代码优化

优化去掉spring.main.allow-bean-definition-overriding=true
JWT配置文件和代码优化
机构管理新增和修改界面tab切换问题
其他优化和日志完善

build.gradle

@@ -67,15 +67,28 @@ allprojects {
     //apply plugin: "pmd"
     //apply plugin: "findbugs"
     //apply plugin: "jdepend"
-    
+    /*
+    plugins {
+        java {
+            toolchain {
+                languageVersion = JavaLanguageVersion.of(16)
+            }
+        }
+    }
+    */
     configurations.all {
         transitive = false// 为本依赖关闭依赖传递特性
     }   
     //java Version
-    sourceCompatibility = 1.8
-    targetCompatibility = 1.8
-    compileJava.options.encoding = 'UTF-8'
+    sourceCompatibility = 8
+    targetCompatibility = 8
+    //compileJava.options.encoding = 'UTF-8'
     
+    compileJava {
+        //options.release = 15
+        options.encoding = 'UTF-8'
+    }
+
     eclipse {
        /* 第一次时请注释这段eclipse设置，可能报错，设置工程字符集
         jdt  {
@@ -401,6 +414,7 @@ subprojects {
          implementation  group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: "${jacksonVersion}"
          implementation  group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-xml', version: "${jacksonVersion}"
          implementation  group: 'com.fasterxml.jackson.module', name: 'jackson-module-parameter-names', version: "${jacksonVersion}"
+         implementation  group: 'com.fasterxml.jackson.module', name: 'jackson-module-jaxb-annotations', version: "${jacksonVersion}"
          implementation  group: 'com.fasterxml', name: 'classmate', version: "${classmateVersion}"
          implementation  group: 'com.alibaba', name: 'fastjson', version: "${fastjsonVersion}"
          //docs

config/build_docker.gradle

@@ -366,6 +366,7 @@ subprojects {
          implementation  group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: "${jacksonVersion}"
          implementation  group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-xml', version: "${jacksonVersion}"
          implementation  group: 'com.fasterxml.jackson.module', name: 'jackson-module-parameter-names', version: "${jacksonVersion}"
+         implementation  group: 'com.fasterxml.jackson.module', name: 'jackson-module-jaxb-annotations', version: "${jacksonVersion}"
          implementation  group: 'com.fasterxml', name: 'classmate', version: "${classmateVersion}"
          implementation  group: 'com.alibaba', name: 'fastjson', version: "${fastjsonVersion}"
          //docs

config/build_jar.gradle

@@ -366,6 +366,7 @@ subprojects {
          implementation  group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: "${jacksonVersion}"
          implementation  group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-xml', version: "${jacksonVersion}"
          implementation  group: 'com.fasterxml.jackson.module', name: 'jackson-module-parameter-names', version: "${jacksonVersion}"
+         implementation  group: 'com.fasterxml.jackson.module', name: 'jackson-module-jaxb-annotations', version: "${jacksonVersion}"
          implementation  group: 'com.fasterxml', name: 'classmate', version: "${classmateVersion}"
          implementation  group: 'com.alibaba', name: 'fastjson', version: "${fastjsonVersion}"
          //docs

config/build_standard.gradle

@@ -401,6 +401,7 @@ subprojects {
          implementation  group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: "${jacksonVersion}"
          implementation  group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-xml', version: "${jacksonVersion}"
          implementation  group: 'com.fasterxml.jackson.module', name: 'jackson-module-parameter-names', version: "${jacksonVersion}"
+         implementation  group: 'com.fasterxml.jackson.module', name: 'jackson-module-jaxb-annotations', version: "${jacksonVersion}"
          implementation  group: 'com.fasterxml', name: 'classmate', version: "${classmateVersion}"
          implementation  group: 'com.alibaba', name: 'fastjson', version: "${fastjsonVersion}"
          //docs

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/JwtLoginService.java

@@ -29,7 +29,6 @@ import com.nimbusds.jwt.SignedJWT;
 import java.util.Date;
 import java.util.UUID;
 import org.joda.time.DateTime;
-import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails;
 import org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
@@ -39,33 +38,31 @@ import org.slf4j.LoggerFactory;
 public class JwtLoginService {
     private static final Logger _logger = LoggerFactory.getLogger(JwtLoginService.class);
 
-
-    OIDCProviderMetadataDetails jwtProviderMetadata;
-
+    String issuer;
+    
     DefaultJwtSigningAndValidationService jwtSignerValidationService;
     
     public JwtLoginService(
-            OIDCProviderMetadataDetails jwtProviderMetadata,
-            DefaultJwtSigningAndValidationService jwtSignerValidationService
+            DefaultJwtSigningAndValidationService jwtSignerValidationService,
+            String issuer
             ) {
-        this.jwtProviderMetadata = jwtProviderMetadata;
         this.jwtSignerValidationService = jwtSignerValidationService;
-        
+        this.issuer = issuer;
     }
 
     public String buildLoginJwt() {
-        _logger.debug("buildLoginJwt .");
+        _logger.debug("build Login JWT .");
 
         DateTime currentDateTime = DateTime.now();
         Date expirationTime = currentDateTime.plusMinutes(5).toDate();
-        _logger.debug("expiration Time : " + expirationTime);
+        _logger.debug("Expiration Time : " + expirationTime);
         JWTClaimsSet jwtClaims = new JWTClaimsSet.Builder().subject(WebContext.getSession().getId())
-                .expirationTime(expirationTime).issuer(jwtProviderMetadata.getIssuer())
+                .expirationTime(expirationTime).issuer(getIssuer())
                 .issueTime(currentDateTime.toDate()).jwtID(UUID.randomUUID().toString()).build();
 
         JWT jwtToken = new PlainJWT(jwtClaims);
 
-        _logger.info("jwt Claims : " + jwtClaims.toString());
+        _logger.info("JWT Claims : " + jwtClaims.toString());
 
         JWSAlgorithm signingAlg = jwtSignerValidationService.getDefaultSigningAlgorithm();
 
@@ -74,7 +71,7 @@ public class JwtLoginService {
         jwtSignerValidationService.signJwt((SignedJWT) jwtToken);
 
         String tokenString = jwtToken.serialize();
-        _logger.debug("jwt Token : " + tokenString);
+        _logger.debug("JWT Token : " + tokenString);
         return tokenString;
     }
 
