Merge branch 'master' into master_dev_lyp

2026-06-14 03:28:17 +08:00 · 2020-11-10 12:19:10 +08:00
parent d2af3d8fa7 d96247e741
commit c2a64d0737
201 changed files with 13529 additions and 2822 deletions
--- a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
@@ -17,6 +17,8 @@

 package org.maxkey.authn;

+import java.util.ArrayList;
+import org.maxkey.authn.online.OnlineTicketServices;
 import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.configuration.ApplicationConfig;
@@ -34,7 +36,8 @@ import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
-
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 /**
 * login Authentication abstract class.
 * 
@@ -60,12 +63,22 @@ public abstract class AbstractAuthenticationProvider {
    @Autowired
    @Qualifier("remeberMeService")
    protected AbstractRemeberMeService remeberMeService;
+    
+    @Autowired
+    @Qualifier("onlineTicketServices")
+    protected OnlineTicketServices onlineTicketServices;
+    
+    static  ArrayList<GrantedAuthority> grantedAdministratorsAuthoritys = new ArrayList<GrantedAuthority>();
+    
+    static {
+        grantedAdministratorsAuthoritys.add(new SimpleGrantedAuthority("ROLE_ADMINISTRATORS"));
+    }

    protected abstract String getProviderName();

-    protected abstract Authentication doInternalAuthenticate(Authentication authentication);
+    protected abstract Authentication doInternalAuthenticate(LoginCredential authentication);
    
-    public abstract Authentication basicAuthenticate(Authentication authentication) ;
+    public abstract Authentication basicAuthenticate(LoginCredential authentication) ;

    public abstract Authentication trustAuthentication(
                                    String username, 
@@ -83,17 +96,18 @@ public abstract class AbstractAuthenticationProvider {
     * authenticate .
     * 
     */
-    public Authentication authenticate(Authentication authentication) 
+    public Authentication authenticate(LoginCredential loginCredential) 
            throws AuthenticationException {
        _logger.debug("Trying to authenticate user '{}' via {}", 
-                authentication.getPrincipal(), getProviderName());
-
+                loginCredential.getPrincipal(), getProviderName());
+        Authentication authentication = null;
        try {
-            authentication = doInternalAuthenticate(authentication);
+            authentication = doInternalAuthenticate(loginCredential);
        } catch (AuthenticationException e) {
            _logger.error("Failed to authenticate user {} via {}: {}",
-                    new Object[] { 
-                            authentication.getPrincipal(), getProviderName(), e.getMessage() });
+                    new Object[] {  loginCredential.getPrincipal(),
+                                    getProviderName(),
+                                    e.getMessage() });
            WebContext.setAttribute(
                    WebConstants.LOGIN_ERROR_SESSION_MESSAGE, e.getMessage());
        } catch (Exception e) {
@@ -116,7 +130,7 @@ public abstract class AbstractAuthenticationProvider {
        
        final Object firstSavedRequest =
                WebContext.getAttribute(WebConstants.FIRST_SAVED_REQUEST_PARAMETER);
-        
+        //change Session
        WebContext.getSession().invalidate();
        WebContext.setAttribute(
                WebConstants.CURRENT_USER_SESSION_ID, WebContext.getSession().getId());
@@ -132,14 +146,7 @@ public abstract class AbstractAuthenticationProvider {
        WebContext.getSession().setAttribute(
                WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE, passwordSetType);

-        // create new authentication response containing the user and it's authorities
-        UsernamePasswordAuthenticationToken simpleUserAuthentication = 
-                new UsernamePasswordAuthenticationToken(
-                        userInfo.getUsername(), 
-                        authentication.getCredentials(), 
-                        authentication.getAuthorities()
-                );
-        return simpleUserAuthentication;
+        return authentication;
    }

    /**
@@ -251,6 +258,7 @@ public abstract class AbstractAuthenticationProvider {
            } else {
                _logger.debug("User Login. ");
            }
+            
        }

        return userInfo;
@@ -310,4 +318,26 @@ public abstract class AbstractAuthenticationProvider {
        return true;
    }

+    public void setApplicationConfig(ApplicationConfig applicationConfig) {
+        this.applicationConfig = applicationConfig;
+    }
+
+    public void setAuthenticationRealm(AbstractAuthenticationRealm authenticationRealm) {
+        this.authenticationRealm = authenticationRealm;
+    }
+
+    public void setTfaOptAuthn(AbstractOptAuthn tfaOptAuthn) {
+        this.tfaOptAuthn = tfaOptAuthn;
+    }
+
+    public void setRemeberMeService(AbstractRemeberMeService remeberMeService) {
+        this.remeberMeService = remeberMeService;
+    }
+
+    public void setOnlineTicketServices(OnlineTicketServices onlineTicketServices) {
+        this.onlineTicketServices = onlineTicketServices;
+    }
+    
+    
+
 }
--- a/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java
@@ -1,31 +1,17 @@
-/*
- * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
- * 
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- *     http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- 
-
 package org.maxkey.authn;

 import java.util.ArrayList;
 import java.util.Collection;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;

-
-public class BasicAuthentication implements Authentication {
-    private static final long serialVersionUID = -110742975439268030L;
+public class LoginCredential  implements Authentication {
+    
+    /**
+     * 
+     */
+    private static final long serialVersionUID = 3125709257481600320L;
    String username;
    String password;
    String sessionId;
@@ -34,32 +20,29 @@ public class BasicAuthentication implements Authentication {
    String remeberMe;
    String authType;
    String jwtToken;
+    String onlineTicket;
    ArrayList<GrantedAuthority> grantedAuthority;
    boolean authenticated;
+    boolean roleAdministrators;

    /**
     * BasicAuthentication.
     */
-    public BasicAuthentication() {
-        grantedAuthority = new ArrayList<GrantedAuthority>();
-        grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER"));
-        grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER"));
+    public LoginCredential() {
    }

    /**
     * BasicAuthentication.
     */
-    public BasicAuthentication(String username,String password,String authType) {
+    public LoginCredential(String username,String password,String authType) {
        this.username = username;
        this.password = password;
        this.authType = authType;
-        grantedAuthority = new ArrayList<GrantedAuthority>();
-        grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER"));
-        grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER"));
    }
+    
    @Override
    public String getName() {
-        return "Basic Authentication";
+        return "Login Credential";
    }

    @Override
@@ -166,6 +149,22 @@ public class BasicAuthentication implements Authentication {
        this.grantedAuthority = grantedAuthority;
    }

+    public String getOnlineTicket() {
+        return onlineTicket;
+    }
+
+    public void setOnlineTicket(String onlineTicket) {
+        this.onlineTicket = onlineTicket;
+    }
+
+    public boolean isRoleAdministrators() {
+        return roleAdministrators;
+    }
+
+    public void setRoleAdministrators(boolean roleAdministrators) {
+        this.roleAdministrators = roleAdministrators;
+    }
+
    @Override
    public String toString() {
        StringBuilder builder = new StringBuilder();
--- a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
@@ -17,6 +17,9 @@

 package org.maxkey.authn;

+import java.util.ArrayList;
+
+import org.maxkey.authn.online.OnlineTicket;
 import org.maxkey.domain.UserInfo;
 import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
@@ -25,6 +28,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
@@ -44,46 +48,40 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
    }

    @Override
-    protected Authentication doInternalAuthenticate(Authentication authentication) {
-        BasicAuthentication auth = (BasicAuthentication)authentication;
+    protected Authentication doInternalAuthenticate(LoginCredential loginCredential) {

-        _logger.debug("authentication " + auth);
+        _logger.debug("authentication " + loginCredential);

-        sessionValid(auth.getSessionId());
+        sessionValid(loginCredential.getSessionId());

        //jwtTokenValid(j_jwtToken);

-        authTypeValid(auth.getAuthType());
+        authTypeValid(loginCredential.getAuthType());

-        captchaValid(auth.getCaptcha(),auth.getAuthType());
+        captchaValid(loginCredential.getCaptcha(),loginCredential.getAuthType());

-        emptyPasswordValid(auth.getPassword());
+        emptyPasswordValid(loginCredential.getPassword());

        UserInfo userInfo = null;

-        emptyUsernameValid(auth.getUsername());
+        emptyUsernameValid(loginCredential.getUsername());

-        userInfo =  loadUserInfo(auth.getUsername(),auth.getPassword());
+        userInfo =  loadUserInfo(loginCredential.getUsername(),loginCredential.getPassword());

-        userinfoValid(userInfo, auth.getPassword());
+        userinfoValid(userInfo, loginCredential.getPassword());

-        tftcaptchaValid(auth.getOtpCaptcha(),auth.getAuthType(),userInfo);
+        tftcaptchaValid(loginCredential.getOtpCaptcha(),loginCredential.getAuthType(),userInfo);

        authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);

-        authenticationRealm.passwordMatches(userInfo, auth.getPassword());
-        authenticationRealm.grantAuthority(userInfo);
-        /*
-         *  put userInfo to current session context
-         */
-        WebContext.setUserInfo(userInfo);
-
-        auth.setAuthenticated(true);
-
-        if (auth.isAuthenticated() && applicationConfig.getLoginConfig().isRemeberMe()) {
-            if (auth.getRemeberMe() != null && auth.getRemeberMe().equals("remeberMe")) {
+        authenticationRealm.passwordMatches(userInfo, loginCredential.getPassword());
+        
+        UsernamePasswordAuthenticationToken authenticationToken = setOnline(loginCredential,userInfo);
+        //RemeberMe Config check then set  RemeberMe cookies
+        if (applicationConfig.getLoginConfig().isRemeberMe()) {
+            if (loginCredential.getRemeberMe() != null && loginCredential.getRemeberMe().equals("remeberMe")) {
                WebContext.getSession().setAttribute(
-                        WebConstants.REMEBER_ME_SESSION,auth.getUsername());
+                        WebConstants.REMEBER_ME_SESSION,loginCredential.getUsername());
                _logger.debug("do Remeber Me");
                remeberMeService.createRemeberMe(
                        userInfo.getUsername(), 
@@ -93,43 +91,24 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
                );
            }
        }
-
-        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
-                new UsernamePasswordAuthenticationToken(
-                auth,
-                "PASSWORD",
-                authenticationRealm.grantAuthority(userInfo));
-        usernamePasswordAuthenticationToken.setDetails(
-                new WebAuthenticationDetails(WebContext.getRequest()));
-
-        return usernamePasswordAuthenticationToken;
+        
+        return  authenticationToken;
    }
    
    @Override
-    public Authentication basicAuthenticate(Authentication authentication) {
-        BasicAuthentication basicAuth = (BasicAuthentication) authentication;
-        UserInfo loadeduserInfo = loadUserInfo(basicAuth.getUsername(), "");
+    public Authentication basicAuthenticate(LoginCredential loginCredential) {
+        UserInfo loadeduserInfo = loadUserInfo(loginCredential.getUsername(), "");
        if (loadeduserInfo != null) {
-
-            authenticationRealm.passwordMatches(loadeduserInfo, basicAuth.getPassword());
+            authenticationRealm.passwordMatches(loadeduserInfo, loginCredential.getPassword());

            authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(loadeduserInfo);

-            WebContext.setUserInfo(loadeduserInfo);
-
-            authentication.setAuthenticated(true);
-
-            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
-                    authentication, "PASSWORD", authenticationRealm.grantAuthority(loadeduserInfo));
-
-            WebContext.setAuthentication(authenticationToken);
-            WebContext.setUserInfo(loadeduserInfo);
-            authenticationRealm.insertLoginHistory(loadeduserInfo, basicAuth.getAuthType(), "", "", "SUCCESS");
-
-            return authenticationToken;
+            authenticationRealm.insertLoginHistory(loadeduserInfo, loginCredential.getAuthType(), "", "", "SUCCESS");
+                        
+            return setOnline(loginCredential,loadeduserInfo);
        }else {
            String message = WebContext.getI18nValue("login.error.username");
-            _logger.debug("login user  " + basicAuth.getUsername() + " not in this System ." + message);
+            _logger.debug("login user  " + loginCredential.getUsername() + " not in this System ." + message);
            throw new BadCredentialsException(WebContext.getI18nValue("login.error.username"));
        }
    }
@@ -151,28 +130,71 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
                                            String message) {
        UserInfo loadeduserInfo = loadUserInfo(username, "");
        if (loadeduserInfo != null) {
-            WebContext.setUserInfo(loadeduserInfo);
-            BasicAuthentication authentication = new BasicAuthentication();
-            authentication.setUsername(loadeduserInfo.getUsername());
-            UsernamePasswordAuthenticationToken authenticationToken =
-                    new UsernamePasswordAuthenticationToken(
-                            authentication, 
-                            "PASSWORD", 
-                            authenticationRealm.grantAuthority(loadeduserInfo)
-                    );
-
-            authentication.setAuthenticated(true);
-            WebContext.setAuthentication(authenticationToken);
-            WebContext.setUserInfo(loadeduserInfo);
-
+            LoginCredential loginCredential = new LoginCredential();
+            loginCredential.setUsername(loadeduserInfo.getUsername());
+            
            authenticationRealm.insertLoginHistory(loadeduserInfo, type, provider, code, message);
            
