RefreshToken

maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/autoconfigure/KaptchaAutoConfiguration.java

@@ -41,7 +41,7 @@ public class KaptchaAutoConfiguration  implements InitializingBean {
      * @return Producer
      * @throws IOException kaptcha.properties is null
      */
-    @Bean (name = "captchaProducer")
+    @Bean
     public Producer captchaProducer() throws IOException {
         Resource resource = new ClassPathResource(kaptchaPropertySource);
         _logger.debug("Kaptcha config file " + resource.getURL());

maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptcha.java

@@ -17,7 +17,9 @@
 package org.maxkey.web.contorller;
 
 public class ImageCaptcha {
+	
 	String state;
+	
 	String image;
 	
 	public ImageCaptcha(String state, String image) {

maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptchaEndpoint.java

@@ -25,7 +25,7 @@ import java.util.Base64;
 import javax.imageio.ImageIO;
 
 import org.apache.commons.lang3.StringUtils;
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.entity.Message;
 import org.maxkey.persistence.MomentaryService;
 import org.slf4j.Logger;
@@ -54,7 +54,7 @@ public class ImageCaptchaEndpoint {
 	protected MomentaryService momentaryService;
     
     @Autowired
-	AuthJwtService authJwtService;
+	AuthTokenService authTokenService;
 
     /**
      * captcha image Producer.
@@ -83,12 +83,12 @@ public class ImageCaptchaEndpoint {
             String kaptchaKey = "";
             if(StringUtils.isNotBlank(state) 
             		&& !state.equalsIgnoreCase("state")
-            		&& authJwtService.validateJwtToken(state)) {
+            		&& authTokenService.validateJwtToken(state)) {
             	//just validate state Token
             }else {
-            	state = authJwtService.genJwt();
+            	state = authTokenService.genRandomJwt();
             }
-            kaptchaKey = authJwtService.resolveJWTID(state);
+            kaptchaKey = authTokenService.resolveJWTID(state);
             _logger.trace("kaptchaKey {} , Captcha Text is {}" ,kaptchaKey, kaptchaValue);
            
             momentaryService.put("", kaptchaKey, kaptchaValue);

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java

@@ -19,7 +19,7 @@ package org.maxkey.authn;
 
 import java.util.ArrayList;
 
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 import org.maxkey.authn.session.Session;
 import org.maxkey.authn.session.SessionManager;
@@ -69,7 +69,7 @@ public abstract class AbstractAuthenticationProvider {
 
     protected SessionManager sessionManager;
     
-    protected AuthJwtService authJwtService;
+    protected AuthTokenService authTokenService;
     
     public static  ArrayList<GrantedAuthority> grantedAdministratorsAuthoritys = new ArrayList<GrantedAuthority>();
     

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwt.java

@@ -31,6 +31,7 @@ public class AuthJwt implements Serializable {
 	
 	private String ticket;
 	private String token;
+	private String refreshToken;
 	private String type = "Bearer";
 	private String remeberMe;
 	private String id;
@@ -57,10 +58,11 @@ public class AuthJwt implements Serializable {
 		this.authorities = authorities;
 	}
 	
-	public AuthJwt(String token, Authentication  authentication) {
+	public AuthJwt(String token,String refreshToken, Authentication  authentication) {
 		SignPrincipal principal = ((SignPrincipal)authentication.getPrincipal());
 		
 		this.token = token;
+		this.refreshToken = refreshToken;
 		this.ticket = principal.getSession().getId();
 		
 		this.id = principal.getUserInfo().getId();
@@ -166,6 +168,14 @@ public class AuthJwt implements Serializable {
 		this.remeberMe = remeberMe;
 	}
 
+	public String getRefreshToken() {
+		return refreshToken;
+	}
+
+	public void setRefreshToken(String refreshToken) {
+		this.refreshToken = refreshToken;
+	}
+
 	@Override
 	public String toString() {
 		StringBuilder builder = new StringBuilder();

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwtService.java

@@ -1,99 +1,42 @@
-/*
- * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
- * 
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- *     http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- 
-
 package org.maxkey.authn.jwt;
 
 import java.text.ParseException;
 import java.util.Date;
 