@@ -82,57 +79,55 @@ public class JwtLoginService {
         SignedJWT signedJWT = null;
         JWTClaimsSet jwtClaimsSet = null;
         try {
-
-            RSASSAVerifier rsaSSAVerifier = new RSASSAVerifier(((RSAKey) jwtSignerValidationService.getAllPublicKeys()
-                    .get(jwtSignerValidationService.getDefaultSignerKeyId())).toRSAPublicKey());
+            RSASSAVerifier rsaSSAVerifier = 
+                    new RSASSAVerifier(((RSAKey) jwtSignerValidationService.getAllPublicKeys()
+                            .get(jwtSignerValidationService.getDefaultSignerKeyId())).toRSAPublicKey());
 
             signedJWT = SignedJWT.parse(jwt);
+            
             if (signedJWT.verify(rsaSSAVerifier)) {
             	 jwtClaimsSet = signedJWT.getJWTClaimsSet();
-                 _logger.debug("" + signedJWT.getPayload());
-                 _logger.debug("username " + jwtClaimsSet.getSubject());
-                 _logger.debug("jwtClaimsSet Issuer " + jwtClaimsSet.getIssuer());
-                 _logger.debug("Metadata Issuer " + jwtProviderMetadata.getIssuer());
-                 if ( jwtClaimsSet.getIssuer().equals(jwtProviderMetadata.getIssuer())) {
-                     _logger.debug("Issuer equals ");
-                     DateTime now = new DateTime();
-                     if (now.isBefore(jwtClaimsSet.getExpirationTime().getTime())) {
-                         _logger.debug("ExpirationTime  Validation " + now.isBefore(jwtClaimsSet.getExpirationTime().getTime()));
-                        return signedJWT;
-                     } 
-                 } else {
-                     _logger.debug("Issuer not equals ");
+            	 boolean isIssuerMatches = jwtClaimsSet.getIssuer().equals(getIssuer());
+            	 boolean isExpiration = (new DateTime()).isBefore(
+            	             jwtClaimsSet.getExpirationTime().getTime());
+            	 
+                 _logger.debug("Signed JWT {}" , signedJWT.getPayload());
+                 _logger.debug("Subject is {}" , jwtClaimsSet.getSubject());
+                 _logger.debug("ExpirationTime  Validation {}" ,isExpiration);
+                 _logger.debug("JWT ClaimsSet Issuer {}, Metadata Issuer {}, Issuer is matches {}" ,
+                                jwtClaimsSet.getIssuer(), getIssuer(), isIssuerMatches
+                        );
+
+                 if ( isIssuerMatches && isExpiration ) {
+                    return signedJWT;
                  }
-            } else {
-                _logger.debug("verify false ");
+            }else { 
+                _logger.debug("JWT Signer Verify false.");
             }
-           
         } catch (java.text.ParseException e) {
             // Invalid signed JWT encoding
             _logger.error("Invalid signed JWT encoding ",e);
         } catch (JOSEException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
             _logger.error("JOSEException ",e);
         }
         return null;
     }
 
-
-    public void setJwtProviderMetadata(OIDCProviderMetadataDetails jwtProviderMetadata) {
-        this.jwtProviderMetadata = jwtProviderMetadata;
-    }
-
     public void setJwtSignerValidationService(DefaultJwtSigningAndValidationService jwtSignerValidationService) {
         this.jwtSignerValidationService = jwtSignerValidationService;
     }
 
-	public OIDCProviderMetadataDetails getJwtProviderMetadata() {
-		return jwtProviderMetadata;
-	}
 	public DefaultJwtSigningAndValidationService getJwtSignerValidationService() {
 		return jwtSignerValidationService;
 	}
+
+    public String getIssuer() {
+        return issuer;
+    }
+
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
     
     
 

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java

@@ -63,7 +63,7 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
     	    OnlineTicketServices onlineTicketServices
     		) {
        
-    	_logger.debug("init authenticationProvider .");
+    	_logger.debug("init authentication Provider .");
         return new RealmAuthenticationProvider(
         		authenticationRealm,
         		applicationConfig,

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java

@@ -18,15 +18,11 @@
 package org.maxkey.autoconfigure;
 
 import com.nimbusds.jose.JOSEException;
-import com.nimbusds.jose.JWEAlgorithm;
-import java.net.URI;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 
 import org.maxkey.authn.support.jwt.JwtLoginService;
-import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails;
 import org.maxkey.crypto.jose.keystore.JWKSetKeyStore;
-import org.maxkey.crypto.jwt.encryption.service.impl.DefaultJwtEncryptionAndDecryptionService;
 import org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -40,94 +36,53 @@ import org.springframework.core.io.ClassPathResource;
 @Configuration
 public class JwtAuthnAutoConfiguration implements InitializingBean {
     private static final  Logger _logger = LoggerFactory.getLogger(JwtAuthnAutoConfiguration.class);
-    
-    /**
-     * OIDCProviderMetadataDetails. 
-     * Self-issued Provider Metadata
-     * http://openid.net/specs/openid-connect-core-1_0.html#SelfIssued 
-     */
-    @Bean(name = "oidcProviderMetadata")
-    public OIDCProviderMetadataDetails OIDCProviderMetadataDetails(
-            @Value("${maxkey.oidc.metadata.issuer}")
-            String issuer,
-            @Value("${maxkey.oidc.metadata.authorizationEndpoint}")
-            URI authorizationEndpoint,
-            @Value("${maxkey.oidc.metadata.tokenEndpoint}")
-            URI tokenEndpoint,
-            @Value("${maxkey.oidc.metadata.userinfoEndpoint}")
-            URI userinfoEndpoint) {
-        _logger.debug("RedisConnectionFactory init .");
-        OIDCProviderMetadataDetails oidcProviderMetadata = new OIDCProviderMetadataDetails();
-        oidcProviderMetadata.setIssuer(issuer);
-        oidcProviderMetadata.setAuthorizationEndpoint(authorizationEndpoint);
-        oidcProviderMetadata.setTokenEndpoint(tokenEndpoint);
-        oidcProviderMetadata.setUserinfoEndpoint(userinfoEndpoint);
-        return oidcProviderMetadata;
-    }
 
     /**
-     * jwtSetKeyStore.
+     * jwt Login JwkSetKeyStore.
      * @return
      */
-    @Bean(name = "jwkSetKeyStore")
-    public JWKSetKeyStore jwtSetKeyStore() {
+    @Bean(name = "jwtLoginJwkSetKeyStore")
+    public JWKSetKeyStore jwtLoginJwkSetKeyStore() {
         JWKSetKeyStore jwkSetKeyStore = new JWKSetKeyStore();
-        ClassPathResource classPathResource = new ClassPathResource("/config/keystore.jwks");
+        ClassPathResource classPathResource = new ClassPathResource("/config/loginjwkkeystore.jwks");
         jwkSetKeyStore.setLocation(classPathResource);
+        _logger.debug("JWT Login JwkSet KeyStore init.");
         return jwkSetKeyStore;
     }
     