-            return authenticationToken;
+            return setOnline(loginCredential,loadeduserInfo);
        }else {
            String i18nMessage = WebContext.getI18nValue("login.error.username");
            _logger.debug("login user  " + username + " not in this System ." + i18nMessage);
            throw new BadCredentialsException(WebContext.getI18nValue("login.error.username"));
        }
    }
+    
+    public UsernamePasswordAuthenticationToken setOnline(LoginCredential credential,UserInfo userInfo) {
+        //Online Tickit Id
+        String onlineTickitId = WebConstants.ONLINE_TICKET_PREFIX + "-" + java.util.UUID.randomUUID().toString().toLowerCase();
+        _logger.debug("set online Tickit Cookie " + onlineTickitId + " on domain "+ this.applicationConfig.getBaseDomainName());
+        
+        OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId);
+        
+        
+        WebContext.setCookie(WebContext.getResponse(), 
+                this.applicationConfig.getBaseDomainName(), 
+                WebConstants.ONLINE_TICKET_NAME, 
+                onlineTickitId, 
+                0);
+        
+        SigninPrincipal signinPrincipal = new SigninPrincipal(userInfo);
+        //set OnlineTicket
+        signinPrincipal.setOnlineTicket(onlineTicket);
+        ArrayList<GrantedAuthority> grantedAuthoritys = authenticationRealm.grantAuthority(userInfo);
+        signinPrincipal.setAuthenticated(true);
+        
+        for(GrantedAuthority administratorsAuthority : grantedAdministratorsAuthoritys) {
+            if(grantedAuthoritys.contains(administratorsAuthority)) {
+                signinPrincipal.setRoleAdministrators(true);
+                _logger.trace("ROLE ADMINISTRATORS Authentication .");
+            }
+        }
+        _logger.debug("Granted Authority " + grantedAuthoritys);
+        
+        signinPrincipal.setGrantedAuthorityApps(authenticationRealm.queryAuthorizedApps(grantedAuthoritys));
+        
+        UsernamePasswordAuthenticationToken authenticationToken =
+                new UsernamePasswordAuthenticationToken(
+                        signinPrincipal, 
+                        "PASSWORD", 
+                        grantedAuthoritys
+                );
+        
+        authenticationToken.setDetails(
+                new WebAuthenticationDetails(WebContext.getRequest()));
+        
+        onlineTicket.setAuthentication(authenticationToken);
+        
+        this.onlineTicketServices.store(onlineTickitId, onlineTicket);
+        
+        /*
+         *  put userInfo to current session context
+         */
+        WebContext.setAuthentication(authenticationToken);
+        
+        WebContext.setUserInfo(userInfo);
+        
+        return authenticationToken;
+    }
  
 }
--- a/maxkey-core/src/main/java/org/maxkey/authn/SigninPrincipal.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/SigninPrincipal.java
@@ -0,0 +1,182 @@
+/*
+ * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+
+package org.maxkey.authn;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import org.maxkey.authn.online.OnlineTicket;
+import org.maxkey.domain.UserInfo;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+
+public class SigninPrincipal implements  UserDetails {
+    private static final long serialVersionUID = -110742975439268030L;
+    UserInfo userInfo;
+    
+    UserDetails userDetails;
+    
+    OnlineTicket onlineTicket;
+    ArrayList<GrantedAuthority> grantedAuthority;
+    ArrayList<GrantedAuthority> grantedAuthorityApps;
+    boolean authenticated;
+    boolean roleAdministrators;
+
+    /**
+     * SigninPrincipal.
+     */
+    public SigninPrincipal() {
+    }
+    
+    /**
+     * SigninPrincipal.
+     */
+    public SigninPrincipal(UserInfo userInfo) {
+        this.userInfo = userInfo;
+        this.authenticated = true;
+    }
+    
+    /**
+     * SigninPrincipal.
+     */
+    public SigninPrincipal(UserDetails userDetails) {
+        this.userDetails = userDetails;
+        this.authenticated = true;
+    }
+
+    public UserInfo getUserInfo() {
+        return userInfo;
+    }
+
+    public void setUserInfo(UserInfo userInfo) {
+        this.userInfo = userInfo;
+    }
+
+    public boolean isAuthenticated() {
+        return authenticated;
+    }
+
+    public void setAuthenticated(boolean authenticated) {
+        this.authenticated = authenticated;
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return grantedAuthority;
+    }
+
+    public ArrayList<GrantedAuthority> getGrantedAuthority() {
+        return grantedAuthority;
+    }
+
+    public UserDetails getUserDetails() {
+        return userDetails;
+    }
+
+    public void setUserDetails(UserDetails userDetails) {
+        this.userDetails = userDetails;
+    }
+
+    public void setGrantedAuthority(ArrayList<GrantedAuthority> grantedAuthority) {
+        this.grantedAuthority = grantedAuthority;
+    }
+
+    public OnlineTicket getOnlineTicket() {
+        return onlineTicket;
+    }
+
+    public void setOnlineTicket(OnlineTicket onlineTicket) {
+        this.onlineTicket = onlineTicket;
+    }
+
+    public boolean isRoleAdministrators() {
+        return roleAdministrators;
+    }
+
+    public void setRoleAdministrators(boolean roleAdministrators) {
+        this.roleAdministrators = roleAdministrators;
+    }
+    
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return false;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return false;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return false;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return false;
+    }
+
+    public ArrayList<GrantedAuthority> getGrantedAuthorityApps() {
+        return grantedAuthorityApps;
+    }
+
+    public void setGrantedAuthorityApps(ArrayList<GrantedAuthority> grantedAuthorityApps) {
+        this.grantedAuthorityApps = grantedAuthorityApps;
+    }
+
+    @Override
+    public String getUsername() {
+        if(this.userInfo != null) {
+            return this.userInfo.getUsername();
+        }else {
+            return this.userDetails.getUsername();
+        }        
+    }
+    
+    @Override
+    public String getPassword() {
+        if(this.userInfo != null) {
+            return this.userInfo.getPassword();
+        }else {
+            return this.userDetails.getPassword();
+        }  
+    }
+
+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("SigninPrincipal [userInfo=");
+        builder.append(userInfo);
+        builder.append(", onlineTicket=");
+        builder.append(onlineTicket);
+        builder.append(", grantedAuthority=");
+        builder.append(grantedAuthority);
+        builder.append(", authenticated=");
+        builder.append(authenticated);
+        builder.append(", roleAdministrators=");
+        builder.append(roleAdministrators);
+        builder.append("]");
+        return builder.toString();
+    }
+
+
+
+}
--- a/maxkey-core/src/main/java/org/maxkey/authn/online/InMemoryOnlineTicketServices.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/online/InMemoryOnlineTicketServices.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+
+package org.maxkey.authn.online;
+
+import java.time.Duration;
+import java.time.LocalTime;
+
+import org.ehcache.UserManagedCache;
+import org.ehcache.config.builders.ExpiryPolicyBuilder;
+import org.ehcache.config.builders.UserManagedCacheBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+public class InMemoryOnlineTicketServices implements OnlineTicketServices{
+    private static final Logger _logger = LoggerFactory.getLogger(InMemoryOnlineTicketServices.class);
+    
+	protected  static  UserManagedCache<String, OnlineTicket> onlineTicketStore = 
+			UserManagedCacheBuilder.newUserManagedCacheBuilder(String.class, OnlineTicket.class)
+				.withExpiry(ExpiryPolicyBuilder.timeToLiveExpiration(Duration.ofMinutes(30)))
+				.build(true);
+
+	
+	public InMemoryOnlineTicketServices() {
+        super();
+    }
+
+    @Override
+	public void store(String ticketId, OnlineTicket ticket) {
+	    onlineTicketStore.put(ticketId, ticket);
+	}
+
+	@Override
+	public OnlineTicket remove(String ticketId) {
+	    OnlineTicket ticket=onlineTicketStore.get(ticketId);	
+	    onlineTicketStore.remove(ticketId);
+		return ticket;
+	}
+
+    @Override
+    public OnlineTicket get(String ticketId) {
+        OnlineTicket ticket=onlineTicketStore.get(ticketId); 
+        return ticket;
+    }
+
+    @Override
+    public void setValiditySeconds(int validitySeconds) {
+        onlineTicketStore = 
+                UserManagedCacheBuilder.
+                    newUserManagedCacheBuilder(String.class, OnlineTicket.class)
+                    .withExpiry(
+                            ExpiryPolicyBuilder.timeToLiveExpiration(
+                                    Duration.ofMinutes(validitySeconds/60))
+                     )
+                    .build(true);
+        
+    }
+
+    @Override
+    public void refresh(String ticketId,LocalTime refreshTime) {
+        OnlineTicket onlineTicket = get(ticketId);
+        onlineTicket.setTicketTime(refreshTime);
+        store(ticketId , onlineTicket);
+    }
+
+    @Override
+    public void refresh(String ticketId) {
+        OnlineTicket onlineTicket = get(ticketId);
+        
+        LocalTime currentTime = LocalTime.now();
+        Duration duration = Duration.between(currentTime, onlineTicket.getTicketTime());
+        
+        _logger.trace("OnlineTicket duration " + duration.getSeconds());
+        
+        if(duration.getSeconds() > OnlineTicket.MAX_EXPIRY_DURATION) {
+            onlineTicket.setTicketTime(currentTime);
+            refresh(ticketId,currentTime);
+        }
+    }
+
+}
--- a/maxkey-core/src/main/java/org/maxkey/authn/online/OnlineTicket.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/online/OnlineTicket.java
@@ -0,0 +1,101 @@
+package org.maxkey.authn.online;
+
+import java.io.Serializable;
+import java.time.LocalTime;
+import java.util.HashMap;
+
+import org.maxkey.domain.apps.Apps;
+import org.springframework.security.core.Authentication;
+
+public class OnlineTicket implements Serializable{
+
+    /**
+     * 
+     */
+    
+    public static final  int    MAX_EXPIRY_DURATION = 60 * 10; //default 10 minutes.
+    
+    private static final long   serialVersionUID = 9008067569150338296L;
+
+    public String ticketId;
+    
+    public LocalTime ticketTime;
+    
+    public Authentication authentication;
+    
+    private HashMap<String , Apps> authorizedApps = new HashMap<String , Apps>();
+    
+
+    public OnlineTicket(String ticketId) {
+        super();
+        this.ticketId = ticketId;
+        this.ticketTime = LocalTime.now();
+    }
+    
+    public OnlineTicket(String ticketId,Authentication authentication) {
+        super();
+        this.ticketId = ticketId;
+        this.authentication = authentication;
+        this.ticketTime = LocalTime.now();
+    }
+    
+    
+
+    public String getTicketId() {
+        return ticketId;
+    }
+
+
+
+    public void setTicketId(String ticketId) {
+        this.ticketId = ticketId;
+    }
+
+    
+    public LocalTime getTicketTime() {
+        return ticketTime;
+    }
+
+    public void setTicketTime(LocalTime ticketTime) {
+        this.ticketTime = ticketTime;
+    }
+
+    public Authentication getAuthentication() {
+        return authentication;
+    }
+
+
+
+    public void setAuthentication(Authentication authentication) {
+        this.authentication = authentication;
+    }
+
+  
+
+    public HashMap<String, Apps> getAuthorizedApps() {
+        return authorizedApps;
+    }
+
+
+
+    public void setAuthorizedApps(HashMap<String, Apps> authorizedApps) {
+        this.authorizedApps = authorizedApps;
+    }
+    
+    public void setAuthorizedApp(Apps authorizedApp) {
+        this.authorizedApps.put(authorizedApp.getId(), authorizedApp);
+    }
+
+
+
+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("OnlineTicket [ticketId=");
+        builder.append(ticketId);
+        builder.append("]");
+        return builder.toString();
+    }
+    
+    
+}
--- a/maxkey-core/src/main/java/org/maxkey/authn/online/OnlineTicketServices.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/online/OnlineTicketServices.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+
+package org.maxkey.authn.online;
+
+import java.time.LocalTime;
+
+public interface OnlineTicketServices {
+
+	public  void store(String ticketId, OnlineTicket ticket);
+
+    public  OnlineTicket remove(String ticket);
+    
+    public  OnlineTicket get(String ticketId);
+    
+    public void refresh(String ticketId ,LocalTime refreshTime);
+    
+    public void refresh(String ticketId);
+
+    public void setValiditySeconds(int validitySeconds);
+}
--- a/maxkey-core/src/main/java/org/maxkey/authn/online/RedisOnlineTicketServices.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/online/RedisOnlineTicketServices.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+
+package org.maxkey.authn.online;
+
+import java.time.Duration;
+import java.time.LocalTime;
+
+import org.maxkey.persistence.redis.RedisConnection;
+import org.maxkey.persistence.redis.RedisConnectionFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+public class RedisOnlineTicketServices implements OnlineTicketServices {
+    private static final Logger _logger = LoggerFactory.getLogger(RedisOnlineTicketServices.class);
+	
+	protected int serviceTicketValiditySeconds = 60 * 30; //default 30 minutes.
+	
+	RedisConnectionFactory connectionFactory;
+	
+	public static String PREFIX="REDIS_ONLINE_TICKET_";
+	/**
+	 * @param connectionFactory
+	 */
+	public RedisOnlineTicketServices(RedisConnectionFactory connectionFactory) {
+		super();
+		this.connectionFactory = connectionFactory;
+	}
+	
+	/**
+	 * 
+	 */
+	public RedisOnlineTicketServices() {
+		
+	}
+
+	public void setConnectionFactory(RedisConnectionFactory connectionFactory) {
+		this.connectionFactory = connectionFactory;
+	}
+
+	@Override
+	public void store(String ticketId, OnlineTicket ticket) {
+		RedisConnection conn=connectionFactory.getConnection();
+		conn.setexObject(PREFIX+ticketId, serviceTicketValiditySeconds, ticket);
+		conn.close();
+	}
+
+	@Override
+	public OnlineTicket remove(String ticketId) {
+		RedisConnection conn=connectionFactory.getConnection();
+		OnlineTicket ticket = conn.getObject(PREFIX+ticketId);
+		conn.delete(PREFIX+ticketId);
+		conn.close();
+		return ticket;
+	}
+
+    @Override
+    public OnlineTicket get(String ticketId) {
+        RedisConnection conn=connectionFactory.getConnection();
+        OnlineTicket ticket = conn.getObject(PREFIX+ticketId);
+        conn.close();
+        return ticket;
+    }
+
+    @Override
+    public void setValiditySeconds(int validitySeconds) {
+       this.serviceTicketValiditySeconds = validitySeconds;
+        
+    }
+
+    @Override
+    public void refresh(String ticketId,LocalTime refreshTime) {
+        OnlineTicket onlineTicket = get(ticketId);
+        onlineTicket.setTicketTime(refreshTime);
+        store(ticketId , onlineTicket);
+    }
+    
+    @Override
+    public void refresh(String ticketId) {
+        OnlineTicket onlineTicket = get(ticketId);
+        
+        LocalTime currentTime = LocalTime.now();
+        Duration duration = Duration.between(currentTime, onlineTicket.getTicketTime());
+        
+        _logger.trace("OnlineTicket duration " + duration.getSeconds());
+        
+        if(duration.getSeconds() > OnlineTicket.MAX_EXPIRY_DURATION) {
+            onlineTicket.setTicketTime(currentTime);
+            refresh(ticketId,currentTime);
+        }
+    }
+
+	
+}
--- a/maxkey-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java
@@ -110,6 +110,16 @@ public abstract class AbstractAuthenticationRealm {
    public ArrayList<GrantedAuthority> grantAuthority(UserInfo userInfo) {
        return loginService.grantAuthority(userInfo);
    }
+    
+    /**
+     * grant Authority by grantedAuthoritys
+     * 
+     * @param grantedAuthoritys
+     * @return ArrayList<GrantedAuthority Apps>
+     */
+    public ArrayList<GrantedAuthority> queryAuthorizedApps(ArrayList<GrantedAuthority> grantedAuthoritys) {
+        return loginService.queryAuthorizedApps(grantedAuthoritys);
+    }