-import org.apache.commons.lang3.StringUtils;
 import org.joda.time.DateTime;
 import org.maxkey.authn.SignPrincipal;
-import org.maxkey.configuration.AuthJwkConfig;
 import org.maxkey.crypto.jwt.HMAC512Service;
 import org.maxkey.entity.UserInfo;
-import org.maxkey.persistence.MomentaryService;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.core.Authentication;
 
-import com.nimbusds.jose.JOSEException;
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.JWSHeader;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
 
 public class AuthJwtService {
-	private static final  Logger _logger = 
-            LoggerFactory.getLogger(AuthJwtService.class);
+	private static final  Logger _logger = LoggerFactory.getLogger(AuthJwtService.class);
 	
 	HMAC512Service hmac512Service;
 	
-	AuthJwkConfig authJwkConfig;
-	
-	CongressService congressService;
-	
-	MomentaryService momentaryService;
-
-	public AuthJwtService(AuthJwkConfig authJwkConfig) throws JOSEException {
-		this.authJwkConfig = authJwkConfig;
-		
-		this.hmac512Service = new HMAC512Service(authJwkConfig.getSecret());
-	}
-	
-	public AuthJwtService(AuthJwkConfig authJwkConfig,CongressService congressService,MomentaryService momentaryService) throws JOSEException {
-		this.authJwkConfig = authJwkConfig;
-		
-		this.congressService = congressService;
-		
-		this.momentaryService = momentaryService;
-		
-		this.hmac512Service = new HMAC512Service(authJwkConfig.getSecret());
-	}
-	
-	/**
-	 * create AuthJwt use Authentication JWT
-	 * @param authentication
-	 * @return AuthJwt
-	 */
-	public AuthJwt genAuthJwt(Authentication authentication) {
-		if(authentication != null) {
-			return new AuthJwt(genJwt(authentication), authentication);
-		}
-		return null;
-	}
-	
 	/**
 	 * JWT with Authentication
 	 * @param authentication
 	 * @return
 	 */
-	public String genJwt(Authentication authentication) {
+	public String genJwt(Authentication authentication,String issuer,int expires) {
 		SignPrincipal principal = ((SignPrincipal)authentication.getPrincipal());
 		UserInfo userInfo = principal.getUserInfo();
 		DateTime currentDateTime = DateTime.now();
-		Date expirationTime = currentDateTime.plusSeconds(authJwkConfig.getExpires()).toDate();
-		_logger.debug("expiration Time : {}" , expirationTime);
 		String subject = principal.getUsername();
-		_logger.trace("jwt subject : {}" , subject);
+		Date expirationTime = currentDateTime.plusSeconds(expires).toDate();
+		_logger.debug("jwt subject : {} , expiration Time : {}" , subject,expirationTime);
 		
 		 JWTClaimsSet jwtClaims =new  JWTClaimsSet.Builder()
-				.issuer(authJwkConfig.getIssuer())
+				.issuer(issuer)
 				.subject(subject)
 				.jwtID(principal.getSession().getId())
 				.issueTime(currentDateTime.toDate())
@@ -111,14 +54,13 @@ public class AuthJwtService {
 	 * @param subject subject
 	 * @return
 	 */
-	public String genJwt(String subject) {
+	public String genJwt(String subject,String issuer,int expires) {
 		DateTime currentDateTime = DateTime.now();
-		Date expirationTime = currentDateTime.plusSeconds(authJwkConfig.getExpires()).toDate();
-		_logger.debug("expiration Time : {}" , expirationTime);
-		_logger.trace("jwt subject : {}" , subject);
+		Date expirationTime = currentDateTime.plusSeconds(expires).toDate();
+		_logger.trace("jwt subject : {} , expiration Time : {}" , subject,expirationTime);
 		
 		 JWTClaimsSet jwtClaims =new  JWTClaimsSet.Builder()
-				.issuer(authJwkConfig.getIssuer())
+				.issuer(issuer)
 				.subject(subject)
 				.jwtID(WebContext.genId())
 				.issueTime(currentDateTime.toDate())
@@ -132,10 +74,9 @@ public class AuthJwtService {
 	 * Random JWT
 	 * @return
 	 */
-	public String genJwt() {
-		DateTime currentDateTime = DateTime.now();
-		Date expirationTime = currentDateTime.plusSeconds(authJwkConfig.getExpires()).toDate();
-		_logger.debug("expiration Time : {}" , expirationTime);
+	public String genRandomJwt(int expires) {
+		Date expirationTime = DateTime.now().plusSeconds(expires).toDate();
+		_logger.trace("expiration Time : {}" , expirationTime);
 		
