diff --git a/connect.py b/connect.py
index e84aa141e..d16d9d7b6 100644
--- a/connect.py
+++ b/connect.py
@@ -19,9 +19,10 @@ import struct, fcntl, signal, socket, select
 os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings'
 if django.get_version() != '1.6':
     django.setup()
+from django.contrib.sessions.models import Session
 from jumpserver.api import ServerError, User, Asset, PermRole, AssetGroup, get_object, mkdir, get_asset_info, get_role
 from jumpserver.api import logger, Log, TtyLog, get_role_key
-from jperm.perm_api import gen_resource, get_group_asset_perm, get_group_user_perm
+from jperm.perm_api import gen_resource, get_group_asset_perm, get_group_user_perm, user_have_perm
 from jumpserver.settings import LOG_DIR
 from jperm.ansible_api import Command
 
diff --git a/jlog/views.py b/jlog/views.py
index 0e3ee2ade..d5f38852d 100644
--- a/jlog/views.py
+++ b/jlog/views.py
@@ -104,10 +104,7 @@ def log_record(request):
 
 
 def web_terminal(request):
-    #username = get_session.get('username', '')
-    token = request.COOKIES.get('sessionid')
-    username = request.user.username
-    asset_name = '127.0.0.1'
-    web_terminal_uri = 'ws://%s/terminal?username=%s&asset_name=%s&token=%s' % (WEB_SOCKET_HOST, username, asset_name, token)
+    asset_id = 15
+    web_terminal_uri = 'ws://%s/terminal?asset_id=%s' % (WEB_SOCKET_HOST, asset_id)
     return render_to_response('jlog/web_terminal.html', locals())
 
diff --git a/jperm/perm_api.py b/jperm/perm_api.py
index f79040c60..2bd6de632 100644
--- a/jperm/perm_api.py
+++ b/jperm/perm_api.py
@@ -132,6 +132,15 @@ def get_group_asset_perm(ob):
     return perm
 
 
+def user_have_perm(user, asset):
+    user_perm_all = get_group_user_perm(user)
+    user_assets = user_perm_all.get('asset').keys()
+    if asset in user_assets:
+        return user_perm_all.get('asset').get(asset).get('role')
+    else:
+        return False
+
+
 def gen_resource(ob, ex='', perm=None):
     """
     ob为用户或资产列表或资产queryset, 如果同时输入用户和资产，则获取用户在这些资产上的信息
diff --git a/run_websocket.py b/run_websocket.py
index bb8a0a8ff..d2b76e36c 100644
--- a/run_websocket.py
+++ b/run_websocket.py
@@ -23,7 +23,7 @@ from pyinotify import WatchManager, Notifier, ProcessEvent, IN_DELETE, IN_CREATE
 import select
 
 from connect import Tty, User, Asset, PermRole
-from connect import TtyLog, Log
+from connect import TtyLog, Log, Session, user_have_perm
 
 try:
     import simplejson as json
@@ -37,14 +37,44 @@ define("host", default='0.0.0.0', help="run port on", type=str)
 
 def require_auth(func):
     def _deco(request, *args, **kwargs):
-        username = request.get_argument('username', '')
-        asset_name = request.get_argument('asset_name', '')
-        token = request.get_argument('token', '')
-        print username, asset_name, token
-        client = tornado.httpclient.HTTPClient()
-        # response = client.fetch('http://some/url') + urllib.urlencode({'username': username,
-        #                                                                'asset_name': asset_name, 'token': token})
-        # return request.close()
+        if request.get_cookie('sessionid'):
+            session_key = request.get_cookie('sessionid')
+        else:
+            session_key = request.get_secure_cookie('sessionid')
+
+        print "session: " + session_key
+
+        if not session_key:
+            print('Auth Failed')
+            request.close()
+
+        session = Session.objects.filter(session_key=session_key)
+        if not session:
+            print('Auth Failed')
+            request.close()
+        else:
+            session = session[0]
+        uid = session.get_decoded().get('_auth_user_id')
+        user = User.objects.filter(id=uid)
+        asset_id = request.get_argument('asset_id', 9999)
+
+        asset = Asset.objects.filter(id=asset_id)
+        if asset:
+            asset = asset[0]
+            request.asset = asset
+            role = user_have_perm(user, asset)
+            request.role = role
+        else:
+            role = ''
+
+        if user:
+            user = user[0]
+            request.user = user
+
+        else:
+            print("No session user.")
+            request.close()
+
         return func(request, *args, **kwargs)
     return _deco
 
@@ -200,6 +230,8 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
         self.log_time_f = None
         self.log = None
         self.id = 0
+        self.asset = None
+        self.user = None
         super(WebTerminalHandler, self).__init__(*args, **kwargs)
 
     def check_origin(self, origin):
@@ -207,10 +239,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
 
     @require_auth
     def open(self):
-        asset_name = self.get_argument('asset_name', '')
-        username = self.get_argument('username', '')
-        token = self.get_argument('token', '')
-        print asset_name, username, token
+        print self.user, self.asset
         user = User.objects.get(username='lastimac')
         asset = Asset.objects.get(ip='192.168.244.129')
         role = PermRole.objects.get(name='dev')