    /**
     * login log write to log db
--- a/maxkey-core/src/main/java/org/maxkey/autoconfigure/ApplicationAutoConfiguration.java
+++ b/maxkey-core/src/main/java/org/maxkey/autoconfigure/ApplicationAutoConfiguration.java
@@ -27,10 +27,13 @@ import javax.sql.DataSource;
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.RealmAuthenticationProvider;
 import org.maxkey.authn.SavedRequestAwareAuthenticationSuccessHandler;
+import org.maxkey.authn.online.InMemoryOnlineTicketServices;
+import org.maxkey.authn.online.OnlineTicketServices;
+import org.maxkey.authn.online.RedisOnlineTicketServices;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.authn.support.rememberme.InMemoryRemeberMeService;
-import org.maxkey.authn.support.rememberme.JdbcRemeberMeService;
 import org.maxkey.authn.support.rememberme.RedisRemeberMeService;
+import org.maxkey.constants.ConstantsPersistence;
 import org.maxkey.constants.ConstantsProperties;
 import org.maxkey.crypto.keystore.KeyStoreLoader;
 import org.maxkey.crypto.password.LdapShaPasswordEncoder;
@@ -189,21 +192,39 @@ public class ApplicationAutoConfiguration  implements InitializingBean {
            @Value("${config.server.persistence}") int persistence,
            @Value("${config.login.remeberme.validity}") int validity,
            JdbcTemplate jdbcTemplate,
-            RedisConnectionFactory jedisConnectionFactory) {
+            RedisConnectionFactory redisConnFactory) {
        AbstractRemeberMeService remeberMeService = null;
-        if (persistence == 0) {
+        if (persistence == ConstantsPersistence.INMEMORY) {
            remeberMeService = new InMemoryRemeberMeService();
            _logger.debug("InMemoryRemeberMeService");
-        } else if (persistence == 1) {
-            remeberMeService = new JdbcRemeberMeService(jdbcTemplate);
-            _logger.debug("JdbcRemeberMeService");
-        } else if (persistence == 2) {
-            remeberMeService = new RedisRemeberMeService(jedisConnectionFactory);
+        } else if (persistence == ConstantsPersistence.JDBC) {
+            //remeberMeService = new JdbcRemeberMeService(jdbcTemplate);
+            _logger.debug("JdbcRemeberMeService not support "); 
+        } else if (persistence == ConstantsPersistence.REDIS) {
+            remeberMeService = new RedisRemeberMeService(redisConnFactory);
            _logger.debug("RedisRemeberMeService");
        }
        return remeberMeService;
    }
    
+    @Bean(name = "onlineTicketServices")
+    public OnlineTicketServices onlineTicketServices(
+            @Value("${config.server.persistence}") int persistence,
+            JdbcTemplate jdbcTemplate,
+            RedisConnectionFactory redisConnFactory) {
+        OnlineTicketServices onlineTicketServices = null;
+        if (persistence == ConstantsPersistence.INMEMORY) {
+            onlineTicketServices = new InMemoryOnlineTicketServices();
+            _logger.debug("InMemoryOnlineTicketServices");
+        } else if (persistence == ConstantsPersistence.JDBC) {
+            _logger.debug("OnlineTicketServices not support "); 
+        } else if (persistence == ConstantsPersistence.REDIS) {
+            onlineTicketServices = new RedisOnlineTicketServices(redisConnFactory);
+            _logger.debug("RedisOnlineTicketServices");
+        }
+        return onlineTicketServices;
+    }
+    
    /**
     * keyStoreLoader .
     * @return
--- a/maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java
+++ b/maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java
@@ -20,6 +20,9 @@ package org.maxkey.autoconfigure;
 import java.nio.charset.Charset;
 import java.util.ArrayList;
 import java.util.List;
+
+import javax.servlet.Filter;
+
 import org.maxkey.constants.ConstantsProperties;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -28,6 +31,7 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.web.server.ConfigurableWebServerFactory;
 import org.springframework.boot.web.server.ErrorPage;
 import org.springframework.boot.web.server.WebServerFactoryCustomizer;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
@@ -39,7 +43,9 @@ import org.springframework.http.converter.StringHttpMessageConverter;
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
 import org.springframework.http.converter.xml.MarshallingHttpMessageConverter;
 import org.springframework.oxm.jaxb.Jaxb2Marshaller;
+import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
 import org.springframework.web.client.RestTemplate;
+import org.springframework.web.filter.DelegatingFilterProxy;
 import org.springframework.web.multipart.commons.CommonsMultipartResolver;
 import org.springframework.web.servlet.i18n.CookieLocaleResolver;
 import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
@@ -59,11 +65,11 @@ public class MvcAutoConfiguration implements InitializingBean {
     */
    @Bean (name = "localeResolver")
    public CookieLocaleResolver cookieLocaleResolver(
-            @Value("${config.server.domain.sub:maxkey.top}")String subDomainName) {
-        _logger.debug("subDomainName " + subDomainName);
+            @Value("${config.server.domain:maxkey.top}")String domainName) {
+        _logger.debug("DomainName " + domainName);
        CookieLocaleResolver cookieLocaleResolver = new CookieLocaleResolver();
        cookieLocaleResolver.setCookieName("maxkey_lang");
-        cookieLocaleResolver.setCookieDomain(subDomainName);
+        cookieLocaleResolver.setCookieDomain(domainName);
        cookieLocaleResolver.setCookieMaxAge(604800);
        return cookieLocaleResolver;
    }
@@ -244,6 +250,25 @@ public class MvcAutoConfiguration implements InitializingBean {
        };
    }
    
+    @Bean
+    public SecurityContextHolderAwareRequestFilter securityContextHolderAwareRequestFilter() {
+        _logger.debug("securityContextHolderAwareRequestFilter init ");
+        return new SecurityContextHolderAwareRequestFilter();
+    }
+    
+    @Bean
+    public FilterRegistrationBean<Filter> delegatingFilterProxy() {
+        _logger.debug("delegatingFilterProxy init for /* ");
+        FilterRegistrationBean<Filter> registrationBean = new FilterRegistrationBean<Filter>();
+        registrationBean.setFilter(new DelegatingFilterProxy("securityContextHolderAwareRequestFilter"));
+        registrationBean.addUrlPatterns("/*");
+        //registrationBean.
+        registrationBean.setName("delegatingFilterProxy");
+        registrationBean.setOrder(1);
+        
+        return registrationBean;
+    }
+    
    @Override
    public void afterPropertiesSet() throws Exception {
        // TODO Auto-generated method stub
--- a/maxkey-core/src/main/java/org/maxkey/autoconfigure/RedisAutoConfiguration.java
+++ b/maxkey-core/src/main/java/org/maxkey/autoconfigure/RedisAutoConfiguration.java
@@ -46,7 +46,7 @@ public class RedisAutoConfiguration implements InitializingBean {
     * @return RedisConnectionFactory
     */
    @Bean
-    public RedisConnectionFactory redisConnectionFactory(
+    public RedisConnectionFactory redisConnFactory(
            @Value("${spring.redis.host}")
            String host,
            @Value("${spring.redis.port}")
@@ -63,7 +63,7 @@ public class RedisAutoConfiguration implements InitializingBean {
            int maxIdle,
            @Value("${spring.redis.lettuce.pool.min-idle}")
            int minIdle) {
-        _logger.debug("RedisConnectionFactory init .");
+        _logger.debug("redisConnFactory init .");
        RedisConnectionFactory factory = new RedisConnectionFactory();
        factory.setHostName(host);
        factory.setPort(port);
--- a/maxkey-core/src/main/java/org/maxkey/autoconfigure/SessionRedisAutoConfiguration.java
+++ b/maxkey-core/src/main/java/org/maxkey/autoconfigure/SessionRedisAutoConfiguration.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+
+package org.maxkey.autoconfigure;
+
+import org.maxkey.constants.ConstantsProperties;
+import org.maxkey.persistence.redis.RedisConnectionFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.beans.factory.ObjectProvider;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
+import org.springframework.session.web.http.CookieSerializer;
+import org.springframework.session.web.http.DefaultCookieSerializer;
+
+@Configuration
+@ConditionalOnProperty(value = "spring.session.store-type", havingValue = "redis", matchIfMissing = false)
+@EnableRedisHttpSession
+@PropertySource(ConstantsProperties.applicationPropertySource)
+public class SessionRedisAutoConfiguration implements InitializingBean {
+    private static final  Logger _logger = LoggerFactory.getLogger(SessionRedisAutoConfiguration.class);
+    
+    private final RedisConnectionFactory redisConnectionFactory;
+
+    public SessionRedisAutoConfiguration(ObjectProvider<RedisConnectionFactory> redisConnectionFactory) {
+        this.redisConnectionFactory = redisConnectionFactory.getIfAvailable();
+    }
+
+    @Bean
+    public CookieSerializer cookieSerializer() {
+        _logger.debug("CookieSerializer Default .");
+        DefaultCookieSerializer serializer = new DefaultCookieSerializer();
+        serializer.setCookieName("JSESSIONID"); 
+        serializer.setCookiePath("/"); 
+        serializer.setDomainNamePattern("^.+?\\.(\\w+\\.[a-z]+)$"); 
+        return serializer;
+    }
+    
+   
+
+ 
+    @Override
+    public void afterPropertiesSet() throws Exception {
+        // TODO Auto-generated method stub
+        
+    }
+}
--- a/maxkey-core/src/main/java/org/maxkey/configuration/ApplicationConfig.java
+++ b/maxkey-core/src/main/java/org/maxkey/configuration/ApplicationConfig.java
@@ -50,16 +50,16 @@ public class ApplicationConfig {
    @Autowired
    LoginConfig loginConfig;

+    @Value("${config.server.basedomain}")
+    String baseDomainName;
+
    @Value("${config.server.domain}")
    String domainName;

-    @Value("${config.server.domain.sub}")
-    String subDomainName;
-
    @Value("${config.server.name}")
    String serverName;

-    @Value("${config.server.prefix.uri}")
+    @Value("${config.server.uri}")
    String serverPrefix;

    @Value("${config.server.default.uri}")
@@ -139,22 +139,15 @@ public class ApplicationConfig {
     */
    public void setDomainName(String domainName) {
        this.domainName = domainName;
-        String[] domainSubStrings = domainName.split("\\.");
-        if (domainSubStrings.length >= 3) {
-            this.subDomainName = domainSubStrings[domainSubStrings.length - 2] + "."
-                    + domainSubStrings[domainSubStrings.length - 1];
-            _logger.debug("subDomainName " + subDomainName);
-        } else {
-            this.subDomainName = domainName;
-        }
+       
    }

-    public String getSubDomainName() {
-        return subDomainName;
+    public String getBaseDomainName() {
+        return baseDomainName;
    }

-    public void setSubDomainName(String subDomainName) {
-        this.subDomainName = subDomainName;
+    public void setBaseDomainName(String baseDomainName) {
+        this.baseDomainName = baseDomainName;
    }

    /**
@@ -203,4 +196,35 @@ public class ApplicationConfig {
        this.maxKeyUri = maxKeyUri;
    }