 		 JWTClaimsSet jwtClaims =new  JWTClaimsSet.Builder()
 				.jwtID(WebContext.genId())
@@ -153,8 +94,25 @@ public class AuthJwtService {
 		return hmac512Service.sign(jwtToken.getPayload());
 	}
 	
+	/**
+	 * Verify with HMAC512 and check ExpirationTime
+	 * 
+	 * @param authToken
+	 * @return true or false
+	 */
 	public boolean validateJwtToken(String authToken) {
-		return hmac512Service.verify(authToken);
+		try {
+			JWTClaimsSet claims = resolve(authToken);
+			boolean isExpiration = claims.getExpirationTime().after(DateTime.now().toDate());
+			boolean isVerify = hmac512Service.verify(authToken);
+			_logger.debug("JWT Verify {} , now {} , ExpirationTime {} , isExpiration : {}" , 
+							isVerify,DateTime.now().toDate(),claims.getExpirationTime(),isExpiration);
+			return isVerify && isExpiration;
+		} catch (ParseException e) {
+			_logger.error("authToken {}",authToken);
+			_logger.error("ParseException ",e);
+		}
+		return false;
 	}
 	
 	public  JWTClaimsSet resolve(String authToken) throws ParseException {
@@ -167,38 +125,4 @@ public class AuthJwtService {
 		JWTClaimsSet claims = resolve(authToken); 
 		return claims.getJWTID();
 	}
-	
-	public String createCongress(Authentication  authentication) {
-		String congress = WebContext.genId();
-		congressService.store(
-				congress, 
-				new AuthJwt(
-						genJwt(authentication), 
-						authentication)
-			);
-		return congress;
-	}
-	
-	public AuthJwt consumeCongress(String congress) {
-		AuthJwt authJwt = congressService.consume(congress);
-		return authJwt;
-	}
-	
-	public boolean validateCaptcha(String state,String captcha) {
-    	try {
-			String jwtId = resolveJWTID(state);
-			if(StringUtils.isNotBlank(jwtId) &&StringUtils.isNotBlank(captcha)) {
-				Object momentaryCaptcha = momentaryService.get("", jwtId);
-		        _logger.debug("captcha : {}, momentary Captcha : {}" ,captcha, momentaryCaptcha);
-		        if (!StringUtils.isBlank(captcha) && captcha.equals(momentaryCaptcha.toString())) {
-		        	momentaryService.remove("", jwtId);
-		        	return true;
-		        }
-			}
-		} catch (ParseException e) {
-			 _logger.debug("Exception ",e);
-		}
-    	 return false;
-    }
-	
 }

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthRefreshTokenService.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+
+package org.maxkey.authn.jwt;
+
+import org.maxkey.configuration.AuthJwkConfig;
+import org.maxkey.crypto.jwt.HMAC512Service;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+
+import com.nimbusds.jose.JOSEException;
+
+public class AuthRefreshTokenService extends AuthJwtService{
+	private static final  Logger _logger = LoggerFactory.getLogger(AuthRefreshTokenService.class);
+	
+	AuthJwkConfig authJwkConfig;
+	
+	public AuthRefreshTokenService(AuthJwkConfig authJwkConfig) throws JOSEException {
+		this.authJwkConfig = authJwkConfig;
+		
+		this.hmac512Service = new HMAC512Service(authJwkConfig.getRefreshSecret());
+	}
+	
+	/**
+	 * JWT Refresh Token with Authentication
+	 * @param authentication
+	 * @return
+	 */
+	public String genRefreshToken(Authentication authentication) {
+		_logger.trace("gen Refresh Token");
+		return genJwt( 
+				 authentication,
+				 authJwkConfig.getIssuer(),
+				 authJwkConfig.getRefreshExpires());
+	}
+}