     /**
-     * jwtSetKeyStore.
+     * jwt Login ValidationService.
      * @return
      * @throws JOSEException
      * @throws InvalidKeySpecException 
      * @throws NoSuchAlgorithmException 
      */
-    @Bean(name = "jwtSignerValidationService")
-    public DefaultJwtSigningAndValidationService jwtSignerValidationService(
-            JWKSetKeyStore jwtSetKeyStore) 
+    @Bean(name = "jwtLoginValidationService")
+    public DefaultJwtSigningAndValidationService jwtLoginValidationService(
+            JWKSetKeyStore jwtLoginJwkSetKeyStore) 
                     throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
         DefaultJwtSigningAndValidationService jwtSignerValidationService = 
-                new DefaultJwtSigningAndValidationService(jwtSetKeyStore);
+                new DefaultJwtSigningAndValidationService(jwtLoginJwkSetKeyStore);
         jwtSignerValidationService.setDefaultSignerKeyId("maxkey_rsa");
         jwtSignerValidationService.setDefaultSigningAlgorithmName("RS256");
+        _logger.debug("JWT Login Signing and Validation init.");
         return jwtSignerValidationService;
     }
-    
-    /**
-     * jwtSetKeyStore.
-     * @return
-     * @throws JOSEException 
-     * @throws InvalidKeySpecException 
-     * @throws NoSuchAlgorithmException 
-     */
-    @Bean(name = "jwtEncryptionService")
-    public DefaultJwtEncryptionAndDecryptionService jwtEncryptionService(
-            JWKSetKeyStore jwtSetKeyStore) 
-                    throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
-        DefaultJwtEncryptionAndDecryptionService jwtEncryptionService = 
-                new DefaultJwtEncryptionAndDecryptionService(jwtSetKeyStore);
-        jwtEncryptionService.setDefaultAlgorithm(JWEAlgorithm.RSA_OAEP_256);//RSA1_5
-        jwtEncryptionService.setDefaultDecryptionKeyId("maxkey_rsa");
-        jwtEncryptionService.setDefaultEncryptionKeyId("maxkey_rsa");
-        return jwtEncryptionService;
-    }
-    
+
     /**
-     * JwtLoginService.
+     * Jwt LoginService.
      * @return
      */
     @Bean(name = "jwtLoginService")
     public JwtLoginService jwtLoginService(
-            DefaultJwtSigningAndValidationService jwtSignerValidationService,
-            OIDCProviderMetadataDetails oidcProviderMetadata) {
-        
+            @Value("${maxkey.login.jwt.issuer}")
+            String issuer,
+            DefaultJwtSigningAndValidationService jwtLoginValidationService) {
         JwtLoginService jwtLoginService = new JwtLoginService(
-                oidcProviderMetadata,
-                jwtSignerValidationService
+                    jwtLoginValidationService,
+                    issuer
                 );
-        
+        _logger.debug("JWT Login Service init.");
         return jwtLoginService;
     }
     

maxkey-core/src/main/java/org/maxkey/autoconfigure/ApplicationAutoConfiguration.java

@@ -17,10 +17,10 @@
 
 package org.maxkey.autoconfigure;
 
-import com.alibaba.druid.spring.boot.autoconfigure.DruidDataSourceBuilder;
 import java.util.HashMap;
 import java.util.Map;
 import javax.sql.DataSource;
+
 import org.maxkey.crypto.keystore.KeyStoreLoader;
 import org.maxkey.crypto.password.LdapShaPasswordEncoder;
 import org.maxkey.crypto.password.Md4PasswordEncoder;
@@ -36,12 +36,9 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Primary;
 import org.springframework.core.io.Resource;
-import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.jdbc.datasource.DataSourceTransactionManager;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
@@ -50,36 +47,21 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
 import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;
 
-
 @Configuration
 public class ApplicationAutoConfiguration  implements InitializingBean {
     private static final  Logger _logger = 
             LoggerFactory.getLogger(ApplicationAutoConfiguration.class);
-    
-    @Bean
-    @Primary
-    @ConfigurationProperties("spring.datasource")
-    public DataSource dataSource() {
-        return DruidDataSourceBuilder.create().build();
-    }
-    
+
     @Bean(name = "passwordReciprocal")
     public PasswordReciprocal passwordReciprocal() {
         return new PasswordReciprocal();
     }
     
-    
-    @Bean(name = "jdbcTemplate")
-    public JdbcTemplate jdbcTemplate(DataSource dataSource) {
-        return new JdbcTemplate(dataSource);
-    }
-    
     @Bean(name = "transactionManager")
     public DataSourceTransactionManager transactionManager(DataSource dataSource) {
         return new DataSourceTransactionManager(dataSource);
     }
     
-    
     /**
      * Authentication Password Encoder .
      * @return
@@ -162,7 +144,6 @@ public class ApplicationAutoConfiguration  implements InitializingBean {
         return spIssuingEntityName;
     }
     
-    
     /**
      * spKeyStoreLoader .
      * @return

maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java

@@ -17,7 +17,6 @@
 
 package org.maxkey.autoconfigure;
 
-import java.nio.charset.Charset;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -39,8 +38,6 @@ import org.springframework.boot.web.server.WebServerFactoryCustomizer;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.DependsOn;
-import org.springframework.context.annotation.Primary;
 import org.springframework.context.support.ReloadableResourceBundleMessageSource;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
@@ -53,6 +50,8 @@ import org.springframework.security.web.servletapi.SecurityContextHolderAwareReq
 import org.springframework.web.client.RestTemplate;
 import org.springframework.web.filter.DelegatingFilterProxy;
 import org.springframework.web.multipart.commons.CommonsMultipartResolver;
+import org.springframework.web.servlet.LocaleResolver;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import org.springframework.web.servlet.i18n.CookieLocaleResolver;
 import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
 import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter;
@@ -60,24 +59,8 @@ import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandl
 
 
 @Configuration
-public class MvcAutoConfiguration implements InitializingBean {
+public class MvcAutoConfiguration implements InitializingBean , WebMvcConfigurer {
     private static final  Logger _logger = LoggerFactory.getLogger(MvcAutoConfiguration.class);
-   
-    /**
-     * cookieLocaleResolver .
-     * @return cookieLocaleResolver
-     */
-    @Primary
-    @Bean (name = "localeResolver")
-    public CookieLocaleResolver cookieLocaleResolver(
-            @Value("${maxkey.server.domain:maxkey.top}")String domainName) {
-        _logger.debug("DomainName " + domainName);
-        CookieLocaleResolver cookieLocaleResolver = new CookieLocaleResolver();
-        cookieLocaleResolver.setCookieName("maxkey_locale");
-        cookieLocaleResolver.setCookieDomain(domainName);
-        cookieLocaleResolver.setCookieMaxAge(ConstantsTimeInterval.TWO_WEEK);
-        return cookieLocaleResolver;
-    }
     
     /**
      * 消息处理，可以直接使用properties的key值，返回的是对应的value值
@@ -188,35 +171,41 @@ public class MvcAutoConfiguration implements InitializingBean {
     }
     
     /**
-     * stringHttpMessageConverter .
-     * @return stringHttpMessageConverter
+     * cookieLocaleResolver .
+     * @return cookieLocaleResolver
      */
-    @Bean (name = "stringHttpMessageConverter")
-    public HttpMessageConverter<String> responseBodyConverter() {
-        StringHttpMessageConverter stringHttpMessageConverter = 
-                new StringHttpMessageConverter(Charset.forName("UTF-8"));
-        return stringHttpMessageConverter;
+
+    @Bean(name = "cookieLocaleResolver")
+    public LocaleResolver cookieLocaleResolver(
+            @Value("${maxkey.server.domain:maxkey.top}")
+            String domainName
+        ) {
+        _logger.debug("DomainName " + domainName);
+        CookieLocaleResolver cookieLocaleResolver = new CookieLocaleResolver();
+        cookieLocaleResolver.setCookieName("mxk_locale");
+        cookieLocaleResolver.setCookieDomain(domainName);
+        cookieLocaleResolver.setCookieMaxAge(ConstantsTimeInterval.TWO_WEEK);
+        return cookieLocaleResolver;
     }
-    
+     
     /**
      * AnnotationMethodHandlerAdapter
      * requestMappingHandlerAdapter .
      * @return requestMappingHandlerAdapter
      */
-    @DependsOn("stringHttpMessageConverter")
-    @Bean (name = "requestMappingHandlerAdapter")
+    @Bean (name = "addConverterRequestMappingHandlerAdapter")
     public RequestMappingHandlerAdapter requestMappingHandlerAdapter(
             MappingJackson2HttpMessageConverter mappingJacksonHttpMessageConverter,
             MarshallingHttpMessageConverter marshallingHttpMessageConverter,
-            StringHttpMessageConverter stringHttpMessageConverter) {
+            StringHttpMessageConverter stringHttpMessageConverter,
+            RequestMappingHandlerAdapter requestMappingHandlerAdapter) {
         List<HttpMessageConverter<?>> httpMessageConverterList = 
                 new ArrayList<HttpMessageConverter<?>>();
         httpMessageConverterList.add(mappingJacksonHttpMessageConverter);
         httpMessageConverterList.add(marshallingHttpMessageConverter);
         httpMessageConverterList.add(stringHttpMessageConverter);
+        _logger.debug("stringHttpMessageConverter {}",stringHttpMessageConverter.getDefaultCharset());   
         