+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("ApplicationConfig [emailConfig=");
+        builder.append(emailConfig);
+        builder.append(", characterEncodingConfig=");
+        builder.append(characterEncodingConfig);
+        builder.append(", loginConfig=");
+        builder.append(loginConfig);
+        builder.append(", baseDomainName=");
+        builder.append(baseDomainName);
+        builder.append(", domainName=");
+        builder.append(domainName);
+        builder.append(", serverName=");
+        builder.append(serverName);
+        builder.append(", serverPrefix=");
+        builder.append(serverPrefix);
+        builder.append(", defaultUri=");
+        builder.append(defaultUri);
+        builder.append(", managementUri=");
+        builder.append(managementUri);
+        builder.append(", port=");
+        builder.append(port);
+        builder.append(", kafkaSupport=");
+        builder.append(kafkaSupport);
+        builder.append(", maxKeyUri=");
+        builder.append(maxKeyUri);
+        builder.append("]");
+        return builder.toString();
+    }
+
 }
--- a/maxkey-core/src/main/java/org/maxkey/configuration/CharacterEncodingConfig.java
+++ b/maxkey-core/src/main/java/org/maxkey/configuration/CharacterEncodingConfig.java
@@ -99,4 +99,17 @@ public class CharacterEncodingConfig {
        return null;
    }

+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("CharacterEncodingConfig [fromCharSet=");
+        builder.append(fromCharSet);
+        builder.append(", toCharSet=");
+        builder.append(toCharSet);
+        builder.append(", encoding=");
+        builder.append(encoding);
+        builder.append("]");
+        return builder.toString();
+    }
+
 }
--- a/maxkey-core/src/main/java/org/maxkey/configuration/EmailConfig.java
+++ b/maxkey-core/src/main/java/org/maxkey/configuration/EmailConfig.java
@@ -127,4 +127,23 @@ public class EmailConfig {
        this.ssl = ssl;
    }

+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("EmailConfig [username=");
+        builder.append(username);
+        builder.append(", password=");
+        builder.append(password);
+        builder.append(", smtpHost=");
+        builder.append(smtpHost);
+        builder.append(", port=");
+        builder.append(port);
+        builder.append(", ssl=");
+        builder.append(ssl);
+        builder.append(", sender=");
+        builder.append(sender);
+        builder.append("]");
+        return builder.toString();
+    }
+
 }
--- a/maxkey-core/src/main/java/org/maxkey/configuration/LoginConfig.java
+++ b/maxkey-core/src/main/java/org/maxkey/configuration/LoginConfig.java
@@ -124,14 +124,23 @@ public class LoginConfig {
    @Override
    public String toString() {
        StringBuilder builder = new StringBuilder();
-        builder
-            .append("LoginConfig [captcha=").append(captcha)
-            .append(", mfa=").append(mfa)
-            .append(", socialSignOn=").append(socialSignOn)
-            .append(", kerberos=").append(kerberos)
-            .append(", remeberMe=").append(remeberMe)
-            .append(", wsFederation=").append(wsFederation)
-            .append(", defaultUri=").append(defaultUri).append("]");
+        builder.append("LoginConfig [captcha=");
+        builder.append(captcha);
+        builder.append(", captchaType=");
+        builder.append(captchaType);
+        builder.append(", mfa=");
+        builder.append(mfa);
+        builder.append(", socialSignOn=");
+        builder.append(socialSignOn);
+        builder.append(", kerberos=");
+        builder.append(kerberos);
+        builder.append(", remeberMe=");
+        builder.append(remeberMe);
+        builder.append(", wsFederation=");
+        builder.append(wsFederation);
+        builder.append(", defaultUri=");
+        builder.append(defaultUri);
+        builder.append("]");
        return builder.toString();
    }

--- a/maxkey-core/src/main/java/org/maxkey/configuration/oidc/OIDCProviderMetadataDetails.java
+++ b/maxkey-core/src/main/java/org/maxkey/configuration/oidc/OIDCProviderMetadataDetails.java
@@ -18,6 +18,8 @@
 package org.maxkey.configuration.oidc;

 import java.net.URI;
+import java.util.Collection;
+import java.util.Iterator;
 import java.util.Set;

 /**
@@ -106,6 +108,44 @@ public class OIDCProviderMetadataDetails implements OIDCProviderMetadata {
        this.responseTypesSupported = responseTypesSupported;
    }

+    @Override
+    public String toString() {
+        final int maxLen = 4;
+        StringBuilder builder = new StringBuilder();
+        builder.append("OIDCProviderMetadataDetails [issuer=");
+        builder.append(issuer);
+        builder.append(", authorizationEndpoint=");
+        builder.append(authorizationEndpoint);
+        builder.append(", tokenEndpoint=");
+        builder.append(tokenEndpoint);
+        builder.append(", userinfoEndpoint=");
+        builder.append(userinfoEndpoint);
+        builder.append(", jwksUri=");
+        builder.append(jwksUri);
+        builder.append(", registrationEndpoint=");
+        builder.append(registrationEndpoint);
+        builder.append(", scopesSupported=");
+        builder.append(scopesSupported != null ? toString(scopesSupported, maxLen) : null);
+        builder.append(", responseTypesSupported=");
+        builder.append(responseTypesSupported != null ? toString(responseTypesSupported, maxLen) : null);
+        builder.append("]");
+        return builder.toString();
+    }
+
+    private String toString(Collection<?> collection, int maxLen) {
+        StringBuilder builder = new StringBuilder();
+        builder.append("[");
+        int i = 0;
+        for (Iterator<?> iterator = collection.iterator(); iterator.hasNext() && i < maxLen; i++) {
+            if (i > 0)
+                builder.append(", ");
+            builder.append(iterator.next());
+        }
+        builder.append("]");
+        return builder.toString();
+    }
+
    // TODO: Complete remaining properties from
    // http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
+    
 }
--- a/maxkey-core/src/main/java/org/maxkey/constants/ConstantsPersistence.java
+++ b/maxkey-core/src/main/java/org/maxkey/constants/ConstantsPersistence.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+
+package org.maxkey.constants;
+
+/**
+ * PROTOCOLS.
+ * @author Crystal.Sea
+ *
+ */
+public final class ConstantsPersistence {
+
+    public static final int INMEMORY = 0;
+
+    public static final int JDBC = 1;
+
+    public static final int REDIS = 2;
+
+}
--- a/maxkey-core/src/main/java/org/maxkey/crypto/keystore/KeyStoreLoader.java
+++ b/maxkey-core/src/main/java/org/maxkey/crypto/keystore/KeyStoreLoader.java
@@ -119,4 +119,21 @@ public class KeyStoreLoader implements InitializingBean {
        return keystoreType;
    }

+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("KeyStoreLoader [keyStore=");
+        builder.append(keyStore);
+        builder.append(", entityName=");
+        builder.append(entityName);
+        builder.append(", keystoreFile=");
+        builder.append(keystoreFile);
+        builder.append(", keystorePassword=");
+        builder.append(keystorePassword);
+        builder.append(", keystoreType=");
+        builder.append(keystoreType);
+        builder.append("]");
+        return builder.toString();
+    }
+
 }
--- a/maxkey-core/src/main/java/org/maxkey/crypto/password/opt/OneTimePassword.java
+++ b/maxkey-core/src/main/java/org/maxkey/crypto/password/opt/OneTimePassword.java
@@ -79,10 +79,19 @@ public class OneTimePassword  implements Serializable {
    @Override
    public String toString() {
        StringBuilder builder = new StringBuilder();
-        builder.append("OneTimePassword [id=").append(id)
-            .append(", type=").append(type).append(", token=").append(token)
-            .append(", username=").append(username).append(", receiver=").append(receiver)
-                .append(", createTime=").append(createTime).append("]");
+        builder.append("OneTimePassword [id=");
+        builder.append(id);
+        builder.append(", type=");
+        builder.append(type);
+        builder.append(", token=");
+        builder.append(token);
+        builder.append(", username=");
+        builder.append(username);
+        builder.append(", receiver=");
+        builder.append(receiver);
+        builder.append(", createTime=");
+        builder.append(createTime);
+        builder.append("]");
        return builder.toString();
    }

--- a/maxkey-core/src/main/java/org/maxkey/domain/ChangePassword.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/ChangePassword.java
@@ -165,14 +165,27 @@ public class ChangePassword extends JpaBaseDomain{
 	}


-	/* (non-Javadoc)
-	 * @see java.lang.Object#toString()
-	 */
 	@Override
-	public String toString() {
-		return "ChangePassword [uid=" + uid + ", username=" + username
-				+ ", password=" + password + ", confirmpassword="
-				+ confirmpassword + ", decipherable=" + decipherable + "]";
-	}
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("ChangePassword [id=");
+        builder.append(id);
+        builder.append(", uid=");
+        builder.append(uid);
+        builder.append(", username=");
+        builder.append(username);
+        builder.append(", displayName=");
+        builder.append(displayName);
+        builder.append(", oldPassword=");
+        builder.append(oldPassword);
+        builder.append(", password=");
+        builder.append(password);
+        builder.append(", confirmpassword=");
+        builder.append(confirmpassword);
+        builder.append(", decipherable=");
+        builder.append(decipherable);
+        builder.append("]");
+        return builder.toString();
+    }
 	
 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/ExtraAttr.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/ExtraAttr.java
@@ -69,9 +69,18 @@ public class ExtraAttr {
 	public void setType(String type) {
 		this.type = type;
 	}
+	
 	@Override
-	public String toString() {
-		return "ExtraAttr [attr=" + attr + ", value=" + value + "]";
-	}
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("ExtraAttr [attr=");
+        builder.append(attr);
+        builder.append(", type=");
+        builder.append(type);
+        builder.append(", value=");
+        builder.append(value);
+        builder.append("]");
+        return builder.toString();
+    }
 	
 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/ExtraAttrs.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/ExtraAttrs.java
@@ -109,9 +109,13 @@ public class ExtraAttrs {
 	}
 	
 	@Override
-	public String toString() {
-		return "ExtraAttrs [extraAttrs=" + extraAttrs + "]";
-	}
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("ExtraAttrs [extraAttrs=");
+        builder.append(extraAttrs);
+        builder.append("]");
+        return builder.toString();
+    }
 	
 	
 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/GroupMember.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/GroupMember.java
@@ -164,11 +164,23 @@ public class GroupMember extends UserInfo implements Serializable{


 	@Override
-	public String toString() {
-		return "GroupMember [groupId=" + groupId + ", groupName=" + groupName
-				+ ", memberId=" + memberId + ", memberName=" + memberName
-				+ ", type=" + type + "]";
-	}
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("GroupMember [id=");
+        builder.append(id);
+        builder.append(", groupId=");
+        builder.append(groupId);
+        builder.append(", groupName=");
+        builder.append(groupName);
+        builder.append(", memberId=");
+        builder.append(memberId);
+        builder.append(", memberName=");
+        builder.append(memberName);
+        builder.append(", type=");
+        builder.append(type);
+        builder.append("]");
+        return builder.toString();
+    }


 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/GroupPrivileges.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/GroupPrivileges.java
@@ -102,13 +102,18 @@ public class GroupPrivileges extends Apps implements Serializable{
 	}


-	/* (non-Javadoc)
-	 * @see java.lang.Object#toString()
-	 */
 	@Override
-	public String toString() {
-		return "GroupApp [groupId=" + groupId + ", appId=" + appId + "]";
-	}
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("GroupPrivileges [id=");
+        builder.append(id);
+        builder.append(", groupId=");
+        builder.append(groupId);
+        builder.append(", appId=");
+        builder.append(appId);
+        builder.append("]");
+        return builder.toString();
+    }
 	

 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/Groups.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/Groups.java
@@ -145,14 +145,29 @@ public class Groups extends JpaBaseDomain implements Serializable {
        this.status = status;
    }

-    /*
-     * (non-Javadoc)
-     * 
-     * @see java.lang.Object#toString()
-     */
    @Override
    public String toString() {
-        return "Groups [name=" + name + ", isdefault=" + isdefault + "]";
+        StringBuilder builder = new StringBuilder();
+        builder.append("Groups [id=");
+        builder.append(id);
+        builder.append(", name=");
+        builder.append(name);
+        builder.append(", isdefault=");
+        builder.append(isdefault);
+        builder.append(", description=");
+        builder.append(description);
+        builder.append(", createdBy=");
+        builder.append(createdBy);
+        builder.append(", createdDate=");
+        builder.append(createdDate);
+        builder.append(", modifiedBy=");
+        builder.append(modifiedBy);
+        builder.append(", modifiedDate=");
+        builder.append(modifiedDate);
+        builder.append(", status=");
+        builder.append(status);
+        builder.append("]");
+        return builder.toString();
    }

 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/HistoryLogin.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/HistoryLogin.java
@@ -226,13 +226,47 @@ public class HistoryLogin  extends JpaBaseDomain  implements Serializable{
 	}

 	@Override
-	public String toString() {
-		return "LoginHistory [id=" + id + ", sessionId=" + sessionId + ", uid=" + uid + ", username=" + username
-				+ ", displayName=" + displayName + ", loginType=" + loginType + ", message=" + message + ", code="
-				+ code + ", provider=" + provider + ", sourceIp=" + sourceIp + ", browser=" + browser + ", platform="
-				+ platform + ", application=" + application + ", loginUrl=" + loginUrl + ", loginTime=" + loginTime
-				+ ", logoutTime=" + logoutTime + ", startDate=" + startDate + ", endDate=" + endDate + "]";
-	}
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("HistoryLogin [id=");
+        builder.append(id);
+        builder.append(", sessionId=");
+        builder.append(sessionId);
+        builder.append(", uid=");
+        builder.append(uid);
+        builder.append(", username=");
+        builder.append(username);
+        builder.append(", displayName=");
+        builder.append(displayName);
+        builder.append(", loginType=");
+        builder.append(loginType);
+        builder.append(", message=");
+        builder.append(message);
+        builder.append(", code=");
+        builder.append(code);
+        builder.append(", provider=");
+        builder.append(provider);
+        builder.append(", sourceIp=");
+        builder.append(sourceIp);
+        builder.append(", browser=");
+        builder.append(browser);
+        builder.append(", platform=");
+        builder.append(platform);
+        builder.append(", application=");
+        builder.append(application);
+        builder.append(", loginUrl=");
+        builder.append(loginUrl);
+        builder.append(", loginTime=");
+        builder.append(loginTime);
+        builder.append(", logoutTime=");
+        builder.append(logoutTime);
+        builder.append(", startDate=");
+        builder.append(startDate);
+        builder.append(", endDate=");
+        builder.append(endDate);
+        builder.append("]");
+        return builder.toString();
+    }