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthTokenService.java

@@ -0,0 +1,132 @@
+/*
+ * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+
+package org.maxkey.authn.jwt;
+
+import java.text.ParseException;
+import org.apache.commons.lang3.StringUtils;
+import org.maxkey.configuration.AuthJwkConfig;
+import org.maxkey.crypto.jwt.HMAC512Service;
+import org.maxkey.persistence.MomentaryService;
+import org.maxkey.web.WebContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+
+import com.nimbusds.jose.JOSEException;
+
+public class AuthTokenService  extends AuthJwtService{
+	private static final  Logger _logger = LoggerFactory.getLogger(AuthTokenService.class);
+	
+	AuthJwkConfig authJwkConfig;
+	
+	CongressService congressService;
+	
+	MomentaryService momentaryService;
+	
+	AuthRefreshTokenService refreshTokenService;
+	
+	public AuthTokenService(
+				AuthJwkConfig authJwkConfig,
+				CongressService congressService,
+				MomentaryService momentaryService,
+				AuthRefreshTokenService refreshTokenService) throws JOSEException {
+		
+		this.authJwkConfig = authJwkConfig;
+		
+		this.congressService = congressService;
+		
+		this.momentaryService = momentaryService;
+		
+		this.refreshTokenService = refreshTokenService;
+		
+		this.hmac512Service = new HMAC512Service(authJwkConfig.getSecret());
+		
+	}
+	
+	/**
+	 * create AuthJwt use Authentication JWT
+	 * @param authentication
+	 * @return AuthJwt
+	 */
+	public AuthJwt genAuthJwt(Authentication authentication) {
+		if(authentication != null) {
+			String refreshToken = refreshTokenService.genRefreshToken(authentication);
+			return new AuthJwt(genJwt(authentication),refreshToken, authentication);
+		}
+		return null;
+	}
+	
+	public String genJwt(Authentication authentication) {
+		return genJwt( authentication,authJwkConfig.getIssuer(),authJwkConfig.getExpires());
+	}
+
+	
+	/**
+	 * JWT with subject
+	 * @param subject subject
+	 * @return
+	 */
+	public String genJwt(String subject) {
+		return genJwt(subject,authJwkConfig.getIssuer(),authJwkConfig.getExpires());
+	}
+	
+	/**
+	 * Random JWT
+	 * @return
+	 */
+	public String genRandomJwt() {
+		return genRandomJwt(authJwkConfig.getExpires());
+	}
+	
+	public String createCongress(Authentication  authentication) {
+		String congress = WebContext.genId();
+		String refreshToken = refreshTokenService.genRefreshToken(authentication);
+		congressService.store(
+				congress, 
+				new AuthJwt(
+						genJwt(authentication), 
+						refreshToken,
+						authentication)
+			);
+		return congress;
+	}
+	
+	public AuthJwt consumeCongress(String congress) {
+		AuthJwt authJwt = congressService.consume(congress);
+		return authJwt;
+	}
+	
+	public boolean validateCaptcha(String state,String captcha) {
+    	try {
+			String jwtId = resolveJWTID(state);
+			if(StringUtils.isNotBlank(jwtId) &&StringUtils.isNotBlank(captcha)) {
+				Object momentaryCaptcha = momentaryService.get("", jwtId);
+		        _logger.debug("captcha : {}, momentary Captcha : {}" ,captcha, momentaryCaptcha);
+		        if (!StringUtils.isBlank(captcha) && captcha.equals(momentaryCaptcha.toString())) {
+		        	momentaryService.remove("", jwtId);
+		        	return true;
+		        }
+			}
+		} catch (ParseException e) {
+			 _logger.debug("Exception ",e);
+		}
+    	 return false;
+    }
+	
+	
+}

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/MfaAuthenticationProvider.java

@@ -19,7 +19,7 @@ package org.maxkey.authn.provider;
 
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.LoginCredential;
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 import org.maxkey.authn.session.SessionManager;
 import org.maxkey.configuration.ApplicationConfig;
@@ -58,11 +58,11 @@ public class MfaAuthenticationProvider extends AbstractAuthenticationProvider {
     		AbstractAuthenticationRealm authenticationRealm,
     		ApplicationConfig applicationConfig,
     	    SessionManager sessionManager,
-    	    AuthJwtService authJwtService) {
+    	    AuthTokenService authTokenService) {
 		this.authenticationRealm = authenticationRealm;
 		this.applicationConfig = applicationConfig;
 		this.sessionManager = sessionManager;
-		this.authJwtService = authJwtService;
+		this.authTokenService = authTokenService;
 	}
 
     @Override

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/NormalAuthenticationProvider.java

