diff --git a/server/zyjblogs-gateway/src/main/java/cn/zyjblogs/config/replay/AntiReplayProperties.java b/server/zyjblogs-gateway/src/main/java/cn/zyjblogs/config/replay/AntiReplayProperties.java
index e874063..0f304ec 100644
--- a/server/zyjblogs-gateway/src/main/java/cn/zyjblogs/config/replay/AntiReplayProperties.java
+++ b/server/zyjblogs-gateway/src/main/java/cn/zyjblogs/config/replay/AntiReplayProperties.java
@@ -15,11 +15,10 @@ public class AntiReplayProperties {
     /**
      * 是否启用防重放验证
      */
-    private Boolean enabled = true;
+    private Boolean enabled = false;
 
     private Boolean signEnabled = false;
 
-
     /**
      * 请求ID 防止重放
      */
@@ -31,6 +30,11 @@ public class AntiReplayProperties {
 
     private String sign = "sign";
 
+    private String key = "x-ca-key";
+
+    private String signMethod = "x-ca-signature-method";
+    private String signHeaders = "X-Ca-Signature-Headers";
+
     private Long expireTime = 120L;
 
 }
diff --git a/server/zyjblogs-rbac/src/main/resources/bootstrap-test.yml b/server/zyjblogs-rbac/src/main/resources/bootstrap-test.yml
index ca0d427..d0e884a 100644
--- a/server/zyjblogs-rbac/src/main/resources/bootstrap-test.yml
+++ b/server/zyjblogs-rbac/src/main/resources/bootstrap-test.yml
@@ -1,8 +1,7 @@
 zyjblogs:
   config:
     nacos:
-      host: ${ZYJBLOGS_CONFIG_NACOS_HOST:127.0.0.1}
-      port: ${ZYJBLOGS_CONFIG_NACOS_PORT:8848}
+      host: ${ZYJBLOGS_CONFIG_NACOS_HOST:zyjblogs.cn}
+      port: ${ZYJBLOGS_CONFIG_NACOS_PORT:9999}
       username: ${ZYJBLOGS_CONFIG_NACOS_USERNAME:nacos}
-      password: ${ZYJBLOGS_CONFIG_NACOS_PASSWORD:nacos}
-
+      password: ${ZYJBLOGS_CONFIG_NACOS_PASSWORD:1317453947ju}
\ No newline at end of file
diff --git a/starter/zyjblogs-common-spring-boot-starter/src/main/java/cn/zyjblogs/starter/common/entity/constant/HttpConstant.java b/starter/zyjblogs-common-spring-boot-starter/src/main/java/cn/zyjblogs/starter/common/entity/constant/HttpConstant.java
new file mode 100644
index 0000000..4205030
--- /dev/null
+++ b/starter/zyjblogs-common-spring-boot-starter/src/main/java/cn/zyjblogs/starter/common/entity/constant/HttpConstant.java
@@ -0,0 +1,30 @@
+package cn.zyjblogs.starter.common.entity.constant;
+
+public class HttpConstant {
+
+    //请求Header Accept
+    public static final String CLOUDAPI_HTTP_HEADER_ACCEPT = "accept";
+    //请求Body内容MD5 Header
+    public static final String CLOUDAPI_HTTP_HEADER_CONTENT_MD5 = "content-md5";
+    //请求Body内容MD5 Header
+    public static final String CLOUDAPI_HTTP_HEADER_CA_CONTENT_MD5 = "x-ca-content-md5";
+    //请求Header Content-Type
+    public static final String CLOUDAPI_HTTP_HEADER_CONTENT_TYPE = "content-type";
+    //请求Header UserAgent
+    public static final String CLOUDAPI_HTTP_HEADER_USER_AGENT = "user-agent";
+    //请求Header Date
+    public static final String CLOUDAPI_HTTP_HEADER_DATE = "date";
+    //请求Header Host
+    public static final String CLOUDAPI_HTTP_HEADER_HOST = "host";
+
+    //表单类型Content-Type
+    public static final String CLOUDAPI_CONTENT_TYPE_FORM = "application/x-www-form-urlencoded; charset=utf-8";
+    // 流类型Content-Type
+    public static final String CLOUDAPI_CONTENT_TYPE_STREAM = "application/octet-stream; charset=utf-8";
+    //JSON类型Content-Type
+    public static final String CLOUDAPI_CONTENT_TYPE_JSON = "application/json; charset=utf-8";
+    //XML类型Content-Type
+    public static final String CLOUDAPI_CONTENT_TYPE_XML = "application/xml; charset=utf-8";
+    //文本类型Content-Type
+    public static final String CLOUDAPI_CONTENT_TYPE_TEXT = "application/text; charset=utf-8";
+}
diff --git a/starter/zyjblogs-oauth-spring-boot-starter/src/main/java/cn/zyjblogs/starter/oauth/token/TokenConfig.java b/starter/zyjblogs-oauth-spring-boot-starter/src/main/java/cn/zyjblogs/starter/oauth/token/TokenConfig.java
index 8d3a906..ed6a432 100644
--- a/starter/zyjblogs-oauth-spring-boot-starter/src/main/java/cn/zyjblogs/starter/oauth/token/TokenConfig.java
+++ b/starter/zyjblogs-oauth-spring-boot-starter/src/main/java/cn/zyjblogs/starter/oauth/token/TokenConfig.java
@@ -1,7 +1,9 @@
 package cn.zyjblogs.starter.oauth.token;
 