 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/HistoryLoginApps.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/HistoryLoginApps.java
@@ -210,14 +210,30 @@ public class HistoryLoginApps extends JpaBaseDomain {
 	}


-	/* (non-Javadoc)
-	 * @see java.lang.Object#toString()
-	 */
 	@Override
-	public String toString() {
-		return "LoginAppsHistory [sessionId=" + sessionId + ", appId=" + appId
-				+ ", appName=" + appName + ", uid=" + uid + ", username="
-				+ username + ", displayName=" + displayName + ", loginTime="
-				+ loginTime + "]";
-	}
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("HistoryLoginApps [id=");
+        builder.append(id);
+        builder.append(", sessionId=");
+        builder.append(sessionId);
+        builder.append(", appId=");
+        builder.append(appId);
+        builder.append(", appName=");
+        builder.append(appName);
+        builder.append(", uid=");
+        builder.append(uid);
+        builder.append(", username=");
+        builder.append(username);
+        builder.append(", displayName=");
+        builder.append(displayName);
+        builder.append(", loginTime=");
+        builder.append(loginTime);
+        builder.append(", startDate=");
+        builder.append(startDate);
+        builder.append(", endDate=");
+        builder.append(endDate);
+        builder.append("]");
+        return builder.toString();
+    }
 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/HistoryLogs.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/HistoryLogs.java
@@ -209,4 +209,39 @@ public class HistoryLogs extends JpaBaseDomain implements Serializable {
        this.endDate = endDate;
    }

+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("HistoryLogs [id=");
+        builder.append(id);
+        builder.append(", serviceName=");
+        builder.append(serviceName);
+        builder.append(", message=");
+        builder.append(message);
+        builder.append(", content=");
+        builder.append(content);
+        builder.append(", messageType=");
+        builder.append(messageType);
+        builder.append(", operateType=");
+        builder.append(operateType);
+        builder.append(", username=");
+        builder.append(username);
+        builder.append(", code=");
+        builder.append(code);
+        builder.append(", createdBy=");
+        builder.append(createdBy);
+        builder.append(", createdDate=");
+        builder.append(createdDate);
+        builder.append(", modifiedBy=");
+        builder.append(modifiedBy);
+        builder.append(", modifiedDate=");
+        builder.append(modifiedDate);
+        builder.append(", startDate=");
+        builder.append(startDate);
+        builder.append(", endDate=");
+        builder.append(endDate);
+        builder.append("]");
+        return builder.toString();
+    }
+
 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/Navigations.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/Navigations.java
@@ -162,13 +162,33 @@ public class Navigations extends JpaBaseDomain  implements java.io.Serializable
 	}

 	@Override
-	public String toString() {
-		return "Navigations [name=" + name + ", url=" + url + ", type=" + type
-				+ ", target=" + target + ", pId=" + pId + ", pName=" + pName
-				+ ", xPath=" + xPath + ", hasChild=" + hasChild
-				+", visible=" + visible
-				+ ", childNavs=" + childNavs + "]";
-	}
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("Navigations [id=");
+        builder.append(id);
+        builder.append(", name=");
+        builder.append(name);
+        builder.append(", url=");
+        builder.append(url);
+        builder.append(", type=");
+        builder.append(type);
+        builder.append(", target=");
+        builder.append(target);
+        builder.append(", pId=");
+        builder.append(pId);
+        builder.append(", pName=");
+        builder.append(pName);
+        builder.append(", xPath=");
+        builder.append(xPath);
+        builder.append(", hasChild=");
+        builder.append(hasChild);
+        builder.append(", visible=");
+        builder.append(visible);
+        builder.append(", childNavs=");
+        builder.append(childNavs);
+        builder.append("]");
+        return builder.toString();
+    }



--- a/maxkey-core/src/main/java/org/maxkey/domain/Organizations.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/Organizations.java
@@ -289,13 +289,57 @@ public class Organizations extends JpaBaseDomain implements Serializable {

    @Override
    public String toString() {
-        return "Organizations [id=" + id + ", code=" + code + ", name=" + name + ", fullName=" + fullName
-                + ", parentId=" + parentId + ", parentName=" + parentName + ", type=" + type + ", codePath=" + codePath
-                + ", namePath=" + namePath + ", level=" + level + ", hasChild=" + hasChild + ", division=" + division
-                + ", country=" + country + ", region=" + region + ", locality=" + locality + ", street=" + street
-                + ", address=" + address + ", contact=" + contact + ", postalCode=" + postalCode + ", phone=" + phone
-                + ", fax=" + fax + ", email=" + email + ", sortIndex=" + sortIndex + ", description=" + description
-                + "]";
+        StringBuilder builder = new StringBuilder();
+        builder.append("Organizations [id=");
+        builder.append(id);
+        builder.append(", code=");
+        builder.append(code);
+        builder.append(", name=");
+        builder.append(name);
+        builder.append(", fullName=");
+        builder.append(fullName);
+        builder.append(", parentId=");
+        builder.append(parentId);
+        builder.append(", parentName=");
+        builder.append(parentName);
+        builder.append(", type=");
+        builder.append(type);
+        builder.append(", codePath=");
+        builder.append(codePath);
+        builder.append(", namePath=");
+        builder.append(namePath);
+        builder.append(", level=");
+        builder.append(level);
+        builder.append(", hasChild=");
+        builder.append(hasChild);
+        builder.append(", division=");
+        builder.append(division);
+        builder.append(", country=");
+        builder.append(country);
+        builder.append(", region=");
+        builder.append(region);
+        builder.append(", locality=");
+        builder.append(locality);
+        builder.append(", street=");
+        builder.append(street);
+        builder.append(", address=");
+        builder.append(address);
+        builder.append(", contact=");
+        builder.append(contact);
+        builder.append(", postalCode=");
+        builder.append(postalCode);
+        builder.append(", phone=");
+        builder.append(phone);
+        builder.append(", fax=");
+        builder.append(fax);
+        builder.append(", email=");
+        builder.append(email);
+        builder.append(", sortIndex=");
+        builder.append(sortIndex);
+        builder.append(", description=");
+        builder.append(description);
+        builder.append("]");
+        return builder.toString();
    }


--- a/maxkey-core/src/main/java/org/maxkey/domain/PasswordPolicy.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/PasswordPolicy.java
@@ -385,11 +385,45 @@ public class PasswordPolicy extends JpaBaseDomain implements java.io.Serializabl

    @Override
    public String toString() {
-        return "PasswordPolicy [id=" + id + ", minLength=" + minLength + ", maxLength=" + maxLength + ", lowerCase="
-                + lowerCase + ", upperCase=" + upperCase + ", digits=" + digits + ", specialChar=" + specialChar
-                + ", attempts=" + attempts + ", duration=" + duration + ", expiration=" + expiration + ", username="
-                + username + ", history=" + history + ", dictionary=" + dictionary + ", alphabetical=" + alphabetical
-                + ", numerical=" + numerical + ", qwerty=" + qwerty + "]";
+        StringBuilder builder = new StringBuilder();
+        builder.append("PasswordPolicy [id=");
+        builder.append(id);
+        builder.append(", minLength=");
+        builder.append(minLength);
+        builder.append(", maxLength=");
+        builder.append(maxLength);
+        builder.append(", lowerCase=");
+        builder.append(lowerCase);
+        builder.append(", upperCase=");
+        builder.append(upperCase);
+        builder.append(", digits=");
+        builder.append(digits);
+        builder.append(", specialChar=");
+        builder.append(specialChar);
+        builder.append(", attempts=");
+        builder.append(attempts);
+        builder.append(", duration=");
+        builder.append(duration);
+        builder.append(", expiration=");
+        builder.append(expiration);
+        builder.append(", username=");
+        builder.append(username);
+        builder.append(", history=");
+        builder.append(history);
+        builder.append(", dictionary=");
+        builder.append(dictionary);
+        builder.append(", alphabetical=");
+        builder.append(alphabetical);
+        builder.append(", numerical=");
+        builder.append(numerical);
+        builder.append(", qwerty=");
+        builder.append(qwerty);
+        builder.append(", occurances=");
+        builder.append(occurances);
+        builder.append(", randomPasswordLength=");
+        builder.append(randomPasswordLength);
+        builder.append("]");
+        return builder.toString();
    }

  
--- a/maxkey-core/src/main/java/org/maxkey/domain/Registration.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/Registration.java
@@ -162,16 +162,29 @@ public class Registration extends JpaBaseDomain{
 		this.firstName = firstName;
 	}

-	/* (non-Javadoc)
-	 * @see java.lang.Object#toString()
-	 */
 	@Override
-	public String toString() {
-		return "Registration [loginName=" + loginName + ", workEmail="
-				+ workEmail + ", company=" + company + ", workPhone="
-				+ workPhone + ", nickName=" + nickName + ", lastName="
-				+ lastName + ", firstName=" + firstName + ", users=" + users
-				+ "]";
-	}
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("Registration [id=");
+        builder.append(id);
+        builder.append(", loginName=");
+        builder.append(loginName);
+        builder.append(", workEmail=");
+        builder.append(workEmail);
+        builder.append(", company=");
+        builder.append(company);
+        builder.append(", workPhone=");
+        builder.append(workPhone);
+        builder.append(", nickName=");
+        builder.append(nickName);
+        builder.append(", lastName=");
+        builder.append(lastName);
+        builder.append(", firstName=");
+        builder.append(firstName);
+        builder.append(", users=");
+        builder.append(users);
+        builder.append("]");
+        return builder.toString();
+    }
 	
 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/Resources.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/Resources.java
@@ -215,4 +215,47 @@ public class Resources  extends JpaBaseDomain implements Serializable {
        this.sortIndex = sortIndex;
    }

+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("Resources [id=");
+        builder.append(id);
+        builder.append(", name=");
+        builder.append(name);
+        builder.append(", sortIndex=");
+        builder.append(sortIndex);
+        builder.append(", appId=");
+        builder.append(appId);
+        builder.append(", appName=");
+        builder.append(appName);
+        builder.append(", parentId=");
+        builder.append(parentId);
+        builder.append(", parentName=");
+        builder.append(parentName);
+        builder.append(", resourceType=");
+        builder.append(resourceType);
+        builder.append(", resourceIcon=");
+        builder.append(resourceIcon);
+        builder.append(", resourceStyle=");
+        builder.append(resourceStyle);
+        builder.append(", resourceUrl=");
+        builder.append(resourceUrl);
+        builder.append(", resourceAction=");
+        builder.append(resourceAction);
+        builder.append(", status=");
+        builder.append(status);
+        builder.append(", description=");
+        builder.append(description);
+        builder.append(", createdBy=");
+        builder.append(createdBy);
+        builder.append(", createdDate=");
+        builder.append(createdDate);
+        builder.append(", modifiedBy=");
+        builder.append(modifiedBy);
+        builder.append(", modifiedDate=");
+        builder.append(modifiedDate);
+        builder.append("]");
+        return builder.toString();
+    }
+
 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/RoleMember.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/RoleMember.java
@@ -117,8 +117,21 @@ public class RoleMember extends UserInfo implements Serializable {

    @Override
    public String toString() {
-        return "RoleMember [id=" + id + ", roleId=" + roleId + ", roleName=" + roleName + ", memberId=" + memberId
-                + ", memberName=" + memberName + ", type=" + type + "]";
+        StringBuilder builder = new StringBuilder();
+        builder.append("RoleMember [id=");
+        builder.append(id);
+        builder.append(", roleId=");
+        builder.append(roleId);
+        builder.append(", roleName=");
+        builder.append(roleName);
+        builder.append(", memberId=");
+        builder.append(memberId);
+        builder.append(", memberName=");
+        builder.append(memberName);
+        builder.append(", type=");
+        builder.append(type);
+        builder.append("]");
+        return builder.toString();
    }

 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/RolePermissions.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/RolePermissions.java
@@ -107,6 +107,23 @@ public class RolePermissions  extends JpaBaseDomain implements Serializable {
    public String  getUniqueId() {
        return  appId + "_" + roleId + "_" + resourceId;
    }
+
+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("RolePermissions [id=");
+        builder.append(id);
+        builder.append(", appId=");
+        builder.append(appId);
+        builder.append(", roleId=");
+        builder.append(roleId);
+        builder.append(", resourceId=");
+        builder.append(resourceId);
+        builder.append(", status=");
+        builder.append(status);
+        builder.append("]");
+        return builder.toString();
+    }
    

 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/Roles.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/Roles.java
@@ -116,6 +116,29 @@ public class Roles extends JpaBaseDomain implements Serializable {
    public void setModifiedDate(String modifiedDate) {
        this.modifiedDate = modifiedDate;
    }
+
+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("Roles [id=");
+        builder.append(id);
+        builder.append(", name=");
+        builder.append(name);
+        builder.append(", status=");
+        builder.append(status);
+        builder.append(", description=");
+        builder.append(description);
+        builder.append(", createdBy=");
+        builder.append(createdBy);
+        builder.append(", createdDate=");
+        builder.append(createdDate);
+        builder.append(", modifiedBy=");
+        builder.append(modifiedBy);
+        builder.append(", modifiedDate=");
+        builder.append(modifiedDate);
+        builder.append("]");
+        return builder.toString();
+    }
   