@@ -20,7 +20,7 @@ package org.maxkey.authn.provider;
 import java.text.ParseException;
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.LoginCredential;
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 import org.maxkey.authn.session.SessionManager;
 import org.maxkey.configuration.ApplicationConfig;
@@ -58,11 +58,11 @@ public class NormalAuthenticationProvider extends AbstractAuthenticationProvider
     		AbstractAuthenticationRealm authenticationRealm,
     		ApplicationConfig applicationConfig,
     	    SessionManager sessionManager,
-    	    AuthJwtService authJwtService) {
+    	    AuthTokenService authTokenService) {
 		this.authenticationRealm = authenticationRealm;
 		this.applicationConfig = applicationConfig;
 		this.sessionManager = sessionManager;
-		this.authJwtService = authJwtService;
+		this.authTokenService = authTokenService;
 	}
 
     @Override
@@ -134,7 +134,7 @@ public class NormalAuthenticationProvider extends AbstractAuthenticationProvider
      */
     protected void captchaValid(String state ,String captcha) throws ParseException {
         // for basic
-    	if(!authJwtService.validateCaptcha(state,captcha)) {
+    	if(!authTokenService.validateCaptcha(state,captcha)) {
     		throw new BadCredentialsException(WebContext.getI18nValue("login.error.captcha"));
     	}        
     }

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/AbstractSessionManager.java

@@ -110,13 +110,13 @@ public class AbstractSessionManager  implements SessionManager{
 	}
 
 	@Override
-	public void refresh(String sessionId, LocalTime refreshTime) {
-		
+	public Session refresh(String sessionId, LocalTime refreshTime) {
+		return null;
 	}
 
 	@Override
-	public void refresh(String sessionId) {
-		
+	public Session refresh(String sessionId) {
+		return null;
 	}
 
 	@Override

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/InMemorySessionManager.java

@@ -78,14 +78,15 @@ public class InMemorySessionManager extends AbstractSessionManager{
     }
 
     @Override
-    public void refresh(String sessionId,LocalTime refreshTime) {
+    public Session refresh(String sessionId,LocalTime refreshTime) {
         Session session = get(sessionId);
         session.setLastAccessTime(refreshTime);
         create(sessionId , session);
+        return session;
     }
 
     @Override
-    public void refresh(String sessionId) {
+    public Session refresh(String sessionId) {
         Session session = get(sessionId);
         
         LocalTime currentTime = LocalTime.now();
@@ -95,8 +96,9 @@ public class InMemorySessionManager extends AbstractSessionManager{
         
         if(duration.getSeconds() > Session.MAX_EXPIRY_DURATION) {
         	session.setLastAccessTime(currentTime);
-            refresh(sessionId,currentTime);
+            return refresh(sessionId,currentTime);
         }
+        return session;
     }
 
 }

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/RedisSessionManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -33,6 +33,11 @@ public class RedisSessionManager extends AbstractSessionManager {
 	RedisConnectionFactory connectionFactory;
 	
 	public static String PREFIX="REDIS_SESSION_";
+	
+	public String getKey(String sessionId) {
+		return PREFIX + sessionId;
+	}
+	
 	/**
 	 * @param connectionFactory
 	 */
@@ -59,15 +64,15 @@ public class RedisSessionManager extends AbstractSessionManager {
 	@Override
 	public void create(String sessionId, Session session) {
 		RedisConnection conn = connectionFactory.getConnection();
-		conn.setexObject(PREFIX + sessionId, validitySeconds, session);
+		conn.setexObject( getKey(sessionId), validitySeconds, session);
 		conn.close();
 	}
 
 	@Override
 	public Session remove(String sessionId) {
 		RedisConnection conn=connectionFactory.getConnection();
-		Session ticket = conn.getObject(PREFIX+sessionId);
-		conn.delete(PREFIX+sessionId);
+		Session ticket = conn.getObject(getKey(sessionId));
+		conn.delete(getKey(sessionId));
 		conn.close();
 		return ticket;
 	}
@@ -75,7 +80,7 @@ public class RedisSessionManager extends AbstractSessionManager {
     @Override
     public Session get(String sessionId) {
         RedisConnection conn=connectionFactory.getConnection();
-        Session session = conn.getObject(PREFIX+sessionId);
+        Session session = conn.getObject(getKey(sessionId));
         conn.close();
         return session;
     }
@@ -90,14 +95,15 @@ public class RedisSessionManager extends AbstractSessionManager {
 	}
 