-        RequestMappingHandlerAdapter requestMappingHandlerAdapter = 
-                new RequestMappingHandlerAdapter();
         requestMappingHandlerAdapter.setMessageConverters(httpMessageConverterList);
         return requestMappingHandlerAdapter;
     }
@@ -295,9 +284,8 @@ public class MvcAutoConfiguration implements InitializingBean {
                 LoginService loginService,
                 LoginHistoryService loginHistoryService
             ) {
-        SessionListenerAdapter sessionListenerAdapter =new SessionListenerAdapter();
-        sessionListenerAdapter.setLoginService(loginService);
-        sessionListenerAdapter.setLoginHistoryService(loginHistoryService);
+        SessionListenerAdapter sessionListenerAdapter =
+                new SessionListenerAdapter(loginService,loginHistoryService);
         return sessionListenerAdapter;
     }
     

maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java

@@ -36,6 +36,7 @@ import org.maxkey.util.PathUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.support.BeanDefinitionRegistry;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
@@ -95,6 +96,14 @@ public class InitializeContext extends HttpServlet {
     }
 
     public InitializeContext(ConfigurableApplicationContext applicationContext) {
+        if(applicationContext.containsBean("localeResolver") &&
+                applicationContext.containsBean("cookieLocaleResolver")) {
+            BeanDefinitionRegistry beanFactory = (BeanDefinitionRegistry)applicationContext.getBeanFactory();
+            beanFactory.removeBeanDefinition("localeResolver");
+            beanFactory.registerBeanDefinition("localeResolver", 
+                    beanFactory.getBeanDefinition("cookieLocaleResolver"));
+            _logger.debug("cookieLocaleResolver replaced localeResolver.");
+        }
         this.applicationContext = applicationContext;
     }
 

maxkey-core/src/main/java/org/maxkey/web/SessionListenerAdapter.java

@@ -44,6 +44,13 @@ public class SessionListenerAdapter implements HttpSessionListener {
         _logger.debug("SessionListenerAdapter inited . ");
     }
 
+    public SessionListenerAdapter(LoginService loginService, LoginHistoryService loginHistoryService) {
+        super();
+        this.loginService = loginService;
+        this.loginHistoryService = loginHistoryService;
+        _logger.debug("SessionListenerAdapter inited . ");
+    }
+
     public void init() {
         if(loginService == null ) {
             loginService = (LoginService)WebContext.getBean("loginService");

maxkey-core/src/main/java/org/maxkey/web/WebConstants.java

@@ -77,7 +77,7 @@ public class WebConstants {
 
     public static final  String AUTHENTICATION = "current_authentication";
     
-    public static final  String THEME_COOKIE_NAME = "theme_value";
+    public static final  String THEME_COOKIE_NAME = "mxk_theme_value";
     
     public static final  String LOGIN_ERROR_SESSION_MESSAGE 
                                     = "login_error_session_message_key";

maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/autoconfigure/Oauth20AutoConfiguration.java

@@ -23,7 +23,6 @@ import java.security.spec.InvalidKeySpecException;
 
 import javax.servlet.Filter;
 import javax.sql.DataSource;
-import org.maxkey.authn.support.jwt.JwtLoginService;
 import org.maxkey.authz.oauth2.common.OAuth2Constants;
 import org.maxkey.authz.oauth2.provider.ClientDetailsService;
 import org.maxkey.authz.oauth2.provider.OAuth2UserDetailsService;
@@ -98,7 +97,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
             URI tokenEndpoint,
             @Value("${maxkey.oidc.metadata.userinfoEndpoint}")
             URI userinfoEndpoint) {
-        _logger.debug("OIDCProviderMetadataDetails init .");
+        _logger.debug("OIDC Provider Metadata Details init .");
         OIDCProviderMetadataDetails oidcProviderMetadata = new OIDCProviderMetadataDetails();
         oidcProviderMetadata.setIssuer(issuer);
         oidcProviderMetadata.setAuthorizationEndpoint(authorizationEndpoint);
@@ -112,10 +111,11 @@ public class Oauth20AutoConfiguration implements InitializingBean {
      * @return
      */
     @Bean(name = "jwkSetKeyStore")
-    public JWKSetKeyStore jwtSetKeyStore() {
+    public JWKSetKeyStore jwkSetKeyStore() {
         JWKSetKeyStore jwkSetKeyStore = new JWKSetKeyStore();
         ClassPathResource classPathResource = new ClassPathResource("/config/keystore.jwks");
         jwkSetKeyStore.setLocation(classPathResource);
+        _logger.debug("JWKSet KeyStore init.");
         return jwkSetKeyStore;
     }
     
@@ -128,12 +128,13 @@ public class Oauth20AutoConfiguration implements InitializingBean {
      */
     @Bean(name = "jwtSignerValidationService")
     public DefaultJwtSigningAndValidationService jwtSignerValidationService(
-            JWKSetKeyStore jwtSetKeyStore) 
+            JWKSetKeyStore jwkSetKeyStore) 
                     throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
         DefaultJwtSigningAndValidationService jwtSignerValidationService = 
-                new DefaultJwtSigningAndValidationService(jwtSetKeyStore);
+                new DefaultJwtSigningAndValidationService(jwkSetKeyStore);
         jwtSignerValidationService.setDefaultSignerKeyId("maxkey_rsa");
         jwtSignerValidationService.setDefaultSigningAlgorithmName("RS256");
+        _logger.debug("JWT Signer and Validation Service init.");
         return jwtSignerValidationService;
     }
     
@@ -146,34 +147,18 @@ public class Oauth20AutoConfiguration implements InitializingBean {
      */
     @Bean(name = "jwtEncryptionService")
     public DefaultJwtEncryptionAndDecryptionService jwtEncryptionService(
-            JWKSetKeyStore jwtSetKeyStore) 
+            JWKSetKeyStore jwkSetKeyStore) 
                     throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
         DefaultJwtEncryptionAndDecryptionService jwtEncryptionService = 
-                new DefaultJwtEncryptionAndDecryptionService(jwtSetKeyStore);
+                new DefaultJwtEncryptionAndDecryptionService(jwkSetKeyStore);
         jwtEncryptionService.setDefaultAlgorithm(JWEAlgorithm.RSA_OAEP_256);//RSA1_5
         jwtEncryptionService.setDefaultDecryptionKeyId("maxkey_rsa");
         jwtEncryptionService.setDefaultEncryptionKeyId("maxkey_rsa");
+        _logger.debug("JWT Encryption and Decryption Service init.");
         return jwtEncryptionService;
     }
     