    

--- a/maxkey-core/src/main/java/org/maxkey/domain/Saml20Metadata.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/Saml20Metadata.java
@@ -126,9 +126,27 @@ public class Saml20Metadata extends JpaBaseDomain implements Serializable {

    @Override
    public String toString() {
-        return "Saml20Metadata [orgName=" + orgName + ", orgDisplayName=" + orgDisplayName + ", orgURL=" + orgURL
-                + ", contactType=" + contactType + ", company=" + company + ", givenName=" + givenName + ", surName="
-                + surName + ", emailAddress=" + emailAddress + ", telephoneNumber=" + telephoneNumber + "]";
+        StringBuilder builder = new StringBuilder();
+        builder.append("Saml20Metadata [orgName=");
+        builder.append(orgName);
+        builder.append(", orgDisplayName=");
+        builder.append(orgDisplayName);
+        builder.append(", orgURL=");
+        builder.append(orgURL);
+        builder.append(", contactType=");
+        builder.append(contactType);
+        builder.append(", company=");
+        builder.append(company);
+        builder.append(", givenName=");
+        builder.append(givenName);
+        builder.append(", surName=");
+        builder.append(surName);
+        builder.append(", emailAddress=");
+        builder.append(emailAddress);
+        builder.append(", telephoneNumber=");
+        builder.append(telephoneNumber);
+        builder.append("]");
+        return builder.toString();
    }

 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java
@@ -247,6 +247,8 @@ public class UserInfo extends JpaBaseDomain {
    @Column
    String description;

+    
+    
    public static class ONLINE {
        // 在线
        public static final int ONLINE = 1;
@@ -1145,70 +1147,6 @@ public class UserInfo extends JpaBaseDomain {
        this.description = description;
    }

-    @Override
-    public String toString() {
-        return "UserInfo [username=" + username
-                + ", password=" + password + ", decipherable=" + decipherable
-                + ", sharedSecret=" + sharedSecret
-                + ", sharedCounter=" + sharedCounter + ", userType=" + userType
-                + ", windowsAccount=" + windowsAccount
-                + ", displayName=" + displayName + ", nickName=" + nickName
-                + ", nameZHSpell=" + nameZhSpell
-                + ", nameZHShortSpell=" + nameZhShortSpell
-                + ", givenName=" + givenName
-                + ", middleName=" + middleName + ", familyName=" + familyName
-                + ", honorificPrefix=" + honorificPrefix
-                + ", honorificSuffix=" + honorificSuffix
-                + ", formattedName=" + formattedName + ", married=" + married
-                + ", gender=" + gender + ", birthDate=" + birthDate
-                + ", pictureFile=" + pictureFile + ", idType="
-                + idType + ", idCardNo=" + idCardNo + ", webSite=" + webSite
-                + ", startWorkDate=" + startWorkDate
-                + ", authnType=" + authnType + ", email=" + email
-                + ", emailVerified=" + emailVerified + ", mobile="
-                + mobile + ", mobileVerified=" + mobileVerified
-                + ", passwordQuestion=" + passwordQuestion
-                + ", passwordAnswer=" + passwordAnswer + ", appLoginAuthnType=" + appLoginAuthnType
-                + ", appLoginPassword=" + appLoginPassword
-                + ", protectedApps=" + protectedApps + ", protectedAppsMap="
-                + protectedAppsMap + ", passwordLastSetTime=" + passwordLastSetTime
-                + ", badPasswordCount="
-                + badPasswordCount + ", unLockTime=" + unLockTime
-                + ", isLocked=" + isLocked + ", lastLoginTime="
-                + lastLoginTime + ", lastLoginIp=" + lastLoginIp
-                + ", lastLogoffTime=" + lastLogoffTime
-                + ", passwordSetType=" + passwordSetType
-                + ", loginCount=" + loginCount + ", locale=" + locale
-                + ", timeZone=" + timeZone + ", preferredLanguage=" + preferredLanguage
-                + ", workCountry=" + workCountry
-                + ", workRegion=" + workRegion + ", workLocality=" + workLocality
-                + ", workStreetAddress="
-                + workStreetAddress + ", workAddressFormatted=" + workAddressFormatted
-                + ", workEmail=" + workEmail
-                + ", workPhoneNumber=" + workPhoneNumber + ", workPostalCode=" + workPostalCode
-                + ", workFax=" + workFax
-                + ", homeCountry=" + homeCountry + ", homeRegion=" + homeRegion
-                + ", homeLocality=" + homeLocality
-                + ", homeStreetAddress=" + homeStreetAddress
-                + ", homeAddressFormatted=" + homeAddressFormatted
-                + ", homeEmail=" + homeEmail
-                + ", homePhoneNumber=" + homePhoneNumber + ", homePostalCode="
-                + homePostalCode + ", homeFax=" + homeFax
-                + ", employeeNumber=" + employeeNumber + ", costCenter="
-                + costCenter + ", organization=" + organization
-                + ", division=" + division + ", departmentId="
-                + departmentId + ", department=" + department
-                + ", jobTitle=" + jobTitle + ", jobLevel=" + jobLevel
-                + ", managerId=" + managerId + ", manager=" + manager
-                + ", assistantId=" + assistantId + ", assistant="
-                + assistant + ", entryDate=" + entryDate
-                + ", quitDate=" + quitDate + ", extraAttribute=" + extraAttribute
-                + ", extraAttributeName=" + extraAttributeName + ", extraAttributeValue="
-                + extraAttributeValue + ", extraAttributeMap=" + extraAttributeMap
-                + ", online=" + online + ", ldapDn="
-                + ldapDn + "]";
-    }
-
    /**
     * @return the createdBy
     */
@@ -1273,4 +1211,209 @@ public class UserInfo extends JpaBaseDomain {
        this.theme = theme;
    }

+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("UserInfo [id=");
+        builder.append(id);
+        builder.append(", username=");
+        builder.append(username);
+        builder.append(", password=");
+        builder.append(password);
+        builder.append(", decipherable=");
+        builder.append(decipherable);
+        builder.append(", sharedSecret=");
+        builder.append(sharedSecret);
+        builder.append(", sharedCounter=");
+        builder.append(sharedCounter);
+        builder.append(", userType=");
+        builder.append(userType);
+        builder.append(", windowsAccount=");
+        builder.append(windowsAccount);
+        builder.append(", displayName=");
+        builder.append(displayName);
+        builder.append(", nickName=");
+        builder.append(nickName);
+        builder.append(", nameZhSpell=");
+        builder.append(nameZhSpell);
+        builder.append(", nameZhShortSpell=");
+        builder.append(nameZhShortSpell);
+        builder.append(", givenName=");
+        builder.append(givenName);
+        builder.append(", middleName=");
+        builder.append(middleName);
+        builder.append(", familyName=");
+        builder.append(familyName);
+        builder.append(", honorificPrefix=");
+        builder.append(honorificPrefix);
+        builder.append(", honorificSuffix=");
+        builder.append(honorificSuffix);
+        builder.append(", formattedName=");
+        builder.append(formattedName);
+        builder.append(", married=");
+        builder.append(married);
+        builder.append(", gender=");
+        builder.append(gender);
+        builder.append(", birthDate=");
+        builder.append(birthDate);
+        builder.append(", picture=");
+        builder.append(picture);
+        builder.append(", pictureFile=");
+        builder.append(pictureFile);
+        builder.append(", idType=");
+        builder.append(idType);
+        builder.append(", idCardNo=");
+        builder.append(idCardNo);
+        builder.append(", webSite=");
+        builder.append(webSite);
+        builder.append(", startWorkDate=");
+        builder.append(startWorkDate);
+        builder.append(", authnType=");
+        builder.append(authnType);
+        builder.append(", email=");
+        builder.append(email);
+        builder.append(", emailVerified=");
+        builder.append(emailVerified);
+        builder.append(", mobile=");
+        builder.append(mobile);
+        builder.append(", mobileVerified=");
+        builder.append(mobileVerified);
+        builder.append(", passwordQuestion=");
+        builder.append(passwordQuestion);
+        builder.append(", passwordAnswer=");
+        builder.append(passwordAnswer);
+        builder.append(", appLoginAuthnType=");
+        builder.append(appLoginAuthnType);
+        builder.append(", appLoginPassword=");
+        builder.append(appLoginPassword);
+        builder.append(", protectedApps=");
+        builder.append(protectedApps);
+        builder.append(", protectedAppsMap=");
+        builder.append(protectedAppsMap);
+        builder.append(", passwordLastSetTime=");
+        builder.append(passwordLastSetTime);
+        builder.append(", badPasswordCount=");
+        builder.append(badPasswordCount);
+        builder.append(", badPasswordTime=");
+        builder.append(badPasswordTime);
+        builder.append(", unLockTime=");
+        builder.append(unLockTime);
+        builder.append(", isLocked=");
+        builder.append(isLocked);
+        builder.append(", lastLoginTime=");
+        builder.append(lastLoginTime);
+        builder.append(", lastLoginIp=");
+        builder.append(lastLoginIp);
+        builder.append(", lastLogoffTime=");
+        builder.append(lastLogoffTime);
+        builder.append(", passwordSetType=");
+        builder.append(passwordSetType);
+        builder.append(", loginCount=");
+        builder.append(loginCount);
+        builder.append(", locale=");
+        builder.append(locale);
+        builder.append(", timeZone=");
+        builder.append(timeZone);
+        builder.append(", preferredLanguage=");
+        builder.append(preferredLanguage);
+        builder.append(", workCountry=");
+        builder.append(workCountry);
+        builder.append(", workRegion=");
+        builder.append(workRegion);
+        builder.append(", workLocality=");
+        builder.append(workLocality);
+        builder.append(", workStreetAddress=");
+        builder.append(workStreetAddress);
+        builder.append(", workAddressFormatted=");
+        builder.append(workAddressFormatted);
+        builder.append(", workEmail=");
+        builder.append(workEmail);
+        builder.append(", workPhoneNumber=");
+        builder.append(workPhoneNumber);
+        builder.append(", workPostalCode=");
+        builder.append(workPostalCode);
+        builder.append(", workFax=");
+        builder.append(workFax);
+        builder.append(", homeCountry=");
+        builder.append(homeCountry);
+        builder.append(", homeRegion=");
+        builder.append(homeRegion);
+        builder.append(", homeLocality=");
+        builder.append(homeLocality);
+        builder.append(", homeStreetAddress=");
+        builder.append(homeStreetAddress);
+        builder.append(", homeAddressFormatted=");
+        builder.append(homeAddressFormatted);
+        builder.append(", homeEmail=");
+        builder.append(homeEmail);
+        builder.append(", homePhoneNumber=");
+        builder.append(homePhoneNumber);
+        builder.append(", homePostalCode=");
+        builder.append(homePostalCode);
+        builder.append(", homeFax=");
+        builder.append(homeFax);
+        builder.append(", employeeNumber=");
+        builder.append(employeeNumber);
+        builder.append(", costCenter=");
+        builder.append(costCenter);
+        builder.append(", organization=");
+        builder.append(organization);
+        builder.append(", division=");
+        builder.append(division);
+        builder.append(", departmentId=");
+        builder.append(departmentId);
+        builder.append(", department=");
+        builder.append(department);
+        builder.append(", jobTitle=");
+        builder.append(jobTitle);
+        builder.append(", jobLevel=");
+        builder.append(jobLevel);
+        builder.append(", managerId=");
+        builder.append(managerId);
+        builder.append(", manager=");
+        builder.append(manager);
+        builder.append(", assistantId=");
+        builder.append(assistantId);
+        builder.append(", assistant=");
+        builder.append(assistant);
+        builder.append(", entryDate=");
+        builder.append(entryDate);
+        builder.append(", quitDate=");
+        builder.append(quitDate);
+        builder.append(", defineIm=");
+        builder.append(defineIm);
+        builder.append(", weixinFollow=");
+        builder.append(weixinFollow);
+        builder.append(", theme=");
+        builder.append(theme);
+        builder.append(", extraAttribute=");
+        builder.append(extraAttribute);
+        builder.append(", extraAttributeName=");
+        builder.append(extraAttributeName);
+        builder.append(", extraAttributeValue=");
+        builder.append(extraAttributeValue);
+        builder.append(", extraAttributeMap=");
+        builder.append(extraAttributeMap);
+        builder.append(", online=");
+        builder.append(online);
+        builder.append(", ldapDn=");
+        builder.append(ldapDn);
+        builder.append(", gridList=");
+        builder.append(gridList);
+        builder.append(", createdBy=");
+        builder.append(createdBy);
+        builder.append(", createdDate=");
+        builder.append(createdDate);
+        builder.append(", modifiedBy=");
+        builder.append(modifiedBy);
+        builder.append(", modifiedDate=");
+        builder.append(modifiedDate);
+        builder.append(", status=");
+        builder.append(status);
+        builder.append(", description=");
+        builder.append(description);
+        builder.append("]");
+        return builder.toString();
+    }
+
 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java
@@ -18,7 +18,6 @@
 package org.maxkey.domain.apps;

 import java.io.Serializable;
-import java.util.Arrays;

 import javax.persistence.Column;
 import javax.persistence.GeneratedValue;
@@ -81,6 +80,10 @@ public class Apps extends JpaBaseDomain implements Serializable {
    private MultipartFile iconFile;
    @Column
    private int visible;
+    
+
+    //引导方式 IDP OR SP,default is IDP
+    private String inducer;
    /*
     * vendor
     */
@@ -106,7 +109,10 @@ public class Apps extends JpaBaseDomain implements Serializable {
    private String principal;
    @Column
    private String credentials;
-
+    @Column
+    private String logoutUrl;
+    @Column
+    private int logoutType;
    /*
     * extendAttr
     */
@@ -143,7 +149,12 @@ public class Apps extends JpaBaseDomain implements Serializable {
    protected String modifiedDate;
    @Column
    protected String description;
+    
+    
+    protected String loginDateTime;