 	@Override
-    public void refresh(String sessionId,LocalTime refreshTime) {
+    public Session refresh(String sessionId,LocalTime refreshTime) {
         Session session = get(sessionId);
         session.setLastAccessTime(refreshTime);
         create(sessionId , session);
+        return session;
     }
     
     @Override
-    public void refresh(String sessionId) {
+    public Session refresh(String sessionId) {
         Session session = get(sessionId);
         
         LocalTime currentTime = LocalTime.now();
@@ -107,8 +113,9 @@ public class RedisSessionManager extends AbstractSessionManager {
         
         if(duration.getSeconds() > Session.MAX_EXPIRY_DURATION) {
         	session.setLastAccessTime(currentTime);
-            refresh(sessionId,currentTime);
+           return  refresh(sessionId,currentTime);
         }
+        return session;
     }
 
 	

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/Session.java

@@ -30,7 +30,7 @@ public class Session implements Serializable{
 	
 	public static final  String SESSION_PREFIX = "OT";
     
-    public static final  int    MAX_EXPIRY_DURATION = 60 * 10; //default 10 minutes.
+    public static final  int    MAX_EXPIRY_DURATION = 60 * 5; //default 5 minutes.
     
     public String id;
     

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/SessionManager.java

@@ -30,9 +30,9 @@ public interface SessionManager {
     
     public  Session get(String sessionId);
     
-    public void refresh(String sessionId ,LocalTime refreshTime);
+    public Session refresh(String sessionId ,LocalTime refreshTime);
     
-    public void refresh(String sessionId);
+    public Session refresh(String sessionId);
 
     public void setValiditySeconds(int validitySeconds);
     

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java → maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeManager.java

@@ -24,7 +24,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.joda.time.DateTime;
 import org.maxkey.authn.SignPrincipal;
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.crypto.jwt.HMAC512Service;
 import org.maxkey.entity.UserInfo;
@@ -36,14 +36,14 @@ import org.springframework.security.core.Authentication;
 
 import com.nimbusds.jwt.JWTClaimsSet;
 
-public abstract class AbstractRemeberMeService {
-    private static final Logger _logger = LoggerFactory.getLogger(AbstractRemeberMeService.class);
+public abstract class AbstractRemeberMeManager {
+    private static final Logger _logger = LoggerFactory.getLogger(AbstractRemeberMeManager.class);
 
     protected Integer validity = 7;
 
     protected ApplicationConfig applicationConfig;
     
-    AuthJwtService authJwtService;
+    AuthTokenService authTokenService;
 
     // follow function is for persist
     public abstract void save(RemeberMe remeberMe);
@@ -90,7 +90,7 @@ public abstract class AbstractRemeberMeService {
     }
     
     public RemeberMe resolve(String rememberMeJwt) throws ParseException {
-    	JWTClaimsSet claims = authJwtService.resolve(rememberMeJwt);
+    	JWTClaimsSet claims = authTokenService.resolve(rememberMeJwt);
     	RemeberMe remeberMe = new RemeberMe();
 		remeberMe.setId(claims.getJWTID());
 		remeberMe.setUsername(claims.getSubject());
@@ -109,7 +109,7 @@ public abstract class AbstractRemeberMeService {
 				.claim("kid", HMAC512Service.MXK_AUTH_JWK)
 				.build();
 		
-		return authJwtService.signedJWT(remeberMeJwtClaims);
+		return authTokenService.signedJWT(remeberMeJwtClaims);
 	}
 
 	public Integer getValidity() {

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/InMemoryRemeberMeService.java → maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/InMemoryRemeberMeManager.java

@@ -24,7 +24,7 @@ import org.maxkey.constants.ConstsTimeInterval;
 import com.github.benmanes.caffeine.cache.Cache;
 import com.github.benmanes.caffeine.cache.Caffeine;
 
-public class InMemoryRemeberMeService   extends AbstractRemeberMeService {
+public class InMemoryRemeberMeManager   extends AbstractRemeberMeManager {
 
     protected static final Cache<String, RemeberMe> remeberMeStore = 
             Caffeine.newBuilder()

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/JdbcRemeberMeService.java → maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/JdbcRemeberMeManager.java

@@ -22,15 +22,15 @@ import java.sql.SQLException;
 import java.sql.Types;
 import java.util.List;
 
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.configuration.ApplicationConfig;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.jdbc.core.RowMapper;
 