     /**
-     * JwtLoginService.
-     * @return
-     */
-    @Bean(name = "jwtLoginService")
-    public JwtLoginService jwtLoginService(
-            DefaultJwtSigningAndValidationService jwtSignerValidationService,
-            OIDCProviderMetadataDetails oidcProviderMetadata) {
-        
-        JwtLoginService jwtLoginService = new JwtLoginService(
-                oidcProviderMetadata,
-                jwtSignerValidationService
-                );
-        return jwtLoginService;
-    }
-    
-    
-    /**
      * tokenEnhancer.
      * @return
      */
@@ -188,6 +173,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
         tokenEnhancer.setJwtEnDecryptionService(jwtEncryptionService);
         tokenEnhancer.setClientDetailsService(oauth20JdbcClientDetailsService);
         tokenEnhancer.setProviderMetadata(oidcProviderMetadata);
+        _logger.debug("OIDC IdToken Enhancer init.");
         return tokenEnhancer;
     }
     //以上部分为了支持OpenID Connect 1.0
@@ -202,7 +188,8 @@ public class Oauth20AutoConfiguration implements InitializingBean {
     public AuthorizationCodeServices oauth20AuthorizationCodeServices(
             @Value("${maxkey.server.persistence}") int persistence,
             JdbcTemplate jdbcTemplate,
-            RedisConnectionFactory redisConnFactory) {        
+            RedisConnectionFactory redisConnFactory) {  
+        _logger.debug("OAuth 2 Authorization Code Services init.");
         return new AuthorizationCodeServicesFactory().getService(persistence, jdbcTemplate, redisConnFactory);
     }
     
@@ -216,7 +203,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
             @Value("${maxkey.server.persistence}") int persistence,
             JdbcTemplate jdbcTemplate,
             RedisConnectionFactory redisConnFactory) {
-        
+        _logger.debug("OAuth 2 TokenStore init.");
         return new TokenStoreFactory().getTokenStore(persistence, jdbcTemplate, redisConnFactory);
     }
     
@@ -227,6 +214,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
     @Bean(name = "converter")
     public JwtAccessTokenConverter jwtAccessTokenConverter() {
         JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
+        _logger.debug("OAuth 2 Jwt AccessToken Converter init.");
         return jwtAccessTokenConverter;
     }
     
@@ -238,6 +226,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
     public JdbcClientDetailsService clientDetailsService(DataSource dataSource,PasswordEncoder passwordReciprocal) {
         JdbcClientDetailsService clientDetailsService = new JdbcClientDetailsService(dataSource);
         clientDetailsService.setPasswordEncoder(passwordReciprocal);
+        _logger.debug("OAuth 2 Jdbc ClientDetails Service init.");
         return clientDetailsService;
     }    
     
@@ -255,6 +244,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
         tokenServices.setTokenEnhancer(tokenEnhancer);
         tokenServices.setTokenStore(oauth20TokenStore);
         tokenServices.setSupportRefreshToken(true);
+        _logger.debug("OAuth 2 Token Services init.");
         return tokenServices;
     }
     
@@ -268,6 +258,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
             TokenStore oauth20TokenStore) {
         TokenApprovalStore tokenApprovalStore = new TokenApprovalStore();
         tokenApprovalStore.setTokenStore(oauth20TokenStore);
+        _logger.debug("OAuth 2 Approval Store init.");
         return tokenApprovalStore;
     }
     
@@ -281,6 +272,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
             JdbcClientDetailsService oauth20JdbcClientDetailsService) {
         DefaultOAuth2RequestFactory oauth2RequestFactory = 
                 new DefaultOAuth2RequestFactory(oauth20JdbcClientDetailsService);
+        _logger.debug("OAuth 2 Request Factory init.");
         return oauth2RequestFactory;
     }
     
@@ -298,6 +290,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
         userApprovalHandler.setApprovalStore(oauth20ApprovalStore);
         userApprovalHandler.setRequestFactory(oAuth2RequestFactory);
         userApprovalHandler.setClientDetailsService(oauth20JdbcClientDetailsService);
+        _logger.debug("OAuth 2 User Approval Handler init.");
         return userApprovalHandler;
     }
     
@@ -318,6 +311,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
         daoAuthenticationProvider.setPasswordEncoder(passwordEncoder);
         daoAuthenticationProvider.setUserDetailsService(userDetailsService);
         ProviderManager authenticationManager = new ProviderManager(daoAuthenticationProvider);
+        _logger.debug("OAuth 2 User Authentication Manager init.");
         return authenticationManager;
     }
     
@@ -338,6 +332,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
         daoAuthenticationProvider.setPasswordEncoder(passwordReciprocal);
         daoAuthenticationProvider.setUserDetailsService(cientDetailsUserDetailsService);
         ProviderManager authenticationManager = new ProviderManager(daoAuthenticationProvider);
+        _logger.debug("OAuth 2 Client Authentication Manager init.");
         return authenticationManager;
     }
     

maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java

@@ -157,15 +157,15 @@ public class MaxKeyConfig  implements InitializingBean {
 	    		AbstractRemeberMeService remeberMeService,
 	    		UserInfoService userInfoService,
                 JdbcTemplate jdbcTemplate,
-                @Value("${maxkey.support.ldap.enable:false}")boolean ldapSupport,
-    			@Value("${maxkey.support.ldap.jit:false}")boolean ldapJit,
-    			@Value("${maxkey.support.ldap.providerurl}")String providerUrl,
-    			@Value("${maxkey.support.ldap.principal}")String principal,
-    			@Value("${maxkey.support.ldap.credentials}")String credentials,
-    			@Value("${maxkey.support.ldap.filter}")String filter,
-    			@Value("${maxkey.support.ldap.basedn}")String baseDN,
-    			@Value("${maxkey.support.ldap.activedirectory.domain}")String domain,
-    			@Value("${maxkey.support.ldap.product:openldap}")String product) {
+                @Value("${maxkey.login.ldap.enable:false}")boolean ldapSupport,
+    			@Value("${maxkey.login.ldap.jit:false}")boolean ldapJit,
+    			@Value("${maxkey.login.ldap.providerurl}")String providerUrl,
+    			@Value("${maxkey.login.ldap.principal}")String principal,
+    			@Value("${maxkey.login.ldap.credentials}")String credentials,
+    			@Value("${maxkey.login.ldap.filter}")String filter,
+    			@Value("${maxkey.login.ldap.basedn}")String baseDN,
+    			@Value("${maxkey.login.ldap.activedirectory.domain}")String domain,
+    			@Value("${maxkey.login.ldap.product:openldap}")String product) {
     	AbstractAuthenticationRealm ldapAuthenticationRealm = 
     			ldapAuthenticationRealm(
 					ldapSupport,ldapJit,
@@ -281,13 +281,13 @@ public class MaxKeyConfig  implements InitializingBean {
     