+import cn.zyjblogs.crypto.sm2.SM2KeyPair;
 import cn.zyjblogs.starter.common.autoconfigure.rsa.RsaKeyProperties;
 import cn.zyjblogs.starter.common.entity.constant.CommonRedisKeyConstant;
+import cn.zyjblogs.starter.common.utils.string.StringUtils;
 import cn.zyjblogs.starter.redis.utils.RedisTemplateHandler;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.log4j.Log4j2;
@@ -14,7 +16,6 @@ import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
 import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
 import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
 
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
@@ -48,25 +49,35 @@ public class TokenConfig {
         return new JwtTokenStore(accessTokenConverter());
     }
 
+    @Bean("sm2KeyPair")
+    public SM2KeyPair sm2KeyPair() {
+        String publicKey = "";
+        String privateKey = "";
+        try {
+            publicKey = redisTemplateHandler.get(CommonRedisKeyConstant.REDIS_KEY_PUBLIC_RSA);
+            privateKey = redisTemplateHandler.get(CommonRedisKeyConstant.REDIS_KEY_PRIVATE_RSA);
+        } catch (Exception e) {
+            log.error("redis连接失败,无法获取数据");
+        }
+        if (StringUtils.isEmpty(publicKey) || StringUtils.isEmpty(privateKey)) {
+            try {
+                publicKey = IOUtils.toString(Paths.get(rsaKeyProperties.getPubKeyPath()).toUri(), StandardCharsets.UTF_8);
+                privateKey = IOUtils.toString(Paths.get(rsaKeyProperties.getPriKeyPath()).toUri(), StandardCharsets.UTF_8);
+            } catch (IOException e) {
+                throw new RuntimeException(StringUtils.format("rsa秘钥读取失败，读取路径如下 公钥:{} 私钥:{}" + rsaKeyProperties.getPubKeyPath(), rsaKeyProperties.getPriKeyPath()));
+            }
+            return new SM2KeyPair(publicKey, privateKey);
+        }
+        return new SM2KeyPair(publicKey, privateKey);
+    }
+
     @Bean
     public JwtAccessTokenConverter accessTokenConverter() {
         JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
         if (rsaKeyProperties.getEnable()) {
-            String publicKey="";
-            try{
-                publicKey = redisTemplateHandler.get(CommonRedisKeyConstant.REDIS_KEY_PUBLIC_RSA);
-            }catch (Exception e){
-                log.error("redis连接失败,无法获取数据");
-            }
-            if (!StringUtils.hasLength(publicKey)) {
-                try {
-                    publicKey = IOUtils.toString(Paths.get(rsaKeyProperties.getPubKeyPath()).toUri(), StandardCharsets.UTF_8);
-                } catch (IOException e) {
-                    throw new RuntimeException("rsa秘钥读取失败，读取路径如下"+rsaKeyProperties.getPubKeyPath());
-                }
-            }
+            SM2KeyPair rsaKey = sm2KeyPair();
             // 公钥验签
-            converter.setVerifierKey(publicKey);
+            converter.setVerifierKey(rsaKey.getPublicKey());
         }
         Assert.notNull(oauthAccessTokenConverter, "oauthAccessTokenConverter is required");
         converter.setAccessTokenConverter(oauthAccessTokenConverter);