-public class JdbcRemeberMeService extends AbstractRemeberMeService {
-    private static final Logger _logger = LoggerFactory.getLogger(JdbcRemeberMeService.class);
+public class JdbcRemeberMeManager extends AbstractRemeberMeManager {
+    private static final Logger _logger = LoggerFactory.getLogger(JdbcRemeberMeManager.class);
 
     private static final String DEFAULT_DEFAULT_INSERT_STATEMENT = 
             "insert into  mxk_remember_me(id, userid,username,lastlogintime,expirationtime)values( ? , ? , ? , ? , ?)";
@@ -47,14 +47,14 @@ public class JdbcRemeberMeService extends AbstractRemeberMeService {
 
     private final JdbcTemplate jdbcTemplate;
 
-    public JdbcRemeberMeService(
+    public JdbcRemeberMeManager(
     			JdbcTemplate jdbcTemplate,
     			ApplicationConfig applicationConfig,
-    			AuthJwtService authJwtService,
+    			AuthTokenService authTokenService,
     			int validity) {
         this.jdbcTemplate = jdbcTemplate;
         this.applicationConfig = applicationConfig;
-        this.authJwtService = authJwtService;
+        this.authTokenService = authTokenService;
         if(validity != 0) {
         	this.validity = validity;
         }

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/RemeberMeServiceFactory.java → maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/RemeberMeManagerFactory.java

@@ -23,18 +23,18 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.jdbc.core.JdbcTemplate;
 
-public class RemeberMeServiceFactory {
+public class RemeberMeManagerFactory {
 	private static final  Logger _logger = 
-            LoggerFactory.getLogger(RemeberMeServiceFactory.class);
+            LoggerFactory.getLogger(RemeberMeManagerFactory.class);
 	
-	 public AbstractRemeberMeService getService(
+	 public AbstractRemeberMeManager getService(
 			 	int persistence,
 			 	JdbcTemplate jdbcTemplate,
 	            RedisConnectionFactory redisConnFactory){
 		 
-		 AbstractRemeberMeService remeberMeService = null;
+		 AbstractRemeberMeManager remeberMeService = null;
 	        if (persistence == ConstsPersistence.INMEMORY) {
-	            remeberMeService = new InMemoryRemeberMeService();
+	            remeberMeService = new InMemoryRemeberMeManager();
 	            _logger.debug("InMemoryRemeberMeService");
 	        } else if (persistence == ConstsPersistence.JDBC) {
 	            //remeberMeService = new JdbcRemeberMeService(jdbcTemplate);

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/AuthorizationUtils.java

@@ -23,7 +23,7 @@ import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 
 import org.maxkey.authn.SignPrincipal;
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.authn.session.Session;
 import org.maxkey.authn.session.SessionManager;
 import org.maxkey.entity.UserInfo;
@@ -41,43 +41,46 @@ public class AuthorizationUtils {
 	
 	public static  void authenticateWithCookie(
 			HttpServletRequest request,
-			AuthJwtService authJwtService,
+			AuthTokenService authTokenService,
 			SessionManager sessionManager
 			) throws ParseException{
-		 if(getAuthentication() == null) {
-			Cookie authCookie = WebContext.getCookie(request, Authorization_Cookie);
-			if(authCookie != null ) {
-		    	String  authorization =  authCookie.getValue();
-		    	doJwtAuthenticate(authorization,authJwtService,sessionManager);
-		    	_logger.debug("congress automatic authenticated .");
-			}
-		 }
+		Cookie authCookie = WebContext.getCookie(request, Authorization_Cookie);
+		if(authCookie != null ) {
+	    	String  authorization =  authCookie.getValue();
+	    	doJwtAuthenticate(authorization,authTokenService,sessionManager);
+	    	_logger.debug("congress automatic authenticated .");
+		}
 	}
 	
 	public static  void authenticate(
 			HttpServletRequest request,
-			AuthJwtService authJwtService,
+			AuthTokenService authTokenService,
 			SessionManager sessionManager
 			) throws ParseException{
-		 if(getAuthentication() == null) {
-			 String  authorization = AuthorizationHeaderUtils.resolveBearer(request);
-			if(authorization != null ) {
-				doJwtAuthenticate(authorization,authJwtService,sessionManager);
-				_logger.debug("Authorization automatic authenticated .");
-			}
-		 }
+		String  authorization = AuthorizationHeaderUtils.resolveBearer(request);
+		if(authorization != null ) {
+			doJwtAuthenticate(authorization,authTokenService,sessionManager);
+			_logger.debug("Authorization automatic authenticated .");
+		}
+		 
 	}
 	