     @Bean(name = "kerberosService")
     public RemoteKerberosService kerberosService(
-            @Value("${maxkey.support.kerberos.default.userdomain}")
+            @Value("${maxkey.login.kerberos.default.userdomain}")
             String userDomain,
-            @Value("${maxkey.support.kerberos.default.fulluserdomain}")
+            @Value("${maxkey.login.kerberos.default.fulluserdomain}")
             String fullUserDomain,
-            @Value("${maxkey.support.kerberos.default.crypto}")
+            @Value("${maxkey.login.kerberos.default.crypto}")
             String crypto,
-            @Value("${maxkey.support.kerberos.default.redirecturi}")
+            @Value("${maxkey.login.kerberos.default.redirecturi}")
             String redirectUri
             ) {
         RemoteKerberosService kerberosService = new RemoteKerberosService();

maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java

@@ -77,13 +77,13 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
     @Autowired
     HistoryLoginAppAdapter historyLoginAppAdapter;
     
-    @Value("${maxkey.support.httpheader.enable:false}")
+    @Value("${maxkey.login.httpheader.enable:false}")
     private boolean httpHeaderEnable;
     
-    @Value("${maxkey.support.httpheader.headername:iv-user}")
+    @Value("${maxkey.login.httpheader.headername:iv-user}")
     private String httpHeaderName;
     
-    @Value("${maxkey.support.basic.enable:false}")
+    @Value("${maxkey.login.basic.enable:false}")
     private boolean basicEnable;
     
     @Override

maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties

@@ -68,9 +68,13 @@ maxkey.login.wsfederation                       =false
 maxkey.login.remeberme                          =${LOGIN_REMEBERME:true}
 #validity           
 maxkey.login.remeberme.validity                 =0
+#JWT support
+maxkey.login.jwt                                =${LOGIN_JWT:true}
+maxkey.login.jwt.issuer                         =${LOGIN_JWT_ISSUER:https://${maxkey.server.domain}/maxkey}
 #to default application web site            
 maxkey.login.default.uri                        =appList
 maxkey.ipaddress.whitelist                      =false
+#notices show
 maxkey.notices.visible                          =false
 ############################################################################
 #ssl configuration                                                         #
@@ -208,45 +212,45 @@ maxkey.otp.policy.period                        =30
 ############################################################################ 
 #LDAP Login support configuration                                          #
 ############################################################################
-maxkey.support.ldap.enable                      =${LDAP_ENABLE:false}
-maxkey.support.ldap.jit                         =false
+maxkey.login.ldap.enable                      =${LDAP_ENABLE:false}
+maxkey.login.ldap.jit                         =false
 #openldap,activedirectory,normal    
-maxkey.support.ldap.product                     =${LDAP_PRODUCT:openldap}
-maxkey.support.ldap.ssl                         =${LDAP_SSL:false}
-maxkey.support.ldap.providerurl                 =${LDAP_PROVIDERURL:ldap://localhost:389}
-maxkey.support.ldap.principal                   =${LDAP_PRINCIPAL:cn=Manager,dc=maxcrc,dc=com}
-maxkey.support.ldap.credentials                 =${LDAP_CREDENTIALS:secret}
-maxkey.support.ldap.basedn                      =${LDAP_BASEDN:dc=maxcrc,dc=com}
-maxkey.support.ldap.filter                      =(uid=%s)
-maxkey.support.ldap.truststore                  =${LDAP_TRUSTSTORE:maxkey}
-maxkey.support.ldap.truststorepassword          =${LDAP_TRUSTSTORE_PASSWORD:maxkey}
+maxkey.login.ldap.product                     =${LDAP_PRODUCT:openldap}
+maxkey.login.ldap.ssl                         =${LDAP_SSL:false}
+maxkey.login.ldap.providerurl                 =${LDAP_PROVIDERURL:ldap://localhost:389}
+maxkey.login.ldap.principal                   =${LDAP_PRINCIPAL:cn=Manager,dc=maxcrc,dc=com}
+maxkey.login.ldap.credentials                 =${LDAP_CREDENTIALS:secret}
+maxkey.login.ldap.basedn                      =${LDAP_BASEDN:dc=maxcrc,dc=com}
+maxkey.login.ldap.filter                      =(uid=%s)
+maxkey.login.ldap.truststore                  =${LDAP_TRUSTSTORE:maxkey}
+maxkey.login.ldap.truststorepassword          =${LDAP_TRUSTSTORE_PASSWORD:maxkey}
 #activedirectory effective  
-maxkey.support.ldap.activedirectory.domain      =${LDAP_AD_DOMAIN:MAXKEY.ORG}
+maxkey.login.ldap.activedirectory.domain      =${LDAP_AD_DOMAIN:MAXKEY.ORG}
 
 ############################################################################ 
 #Kerberos Login configuration                                              #
 #short name of user domain must be in upper case,eg:MAXKEY                 #
 ############################################################################
-maxkey.support.kerberos.default.userdomain      =MAXKEY
+maxkey.login.kerberos.default.userdomain      =MAXKEY
 #short name of user domain must be in upper case,eg:MAXKEY.ORG
-maxkey.support.kerberos.default.fulluserdomain  =MAXKEY.ORG
+maxkey.login.kerberos.default.fulluserdomain  =MAXKEY.ORG
 #last 8Bit crypto for Kerberos web Authentication 
-maxkey.support.kerberos.default.crypto          =846KZSzYq56M6d5o
+maxkey.login.kerberos.default.crypto          =846KZSzYq56M6d5o
 #Kerberos Authentication server RUL
-maxkey.support.kerberos.default.redirecturi     =http://sso.maxkey.top/kerberos/authn/
+maxkey.login.kerberos.default.redirecturi     =http://sso.maxkey.top/kerberos/authn/
 
 ############################################################################ 
 #HTTPHEADER Login configuration                                            #
 ############################################################################
-maxkey.support.httpheader.enable                =false
-maxkey.support.httpheader.headername            =header-user
+maxkey.login.httpheader.enable                =false
+maxkey.login.httpheader.headername            =header-user
 # iv-user is for IBM Security Access Manager
 #config.httpheader.headername=iv-user
 
 ############################################################################ 
 #BASIC Login support configuration                                         #
 ############################################################################
-maxkey.support.basic.enable                     =false
+maxkey.login.basic.enable                     =false
 
 #############################################################################
 #WsFederation Login support configuration
@@ -258,14 +262,14 @@ maxkey.support.basic.enable                     =false
 #attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server
 #signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS.
 ############################################################################
-maxkey.support.wsfederation.identifier          =http://adfs.maxkey.top/adfs/services/trust
-maxkey.support.wsfederation.url                 =https://adfs.maxkey.top/adfs/ls/
-maxkey.support.wsfederation.principal           =upn
-maxkey.support.wsfederation.relyingParty        =urn:federation:connsec
-maxkey.support.wsfederation.signingCertificate  =adfs-signing.crt
-maxkey.support.wsfederation.tolerance           =10000
-maxkey.support.wsfederation.upn.suffix          =maxkey.org
-maxkey.support.wsfederation.logoutUrl           =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0
+maxkey.login.wsfederation.identifier          =http://adfs.maxkey.top/adfs/services/trust
+maxkey.login.wsfederation.url                 =https://adfs.maxkey.top/adfs/ls/
+maxkey.login.wsfederation.principal           =upn
+maxkey.login.wsfederation.relyingParty        =urn:federation:connsec
+maxkey.login.wsfederation.signingCertificate  =adfs-signing.crt
+maxkey.login.wsfederation.tolerance           =10000
+maxkey.login.wsfederation.upn.suffix          =maxkey.org
+maxkey.login.wsfederation.logoutUrl           =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0
 
