diff --git a/src/main/java/dev/surl/surl/filter/UsernamePasswordAuthenticationCheckFilter.kt b/src/main/java/dev/surl/surl/filter/UsernamePasswordAuthenticationCheckFilter.kt
index f95e420..2fe0011 100644
--- a/src/main/java/dev/surl/surl/filter/UsernamePasswordAuthenticationCheckFilter.kt
+++ b/src/main/java/dev/surl/surl/filter/UsernamePasswordAuthenticationCheckFilter.kt
@@ -44,10 +44,12 @@ class UsernamePasswordAuthenticationCheckFilter(
      */
     override fun attemptAuthentication(request: HttpServletRequest?, response: HttpServletResponse?): Authentication {
         request ?: throw IllegalArgumentException("request is null")
-        val userDto = request.run {
-            om.readValue(String(inputStream.readAllBytes(), StandardCharsets.UTF_8), UserDto::class.java)
+        val body = String(request.inputStream.readAllBytes(), StandardCharsets.UTF_8)
+        val userDto = try {
+            om.readValue(body, UserDto::class.java)
+        } catch (e: Exception) {
+            throw object : AuthenticationException("request body is invalid", e) {}
         }
-
         // 尝试验证登录信息
         try {
             validate(userDto, validator)