+    protected String onlineTicket;
+    
    public Apps() {
        super();
        isSignature = Boolean.FALSE;
@@ -505,15 +516,118 @@ public class Apps extends JpaBaseDomain implements Serializable {
    public void setStatus(int status) {
        this.status = status;
    }
+    
+    public String getInducer() {
+        return inducer;
+    }
+
+    public void setInducer(String inducer) {
+        this.inducer = inducer;
+    }
+    
+
+    public String getLogoutUrl() {
+        return logoutUrl;
+    }
+
+    public void setLogoutUrl(String logoutUrl) {
+        this.logoutUrl = logoutUrl;
+    }
+
+    public int getLogoutType() {
+        return logoutType;
+    }
+
+    public void setLogoutType(int logoutType) {
+        this.logoutType = logoutType;
+    }
+
+    
+    public String getLoginDateTime() {
+        return loginDateTime;
+    }
+
+    public void setLoginDateTime(String loginDateTime) {
+        this.loginDateTime = loginDateTime;
+    }
+
+    public String getOnlineTicket() {
+        return onlineTicket;
+    }
+
+    public void setOnlineTicket(String onlineTicket) {
+        this.onlineTicket = onlineTicket;
+    }

    @Override
    public String toString() {
-        return "Applications [name=" + name + ", loginUrl=" + loginUrl + ", category=" + category + ", protocol="
-                + protocol + ", secret=" + secret + ", icon=" + Arrays.toString(icon) + ", iconFile=" + iconFile
-                + ", visible=" + visible + ", vendor=" + vendor + ", vendorUrl=" + vendorUrl + ", credential="
-                + credential + ", sharedUsername=" + sharedUsername + ", sharedPassword=" + sharedPassword
-                + ", systemUserAttr=" + systemUserAttr + ", isExtendAttr=" + isExtendAttr + ", extendAttr=" + extendAttr
-                + ", isSignature=" + isSignature + "]";
+        StringBuilder builder = new StringBuilder();
+        builder.append("Apps [id=");
+        builder.append(id);
+        builder.append(", name=");
+        builder.append(name);
+        builder.append(", loginUrl=");
+        builder.append(loginUrl);
+        builder.append(", category=");
+        builder.append(category);
+        builder.append(", protocol=");
+        builder.append(protocol);
+        builder.append(", secret=");
+        builder.append(secret);
+        builder.append(", visible=");
+        builder.append(visible);
+        builder.append(", inducer=");
+        builder.append(inducer);
+        builder.append(", vendor=");
+        builder.append(vendor);
+        builder.append(", vendorUrl=");
+        builder.append(vendorUrl);
+        builder.append(", credential=");
+        builder.append(credential);
+        builder.append(", sharedUsername=");
+        builder.append(sharedUsername);
+        builder.append(", sharedPassword=");
+        builder.append(sharedPassword);
+        builder.append(", systemUserAttr=");
+        builder.append(systemUserAttr);
+        builder.append(", principal=");
+        builder.append(principal);
+        builder.append(", credentials=");
+        builder.append(credentials);
+        builder.append(", logoutUrl=");
+        builder.append(logoutUrl);
+        builder.append(", logoutType=");
+        builder.append(logoutType);
+        builder.append(", isExtendAttr=");
+        builder.append(isExtendAttr);
+        builder.append(", extendAttr=");
+        builder.append(extendAttr);
+        builder.append(", userPropertys=");
+        builder.append(userPropertys);
+        builder.append(", isSignature=");
+        builder.append(isSignature);
+        builder.append(", isAdapter=");
+        builder.append(isAdapter);
+        builder.append(", adapter=");
+        builder.append(adapter);
+        builder.append(", appUser=");
+        builder.append(appUser);
+        builder.append(", sortIndex=");
+        builder.append(sortIndex);
+        builder.append(", status=");
+        builder.append(status);
+        builder.append(", createdBy=");
+        builder.append(createdBy);
+        builder.append(", createdDate=");
+        builder.append(createdDate);
+        builder.append(", modifiedBy=");
+        builder.append(modifiedBy);
+        builder.append(", modifiedDate=");
+        builder.append(modifiedDate);
+        builder.append(", description=");
+        builder.append(description);
+        builder.append("]");
+        return builder.toString();
    }

 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsCasDetails.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsCasDetails.java
@@ -61,7 +61,17 @@ public class AppsCasDetails extends Apps {
        this.callbackUrl = callbackUrl;
    }

-
-
+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("AppsCasDetails [id=");
+        builder.append(id);
+        builder.append(", service=");
+        builder.append(service);
+        builder.append(", callbackUrl=");
+        builder.append(callbackUrl);
+        builder.append("]");
+        return builder.toString();
+    }

 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsDesktopDetails.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsDesktopDetails.java
@@ -294,19 +294,35 @@ public class AppsDesktopDetails extends Apps {



-	/* (non-Javadoc)
-	 * @see java.lang.Object#toString()
-	 */
 	@Override
-	public String toString() {
-		return "DesktopDetails [programPath=" + programPath + ", parameter="
-				+ parameter + ", preUsername=" + preUsername
-				+ ", usernameType=" + usernameType + ", usernameParameter="
-				+ usernameParameter + ", prePassword=" + prePassword
-				+ ", passwordType=" + passwordType + ", passwordParameter="
-				+ passwordParameter + ", preSubmit=" + preSubmit
-				+ ", submitType=" + submitType + ", submitKey=" + submitKey
-				+ "]";
-	}
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("AppsDesktopDetails [programPath=");
+        builder.append(programPath);
+        builder.append(", parameter=");
+        builder.append(parameter);
+        builder.append(", preUsername=");
+        builder.append(preUsername);
+        builder.append(", usernameType=");
+        builder.append(usernameType);
+        builder.append(", usernameParameter=");
+        builder.append(usernameParameter);
+        builder.append(", prePassword=");
+        builder.append(prePassword);
+        builder.append(", passwordType=");
+        builder.append(passwordType);
+        builder.append(", passwordParameter=");
+        builder.append(passwordParameter);
+        builder.append(", preSubmit=");
+        builder.append(preSubmit);
+        builder.append(", submitType=");
+        builder.append(submitType);
+        builder.append(", submitKey=");
+        builder.append(submitKey);
+        builder.append(", appUser=");
+        builder.append(appUser);
+        builder.append("]");
+        return builder.toString();
+    }

 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsFormBasedDetails.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsFormBasedDetails.java
@@ -122,10 +122,20 @@ public class AppsFormBasedDetails  extends Apps {


 	@Override
-	public String toString() {
-		return "FormBasedDetails [redirectUri=" + redirectUri
-				+ ", usernameMapping=" + usernameMapping + ", passwordMapping="
-				+ passwordMapping + ", authorizeView=" + authorizeView + "]";
-	}
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("AppsFormBasedDetails [id=");
+        builder.append(id);
+        builder.append(", redirectUri=");
+        builder.append(redirectUri);
+        builder.append(", usernameMapping=");
+        builder.append(usernameMapping);
+        builder.append(", passwordMapping=");
+        builder.append(passwordMapping);
+        builder.append(", authorizeView=");
+        builder.append(authorizeView);
+        builder.append("]");
+        return builder.toString();
+    }

 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsOAuth20Details.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsOAuth20Details.java
@@ -328,18 +328,45 @@ public class AppsOAuth20Details extends Apps {
        return baseClientDetails;
    }

-    /*
-     * (non-Javadoc)
-     * 
-     * @see java.lang.Object#toString()
-     */
    @Override
    public String toString() {
-        return "OAuth20Details [clientId=" + clientId + ", clientSecret=" + clientSecret + ", scope=" + scope
-                + ", resourceIds=" + resourceIds + ", authorizedGrantTypes=" + authorizedGrantTypes
-                + ", registeredRedirectUris=" + registeredRedirectUris + ", authorities=" + authorities
-                + ", accessTokenValiditySeconds=" + accessTokenValiditySeconds + ", refreshTokenValiditySeconds="
-                + refreshTokenValiditySeconds + "]";
+        StringBuilder builder = new StringBuilder();
+        builder.append("AppsOAuth20Details [clientId=");
+        builder.append(clientId);
+        builder.append(", clientSecret=");
+        builder.append(clientSecret);
+        builder.append(", scope=");
+        builder.append(scope);
+        builder.append(", resourceIds=");
+        builder.append(resourceIds);
+        builder.append(", authorizedGrantTypes=");
+        builder.append(authorizedGrantTypes);
+        builder.append(", registeredRedirectUris=");
+        builder.append(registeredRedirectUris);
+        builder.append(", authorities=");
+        builder.append(authorities);
+        builder.append(", accessTokenValiditySeconds=");
+        builder.append(accessTokenValiditySeconds);
+        builder.append(", refreshTokenValiditySeconds=");
+        builder.append(refreshTokenValiditySeconds);
+        builder.append(", approvalPrompt=");
+        builder.append(approvalPrompt);
+        builder.append(", idTokenSigningAlgorithm=");
+        builder.append(idTokenSigningAlgorithm);
+        builder.append(", idTokenEncryptedAlgorithm=");
+        builder.append(idTokenEncryptedAlgorithm);
+        builder.append(", idTokenEncryptionMethod=");
+        builder.append(idTokenEncryptionMethod);
+        builder.append(", userInfoSigningAlgorithm=");
+        builder.append(userInfoSigningAlgorithm);
+        builder.append(", userInfoEncryptedAlgorithm=");
+        builder.append(userInfoEncryptedAlgorithm);
+        builder.append(", userInfoEncryptionMethod=");
+        builder.append(userInfoEncryptionMethod);
+        builder.append(", jwksUri=");
+        builder.append(jwksUri);
+        builder.append("]");
+        return builder.toString();
    }

 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsSAML20Details.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsSAML20Details.java
@@ -17,8 +17,6 @@

 package org.maxkey.domain.apps;

-import java.util.Arrays;
-
 import javax.persistence.Column;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
@@ -93,6 +91,9 @@ public class AppsSAML20Details extends Apps {
     */
    @Column
    private int nameIdConvert;
+    
+    @Column
+    private String nameIdSuffix;

    public static final class BindingType {
        public static final  String Redirect_Post = "Redirect-Post";
@@ -326,18 +327,54 @@ public class AppsSAML20Details extends Apps {
    public void setDigestMethod(String digestMethod) {
        this.digestMethod = digestMethod;
    }
+    
+    public String getNameIdSuffix() {
+        return nameIdSuffix;
+    }
+
+    public void setNameIdSuffix(String nameIdSuffix) {
+        this.nameIdSuffix = nameIdSuffix;
+    }

    @Override
    public String toString() {
-        final int maxLen = 40;
-        return "AppsSAML20Details [id=" + id + ", certIssuer=" + certIssuer + ", certSubject=" + certSubject
-                + ", certExpiration=" + certExpiration + ", signature=" + signature + ", keyStore="
-                + (keyStore != null ? Arrays.toString(Arrays.copyOf(keyStore, Math.min(keyStore.length, maxLen)))
-                        : null)
-                + ", entityId=" + entityId + ", spAcsUrl=" + spAcsUrl + ", issuer=" + issuer + ", audience=" + audience
-                + ", nameidFormat=" + nameidFormat + ", validityInterval=" + validityInterval + ", binding=" + binding
-                + ", encrypted=" + encrypted + ", certMetaFile=" + certMetaFile + ", fileType=" + fileType
-                + ", nameIdConvert=" + nameIdConvert + "]";
+        StringBuilder builder = new StringBuilder();
+        builder.append("AppsSAML20Details [id=");
+        builder.append(id);
+        builder.append(", certIssuer=");
+        builder.append(certIssuer);
+        builder.append(", certSubject=");
+        builder.append(certSubject);
+        builder.append(", certExpiration=");
+        builder.append(certExpiration);
+        builder.append(", signature=");
+        builder.append(signature);
+        builder.append(", digestMethod=");
+        builder.append(digestMethod);
+        builder.append(", entityId=");
+        builder.append(entityId);
+        builder.append(", spAcsUrl=");
+        builder.append(spAcsUrl);
+        builder.append(", issuer=");
+        builder.append(issuer);
+        builder.append(", audience=");
+        builder.append(audience);
+        builder.append(", nameidFormat=");
+        builder.append(nameidFormat);
+        builder.append(", validityInterval=");
+        builder.append(validityInterval);
+        builder.append(", binding=");
+        builder.append(binding);
+        builder.append(", encrypted=");
+        builder.append(encrypted);
+        builder.append(", fileType=");
+        builder.append(fileType);
+        builder.append(", nameIdConvert=");
+        builder.append(nameIdConvert);
+        builder.append(", nameIdSuffix=");
+        builder.append(nameIdSuffix);
+        builder.append("]");
+        return builder.toString();
    }

 
--- a/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsTokenBasedDetails.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsTokenBasedDetails.java
@@ -137,9 +137,23 @@ public class AppsTokenBasedDetails  extends Apps {