 #############################################################################
 #OIDC V1.0 METADATA configuration                                           #

maxkey-webs/maxkey-web-maxkey/src/main/resources/application-https.properties

@@ -69,9 +69,13 @@ maxkey.login.wsfederation                       =false
 maxkey.login.remeberme                          =${LOGIN_REMEBERME:true}
 #validity           
 maxkey.login.remeberme.validity                 =0
+#JWT support
+maxkey.login.jwt                                =${LOGIN_JWT:true}
+maxkey.login.jwt.issuer                         =${LOGIN_JWT_ISSUER:https://${maxkey.server.domain}/maxkey}
 #to default application web site            
 maxkey.login.default.uri                        =appList
 maxkey.ipaddress.whitelist                      =false
+#notices show
 maxkey.notices.visible                          =false
 
 ############################################################################
@@ -210,45 +214,45 @@ maxkey.otp.policy.period                        =30
 ############################################################################ 
 #LDAP Login support configuration                                          #
 ############################################################################
-maxkey.support.ldap.enable                      =${LDAP_ENABLE:false}
-maxkey.support.ldap.jit                         =false
+maxkey.login.ldap.enable                      =${LDAP_ENABLE:false}
+maxkey.login.ldap.jit                         =false
 #openldap,activedirectory,normal    
-maxkey.support.ldap.product                     =${LDAP_PRODUCT:openldap}
-maxkey.support.ldap.ssl                         =${LDAP_SSL:false}
-maxkey.support.ldap.providerurl                 =${LDAP_PROVIDERURL:ldap://localhost:389}
-maxkey.support.ldap.principal                   =${LDAP_PRINCIPAL:cn=Manager,dc=maxcrc,dc=com}
-maxkey.support.ldap.credentials                 =${LDAP_CREDENTIALS:secret}
-maxkey.support.ldap.basedn                      =${LDAP_BASEDN:dc=maxcrc,dc=com}
-maxkey.support.ldap.filter                      =(uid=%s)
-maxkey.support.ldap.truststore                  =${LDAP_TRUSTSTORE:maxkey}
-maxkey.support.ldap.truststorepassword          =${LDAP_TRUSTSTORE_PASSWORD:maxkey}
+maxkey.login.ldap.product                     =${LDAP_PRODUCT:openldap}
+maxkey.login.ldap.ssl                         =${LDAP_SSL:false}
+maxkey.login.ldap.providerurl                 =${LDAP_PROVIDERURL:ldap://localhost:389}
+maxkey.login.ldap.principal                   =${LDAP_PRINCIPAL:cn=Manager,dc=maxcrc,dc=com}
+maxkey.login.ldap.credentials                 =${LDAP_CREDENTIALS:secret}
+maxkey.login.ldap.basedn                      =${LDAP_BASEDN:dc=maxcrc,dc=com}
+maxkey.login.ldap.filter                      =(uid=%s)
+maxkey.login.ldap.truststore                  =${LDAP_TRUSTSTORE:maxkey}
+maxkey.login.ldap.truststorepassword          =${LDAP_TRUSTSTORE_PASSWORD:maxkey}
 #activedirectory effective  
-maxkey.support.ldap.activedirectory.domain      =${LDAP_AD_DOMAIN:MAXKEY.ORG}
+maxkey.login.ldap.activedirectory.domain      =${LDAP_AD_DOMAIN:MAXKEY.ORG}
 
 ############################################################################ 
 #Kerberos Login configuration                                              #
 #short name of user domain must be in upper case,eg:MAXKEY                 #
 ############################################################################
-maxkey.support.kerberos.default.userdomain      =MAXKEY
+maxkey.login.kerberos.default.userdomain      =MAXKEY
 #short name of user domain must be in upper case,eg:MAXKEY.ORG
-maxkey.support.kerberos.default.fulluserdomain  =MAXKEY.ORG
+maxkey.login.kerberos.default.fulluserdomain  =MAXKEY.ORG
 #last 8Bit crypto for Kerberos web Authentication 
-maxkey.support.kerberos.default.crypto          =846KZSzYq56M6d5o
+maxkey.login.kerberos.default.crypto          =846KZSzYq56M6d5o
 #Kerberos Authentication server RUL
-maxkey.support.kerberos.default.redirecturi     =http://sso.maxkey.top/kerberos/authn/
+maxkey.login.kerberos.default.redirecturi     =http://sso.maxkey.top/kerberos/authn/
 
 ############################################################################ 
 #HTTPHEADER Login configuration                                            #
 ############################################################################
-maxkey.support.httpheader.enable                =false
-maxkey.support.httpheader.headername            =header-user
+maxkey.login.httpheader.enable                =false
+maxkey.login.httpheader.headername            =header-user
 # iv-user is for IBM Security Access Manager
 #config.httpheader.headername=iv-user
 
 ############################################################################ 
 #BASIC Login support configuration                                         #
 ############################################################################
-maxkey.support.basic.enable                     =false
+maxkey.login.basic.enable                     =false
 
 #############################################################################
 #WsFederation Login support configuration
@@ -260,14 +264,14 @@ maxkey.support.basic.enable                     =false
 #attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server
 #signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS.
 ############################################################################
-maxkey.support.wsfederation.identifier          =http://adfs.maxkey.top/adfs/services/trust
-maxkey.support.wsfederation.url                 =https://adfs.maxkey.top/adfs/ls/
-maxkey.support.wsfederation.principal           =upn
-maxkey.support.wsfederation.relyingParty        =urn:federation:connsec
-maxkey.support.wsfederation.signingCertificate  =adfs-signing.crt
-maxkey.support.wsfederation.tolerance           =10000
-maxkey.support.wsfederation.upn.suffix          =maxkey.org
-maxkey.support.wsfederation.logoutUrl           =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0
+maxkey.login.wsfederation.identifier          =http://adfs.maxkey.top/adfs/services/trust
+maxkey.login.wsfederation.url                 =https://adfs.maxkey.top/adfs/ls/
+maxkey.login.wsfederation.principal           =upn
+maxkey.login.wsfederation.relyingParty        =urn:federation:connsec
+maxkey.login.wsfederation.signingCertificate  =adfs-signing.crt
+maxkey.login.wsfederation.tolerance           =10000
+maxkey.login.wsfederation.upn.suffix          =maxkey.org
+maxkey.login.wsfederation.logoutUrl           =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0
 
