.governance.authentication.Const;
 import com.huaweicloud.governance.authentication.securityPolicy.SecurityPolicyProperties.Action;
 import com.huaweicloud.governance.authentication.securityPolicy.SecurityPolicyProperties.ConfigurationItem;
 
@@ -554,6 +555,19 @@ public void testUriSuffixNotMatch() throws Exception {
         .isAllowed(extractor));
   }
 
+  @Test
+  public void testPolicyIsNull() throws Exception {
+    AuthRequestExtractor extractor = createAuthRequestExtractor("/checkTokenPer/security/checkTokenSfu");
+    Assertions.assertTrue(getNoSettingAccessController()
+        .isAllowed(extractor));
+  }
+
+  private SecurityPolicyAccessController getNoSettingAccessController() {
+    securityPolicyProperties.setAction(null);
+    securityPolicyProperties.setMode(null);
+    return new SecurityPolicyAccessController(authenticationAdapter, securityPolicyProperties);
+  }
+
   private SecurityPolicyAccessController getAllowAccessController(String mode) {
     Action action = new Action();
     action.setAllow(buildAllow());