    @Override
    public String toString() {
-        return "AppsTokenBasedDetails [id=" + id + ", redirectUri=" + redirectUri + ", tokenType=" + tokenType
-                + ", cookieName=" + cookieName + ", algorithm=" + algorithm + ", algorithmKey=" + algorithmKey
-                + ", expires=" + expires + "]";
+        StringBuilder builder = new StringBuilder();
+        builder.append("AppsTokenBasedDetails [id=");
+        builder.append(id);
+        builder.append(", redirectUri=");
+        builder.append(redirectUri);
+        builder.append(", tokenType=");
+        builder.append(tokenType);
+        builder.append(", cookieName=");
+        builder.append(cookieName);
+        builder.append(", algorithm=");
+        builder.append(algorithm);
+        builder.append(", algorithmKey=");
+        builder.append(algorithmKey);
+        builder.append(", expires=");
+        builder.append(expires);
+        builder.append("]");
+        return builder.toString();
    }

 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/apps/UserApps.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/UserApps.java
@@ -61,8 +61,15 @@ public class UserApps extends Apps {

    @Override
    public String toString() {
-        return "UserApplications [username=" + username 
-                + ", userId=" + userId + ", displayName=" + displayName + "]";
+        StringBuilder builder = new StringBuilder();
+        builder.append("UserApps [username=");
+        builder.append(username);
+        builder.append(", userId=");
+        builder.append(userId);
+        builder.append(", displayName=");
+        builder.append(displayName);
+        builder.append("]");
+        return builder.toString();
    }

 }
--- a/maxkey-core/src/main/java/org/maxkey/domain/apps/oauth2/provider/client/BaseClientDetails.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/oauth2/provider/client/BaseClientDetails.java
@@ -461,16 +461,48 @@ public class BaseClientDetails implements ClientDetails {
 	}

 	@Override
-	public String toString() {
-		return "BaseClientDetails [clientId=" + clientId + ", clientSecret="
-				+ clientSecret + ", scope=" + scope + ", resourceIds="
-				+ resourceIds + ", authorizedGrantTypes="
-				+ authorizedGrantTypes + ", registeredRedirectUris="
-				+ registeredRedirectUris + ", authorities=" + authorities
-				+ ", accessTokenValiditySeconds=" + accessTokenValiditySeconds
-				+ ", refreshTokenValiditySeconds="
-				+ refreshTokenValiditySeconds + ", additionalInformation="
-				+ additionalInformation + "]";
-	}
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("BaseClientDetails [clientId=");
+        builder.append(clientId);
+        builder.append(", clientSecret=");
+        builder.append(clientSecret);
+        builder.append(", scope=");
+        builder.append(scope);
+        builder.append(", resourceIds=");
+        builder.append(resourceIds);
+        builder.append(", authorizedGrantTypes=");
+        builder.append(authorizedGrantTypes);
+        builder.append(", registeredRedirectUris=");
+        builder.append(registeredRedirectUris);
+        builder.append(", autoApproveScopes=");
+        builder.append(autoApproveScopes);
+        builder.append(", authorities=");
+        builder.append(authorities);
+        builder.append(", accessTokenValiditySeconds=");
+        builder.append(accessTokenValiditySeconds);
+        builder.append(", refreshTokenValiditySeconds=");
+        builder.append(refreshTokenValiditySeconds);
+        builder.append(", additionalInformation=");
+        builder.append(additionalInformation);
+        builder.append(", idTokenSigningAlgorithm=");
+        builder.append(idTokenSigningAlgorithm);
+        builder.append(", idTokenEncryptedAlgorithm=");
+        builder.append(idTokenEncryptedAlgorithm);
+        builder.append(", idTokenEncryptionMethod=");
+        builder.append(idTokenEncryptionMethod);
+        builder.append(", userInfoSigningAlgorithm=");
+        builder.append(userInfoSigningAlgorithm);
+        builder.append(", userInfoEncryptedAlgorithm=");
+        builder.append(userInfoEncryptedAlgorithm);
+        builder.append(", userInfoEncryptionMethod=");
+        builder.append(userInfoEncryptionMethod);
+        builder.append(", jwksUri=");
+        builder.append(jwksUri);
+        builder.append(", approvalPrompt=");
+        builder.append(approvalPrompt);
+        builder.append("]");
+        return builder.toString();
+    }

 }
--- a/maxkey-core/src/main/java/org/maxkey/persistence/db/LoginService.java
+++ b/maxkey-core/src/main/java/org/maxkey/persistence/db/LoginService.java
@@ -56,6 +56,8 @@ public class LoginService {

    private static final String DEFAULT_USERINFO_SELECT_STATEMENT = "SELECT * FROM  MXK_USERINFO WHERE USERNAME = ?";
    
+    private static final String DEFAULT_MYAPPS_SELECT_STATEMENT = "SELECT DISTINCT APP.ID,APP.NAME FROM MXK_APPS APP,MXK_GROUP_PRIVILEGES GP,MXK_GROUPS G  WHERE APP.ID=GP.APPID AND GP.GROUPID=G.ID AND G.ID IN(%s)";
+    
    protected JdbcTemplate jdbcTemplate;
    
    public LoginService(){
@@ -151,6 +153,24 @@ public class LoginService {
        }
    }
    
+    public ArrayList<GrantedAuthority> queryAuthorizedApps(ArrayList<GrantedAuthority> grantedAuthoritys) {
+        String grantedAuthorityString="'ROLE_ALL_USER'";
+        for(GrantedAuthority grantedAuthority : grantedAuthoritys) {
+            grantedAuthorityString += ",'"+ grantedAuthority.getAuthority()+"'";
+        }
+        
+        ArrayList<GrantedAuthority> listAuthorizedApps = (ArrayList<GrantedAuthority>) jdbcTemplate.query(
+                String.format(DEFAULT_MYAPPS_SELECT_STATEMENT, grantedAuthorityString), 
+                new RowMapper<GrantedAuthority>() {
+            public GrantedAuthority mapRow(ResultSet rs, int rowNum) throws SQLException {
+                return new SimpleGrantedAuthority(rs.getString("ID"));
+            }
+        });
+
+        _logger.debug("list Authorized Apps  " + listAuthorizedApps);
+        return listAuthorizedApps;
+    }
+    
    public List<Groups> queryGroups(UserInfo userInfo) {
        List<Groups> listGroups = jdbcTemplate.query(GROUPS_SELECT_STATEMENT, new RowMapper<Groups>() {
            public Groups mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -174,9 +194,11 @@ public class LoginService {
        // query roles for user
        List<Groups> listGroups = queryGroups(userInfo);

-        // set role for spring security
+        //set default roles
        ArrayList<GrantedAuthority> grantedAuthority = new ArrayList<GrantedAuthority>();
        grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER"));
+        grantedAuthority.add(new SimpleGrantedAuthority("ROLE_ORDINARY_USER"));
+        grantedAuthority.add(new SimpleGrantedAuthority("ROLE_ALL_USER"));
        for (Groups group : listGroups) {
            grantedAuthority.add(new SimpleGrantedAuthority(group.getId()));
        }
--- a/maxkey-core/src/main/java/org/maxkey/util/StringUtils.java
+++ b/maxkey-core/src/main/java/org/maxkey/util/StringUtils.java
@@ -24,6 +24,7 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.regex.Matcher;
 import java.util.regex.Pattern;

 public final class StringUtils {
@@ -479,4 +480,42 @@ public final class StringUtils {
        }
        return null;
    }
+    
+    /**
+     * 验证是否为正确的邮箱号
+     *
+     * @param email
+     * @return
+     */
+    public static boolean isValidEmail(String email) {
+        // 1、\\w+表示@之前至少要输入一个匹配字母或数字或下划线 \\w 单词字符：[a-zA-Z_0-9]
+        // 2、(\\w+\\.)表示域名. 如新浪邮箱域名是sina.com.cn
+        // {1,3}表示可以出现一次或两次或者三次.
+        String reg = "\\w+@(\\w+\\.){1,3}\\w+";
+        Pattern pattern = Pattern.compile(reg);
+        boolean flag = false;
+        if (email != null) {
+            Matcher matcher = pattern.matcher(email);
+            flag = matcher.matches();
+        }
+        return flag;
+    }
+    /**
+     * 验证是否为手机号
+     *
+     * @param mobileNo
+     * @return
+     */
+    public static boolean isValidMobileNo(String mobileNo) {
+        // 1、(13[0-9])|(15[02789])|(18[679])|(17[0-9]) 13段 或者15段 18段17段的匹配
+        // 2、\\d{8} 整数出现8次
+        boolean flag = false;
+        Pattern p = Pattern.compile("^((13[0-9])|(14[0-9])|(15[0-9])|(16[0-9])|(17[0-9])|(18[0-9])|(19[0-9]))\\d{8}$");
+        Matcher match = p.matcher(mobileNo);
+        if (mobileNo != null) {
+            flag = match.matches();
+        }
+        return flag;
+    }
+
 }
--- a/maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java
+++ b/maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java
@@ -36,6 +36,7 @@ import org.springframework.beans.BeansException;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.context.support.WebApplicationContextUtils;

 /**
@@ -57,7 +58,10 @@ public class InitializeContext extends HttpServlet {
    @Override
    public void init(ServletConfig config) throws ServletException {
        super.init(config);
-
+        
+        _logger.info("SecurityContextHolder StrategyName " + SessionSecurityContextHolderStrategy.class.getCanonicalName());
+        SecurityContextHolder.setStrategyName(SessionSecurityContextHolderStrategy.class.getCanonicalName());
+        
        // List Environment Variables
        listEnvVars();

--- a/maxkey-core/src/main/java/org/maxkey/web/SessionSecurityContextHolderStrategy.java
+++ b/maxkey-core/src/main/java/org/maxkey/web/SessionSecurityContextHolderStrategy.java
@@ -0,0 +1,51 @@
+package org.maxkey.web;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolderStrategy;
+import org.springframework.security.core.context.SecurityContextImpl;
+
+/**
+ * SecurityContext Session for Request , use SecurityContextHolderAwareRequestFilter
+ * @author Crystal.Sea
+ *
+ */
+public class SessionSecurityContextHolderStrategy implements SecurityContextHolderStrategy {
+    private static final Logger _logger = 
+            LoggerFactory.getLogger(SessionSecurityContextHolderStrategy.class);
+    
+    @Override
+    public void clearContext() {
+        WebContext.removeAttribute(WebConstants.AUTHENTICATION);
+    }
+
+    @Override
+    public SecurityContext getContext() {
+        SecurityContext ctx =  createEmptyContext();
+        Authentication  authentication = null;
+        try {
+            authentication = (Authentication)WebContext.getAuthentication();
+            if (authentication != null) {
+                ctx.setAuthentication(authentication);
+            }
+        }catch(Exception e) {
+            _logger.trace("a session ", e);
+        }
+       
+       
+        return ctx;
+    }
+
+    @Override
+    public void setContext(SecurityContext context) {
+        WebContext.setAuthentication(context.getAuthentication());
+    }
+
+    @Override
+    public SecurityContext createEmptyContext() {
+        return new SecurityContextImpl();
+    }
+
+}
--- a/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java
+++ b/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java
@@ -71,8 +71,12 @@ public class WebConstants {

    public static final String AUTHENTICATION = "current_authentication";
    
-    public static final String THEME_COOKIE_NAME = "maxkey_theme";
+    public static final String THEME_COOKIE_NAME = "theme_value";
    
    public static final String LOGIN_ERROR_SESSION_MESSAGE = "login_error_session_message_key";
+    
+    public static final String ONLINE_TICKET_NAME = "online_ticket";
+    
+    public static final String ONLINE_TICKET_PREFIX = "OT";

 }
--- a/maxkey-core/src/main/java/org/maxkey/web/WebContext.java
+++ b/maxkey-core/src/main/java/org/maxkey/web/WebContext.java
@@ -154,6 +154,11 @@ public final class WebContext {
        return ((ServletRequestAttributes) 
                    RequestContextHolder.getRequestAttributes()).getRequest();
    }
+    
+    public static HttpServletResponse getResponse() {
+        return ((ServletRequestAttributes) 
+                    RequestContextHolder.getRequestAttributes()).getResponse();
+    }

    /**
     * get Http Context full Path.
@@ -336,11 +341,14 @@ public final class WebContext {
     * @param time cookie的存在时间
     */
    public static HttpServletResponse setCookie(
-            HttpServletResponse response, String name, String value, int time) {
+            HttpServletResponse response, String domain ,String name, String value, int time) {
        // new一个Cookie对象,键值对为参数
        Cookie cookie = new Cookie(name, value);
        // tomcat下多应用共享
        cookie.setPath("/");
+        if(domain != null) {
+            cookie.setDomain(domain);
+        }
        // 如果cookie的值中含有中文时，需要对cookie进行编码，不然会产生乱码
        try {
            URLEncoder.encode(value, "utf-8");
@@ -348,7 +356,9 @@ public final class WebContext {
            e.printStackTrace();
        }
        // 单位：秒
-        cookie.setMaxAge(time);
+        if(time > 0) {
+            cookie.setMaxAge(time);
+        }
        // 将Cookie添加到Response中,使之生效
        response.addCookie(cookie); // addCookie后，如果已经存在相同名字的cookie，则最新的覆盖旧的cookie
        return response;
--- a/maxkey-core/src/main/java/org/maxkey/web/tag/ThemeTagDirective.java
+++ b/maxkey-core/src/main/java/org/maxkey/web/tag/ThemeTagDirective.java
@@ -76,7 +76,7 @@ public class ThemeTagDirective implements TemplateDirectiveModel {
        if (request.getAttribute(WebConstants.THEME_COOKIE_NAME) == null 
                && null != WebContext.getUserInfo()) {
            request.setAttribute(WebConstants.THEME_COOKIE_NAME, "theme");
-            WebContext.setCookie(response, 
+            WebContext.setCookie(response, null,
                    WebConstants.THEME_COOKIE_NAME, theme, ConstantsTimeInterval.ONE_WEEK);
        }