 #############################################################################
 #OIDC V1.0 METADATA configuration                                           #

maxkey-webs/maxkey-web-maxkey/src/main/resources/application.properties

@@ -23,7 +23,7 @@ spring.application.name                     =maxkey
 #Main.banner-mode configuration                                            #
 ############################################################################
 spring.main.banner-mode                     =log
-spring.main.allow-bean-definition-overriding=true
+#spring.main.allow-bean-definition-overriding=true
 ############################################################################
 #spring.profiles.active https/http; default https                          #
 ############################################################################

maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/login.ftl

@@ -96,9 +96,9 @@
 	var currentSwitchTab="normalLogin";
 	<#--submit form-->		
 	function doLoginSubmit(){
-		$.cookie("username", $("#"+currentSwitchTab+"Form input[name=username]").val(), { expires: 7 });
+		$.cookie("login_username", $("#"+currentSwitchTab+"Form input[name=username]").val(), { expires: 7 });
 		$("#"+currentSwitchTab+"SubmitButton").click();
-		$.cookie("switch_tab", currentSwitchTab, { expires: 7 });
+		$.cookie("login_switch_tab", currentSwitchTab, { expires: 7 });
 	};
 	
 	<#--switch Login Form-->
@@ -127,12 +127,12 @@
 		$(".doLoginSubmit").on("click",function(){
 				doLoginSubmit();
 		});
-		
+		var cookieLoginUsername = $.cookie("login_username");
 		<#--read username cookie for login e-->		
-		if($.cookie("username")!=undefined&&$.cookie("username")!=""){
-			var switch_tab=$.cookie("switch_tab")==undefined?"normalLogin":$.cookie("switch_tab");
+		if(cookieLoginUsername != undefined && cookieLoginUsername != ""){
+			var switch_tab=$.cookie("switch_tab")==undefined?"normalLogin":$.cookie("login_switch_tab");
 			$("#"+switch_tab).click();
-			$("#"+switch_tab+"Form input[name=username]").val($.cookie("username")==undefined?"":$.cookie("username"));
+			$("#"+switch_tab+"Form input[name=username]").val(cookieLoginUsername ==undefined ? "" : cookieLoginUsername);
 			$("#div_"+switch_tab+" input[name=password]").focus();
 		}else{
 			$("#div_normalLogin input[name=username]").focus();
@@ -142,8 +142,8 @@
 			if(captchaCount<60){
 				return;
 			}
-			var loginName=$("#mobile_j_username").val();
-			if(loginName==""){
+			var loginName = $("#mobile_j_username").val();
+			if(loginName == ""){
 				return;
 			}
 			$.get("<@base />/login/sendsms/"+loginName,function(data,status){

maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties

@@ -64,6 +64,9 @@ maxkey.login.remeberme.validity                 =0
 maxkey.login.default.uri                        =appList
 #ipaddress whitelist
 maxkey.ipaddress.whitelist                      =false
+#JWT support
+maxkey.login.jwt                                =${LOGIN_JWT:true}
+maxkey.login.jwt.issuer                         =${LOGIN_JWT_ISSUER:https://${maxkey.server.domain}/maxkey}
 
 ############################################################################
 #database configuration 

maxkey-webs/maxkey-web-mgt/src/main/resources/application.properties

@@ -23,7 +23,7 @@ spring.application.name                         =maxkey-mgt
 #Main.banner-mode configuration                                            #
 ############################################################################
 spring.main.banner-mode                         =log
-spring.main.allow-bean-definition-overriding    =true
+#spring.main.allow-bean-definition-overriding    =true
 ############################################################################
 #spring.profiles.active http; default http                                 #
 ############################################################################

maxkey-webs/maxkey-web-mgt/src/main/resources/config/loginjwkkeystore.jwks

@@ -0,0 +1,13 @@
+{
+  "keys": [
+    {
+      "kty": "RSA",
+      "d": "K2VCm_6enq5uoFLZXUlWkgbCXj5m9X5uUX3_Ol3qcY9X1cP04TN98R8lpw-ASeFDRFRhe0FT-lYCYu_fqZcrNXVhyN3rgi27af5x4HdFMnHLTLMPvE6aEyTGmZjTF1AbiX5VOJAl6POI9FiyTbV1Uqt943ydJv8SH4NfcYhKBmpp8Fi1f58mon-bYwsIy8mzZjssc8KZy-GzpscKrc5ewb7106JY3uRQNprAHrpcGAPZ8uXUvVhrxp_FNn5Nf5KVxl2tm50L83_5nw0OZrbJ8Ceg7sZAw_Z41lbYbS9VDaST6TuKRb7W4XCKimZUn57LoQT2-Gkv6msJHCmqTgK02Q",
+      "e": "AQAB",
+      "use": "sig",
+      "kid": "maxkey_rsa",
+      "alg": "RS256",
+      "n": "vyfZwQuBLNvJDhmziUCFuAfIv-bC6ivodcR6PfanTt8XLd6G63Yx10YChAdsDACjoLz1tEU56WPp_ee_vcTSsEZT3ouWJYghuGI2j4XclXlEj0S7DzdpcBBpI4n5dr8K3iKY-3JUMZR1AMBHI50UaMST9ZTZJAjUPIYxkhRdca5lWBo4wGUh1yj_80-Bq6al0ia9S5NTzNLaJ18jSxFqZ79BAkBm-KjkP248YUk6WBGtYEAV5Fws4dpse4hrqJ3RRHiMZV1o1iTmPHz_l55ZSDP3vpYf6iKqKzoK2RmdjfH5mGpbc4-PclTs4GKfwZ7cWfrny6B7sMnQfzujCH996Q"
+    }
+  ]
+}

maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/orgs/orgsAdd.ftl

@@ -31,7 +31,7 @@ $(function () {
 				</td>
      		</tr>
      		<tr><td>
-     	<table id="table_switch_common"   class="table table-bordered">
+     	<table id="div_switch_common"   class="table table-bordered">
            <tr style="display:none">
               <th ><input type="text" id="status" type="hidden" name="status"  value="1"/>
               <input type="text" id="_method" type="hidden" name="_method"  value="put"/></th>
@@ -89,7 +89,7 @@ $(function () {
               <td><input type="text"  id="description" name="description"    class="form-control"/></td>
            </tr>
         </table>
-        <table id="table_switch_extra"   class="table table-bordered"  style="display:none">
+        <table id="div_switch_extra"   class="table table-bordered"  style="display:none">
         	<tr>
               <td > <@locale code="org.contact" />：</td>
               <td><input type="text"  id="contact" name="contact"    class="form-control"/></td>

maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/orgs/orgsUpdate.ftl

@@ -30,7 +30,7 @@ $(function () {
 				</td>
      		</tr>
      		<tr><td>
-     	<table id="table_switch_common"   class="table table-bordered">
+     	<table id="div_switch_common"   class="table table-bordered">
            <tr style="display:none">
               <th ><input type="text" id="status" type="hidden" name="status"  value="1"/>
               <input type="text" id="_method" type="hidden" name="_method"  value="put"/></th>
@@ -88,7 +88,7 @@ $(function () {
               <td><input type="text"  id="description" name="description"    class="form-control" value="${model.description!}"/></td>
            </tr>
         </table>
-        <table id="table_switch_extra"   class="table table-bordered"  style="display:none">
+        <table id="div_switch_extra"   class="table table-bordered"  style="display:none">
         	<tr>
               <td > <@locale code="org.contact" />：</td>
               <td><input type="text"  id="contact" name="contact"    class="form-control" value="${model.contact!}"/></td>