diff --git a/catch/permissions/middleware/PermissionsMiddleware.php b/catch/permissions/middleware/PermissionsMiddleware.php
index 663a8cc..9d0cbde 100644
--- a/catch/permissions/middleware/PermissionsMiddleware.php
+++ b/catch/permissions/middleware/PermissionsMiddleware.php
@@ -32,6 +32,7 @@ class PermissionsMiddleware
 
         // 模块忽略
         [$module, $controller, $action] = Utils::parseRule($rule);
+
         // toad
         if (in_array($module, $this->ignoreModule())) {
             return $next($request);
@@ -42,11 +43,11 @@ class PermissionsMiddleware
             throw new PermissionForbiddenException('Login is invalid', Code::LOST_LOGIN);
         }
         // 超级管理员
-        if ($request->user()->id === config('catch.permissions.super_admin_id')) {
+        if (Utils::isSuperAdmin()) {
             return $next($request);
         }
         // Get 请求
-        if ($request->isGet() && config('catch.permissions.is_allow_get')) {
+        if ($this->allowGet($request)) {
             return $next($request);
         }
         // 判断权限
@@ -106,4 +107,21 @@ class PermissionsMiddleware
             'permission' => $permission,
         ]);
     }
+
+    /**
+     * get allow
+     *
+     * @time 2020年10月12日
+     * @param $request
+     * @return bool
+     * @throws \ReflectionException
+     */
+    protected function allowGet($request)
+    {
+        if (Utils::isMethodNeedAuth($request->rule()->getName())) {
+            return false;
+        }
+
+        return $request->isGet() && config('catch.permissions.is_allow_get');
+    }
 }
diff --git a/config/catch.php b/config/catch.php
index 42fdf77..1ba1823 100644
--- a/config/catch.php
+++ b/config/catch.php
@@ -22,6 +22,14 @@ return [
         *
         */
         'super_admin_id' => 1,
+
+        /**
+         * 方法认证标记
+         *
+         * 尽量使用唯以字符
+         *
+         */
+        'method_auth_mark' => '@CatchAuth'
     ],
     /**
     *  auth 认证
diff --git a/extend/catcher/Utils.php b/extend/catcher/Utils.php
index ba816a9..78cca70 100644
--- a/extend/catcher/Utils.php
+++ b/extend/catcher/Utils.php
@@ -119,6 +119,25 @@ class Utils
         return [$module, $controllerName, $action];
     }
 
+
+    /**
+     * get controller & action
+     *
+     * @time 2020年10月12日
+     * @param $rule
+     * @return false|string[]
+     * @throws \ReflectionException
+     */
+    public static function isMethodNeedAuth($rule)
+    {
+        list($controller, $action) = explode(Str::contains($rule, '@') ? '@' : '/', $rule);
+
+        $docComment = (new \ReflectionClass($controller))->getMethod($action)->getDocComment();
+
+        return strpos($docComment, config('catch.permissions.method_auth_mark')) !== false;
+    }
+
+
     /**
      * 表前缀
      *