 	public static void doJwtAuthenticate(
 			String  authorization,
-			AuthJwtService authJwtService,
+			AuthTokenService authTokenService,
 			SessionManager sessionManager) throws ParseException {
-		if(authJwtService.validateJwtToken(authorization)) {
-			String sessionId = authJwtService.resolveJWTID(authorization);
-			Session session = sessionManager.get(sessionId);
-			if(session != null) {
-				setAuthentication(session.getAuthentication());
+		if(authTokenService.validateJwtToken(authorization)) {
+			if(isNotAuthenticated()) {
+				String sessionId = authTokenService.resolveJWTID(authorization);
+				Session session = sessionManager.get(sessionId);
+				if(session != null) {
+					setAuthentication(session.getAuthentication());
+				}else {
+					setAuthentication(null);
+				}
 			}
+		}else {
+			setAuthentication(null);
 		}
 	}
 

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/LoginRefreshPoint.java

@@ -0,0 +1,57 @@
+package org.maxkey.authn.web;
+
+import org.maxkey.authn.jwt.AuthJwt;
+import org.maxkey.authn.jwt.AuthRefreshTokenService;
+import org.maxkey.authn.jwt.AuthTokenService;
+import org.maxkey.authn.session.Session;
+import org.maxkey.authn.session.SessionManager;
+import org.maxkey.entity.Message;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestHeader;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+@RequestMapping(value = "/auth")
+public class LoginRefreshPoint {
+	private static final  Logger _logger = LoggerFactory.getLogger(LoginRefreshPoint.class);
+	
+	@Autowired
+	AuthTokenService authTokenService;
+	
+	@Autowired
+	AuthRefreshTokenService refreshTokenService;
+	
+	@Autowired
+	SessionManager sessionManager;
+	
+ 	@RequestMapping(value={"/token/refresh"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> refresh(
+					@RequestHeader(name = "refresh_token", required = true) String refreshToken) {
+ 		_logger.trace("refresh token {} " , refreshToken);
+ 		try {
+	 		if(refreshTokenService.validateJwtToken(refreshToken)) {
+	 			String sessionId = refreshTokenService.resolveJWTID(refreshToken);
+	 			_logger.trace("Try to  refresh sessionId [{}]" , sessionId);
+		 		Session session = sessionManager.refresh(sessionId);
+		 		if(session != null) {
+		 			AuthJwt authJwt = authTokenService.genAuthJwt(session.getAuthentication());
+		 			_logger.trace("Grant new token {}" , authJwt);
+		 			return new Message<AuthJwt>(authJwt).buildResponse();
+		 		}else {
+		 			_logger.debug("Session is timeout , sessionId [{}]" , sessionId);
+		 		}
+	 		}else {
+	 			_logger.trace("refresh token is not validate .");
+	 		}
+ 		}catch(Exception e) {
+ 			_logger.error("Refresh Exception !",e);
+ 		}
+ 		return new ResponseEntity<>("Refresh Token Fail !", HttpStatus.UNAUTHORIZED);
+ 	}
+}

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/UnauthorizedEntryPoint.java

@@ -35,10 +35,11 @@ import com.fasterxml.jackson.databind.DatabindException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 @Controller
+@RequestMapping(value = "/auth")
 public class UnauthorizedEntryPoint {
 	private static final Logger _logger = LoggerFactory.getLogger(UnauthorizedEntryPoint.class);
 	
- 	@RequestMapping(value={"/auth/entrypoint"})
+ 	@RequestMapping(value={"/entrypoint"})
 	public void entryPoint(
 			HttpServletRequest request, HttpServletResponse response) 
 					throws StreamWriteException, DatabindException, IOException {

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/PermissionInterceptor.java

@@ -22,7 +22,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.maxkey.authn.SignPrincipal;
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.authn.session.SessionManager;
 import org.maxkey.authn.web.AuthorizationUtils;
 import org.maxkey.configuration.ApplicationConfig;
@@ -47,7 +47,7 @@ public class PermissionInterceptor  implements AsyncHandlerInterceptor  {
 	SessionManager sessionManager;
 	
 	@Autowired
-	AuthJwtService authJwtService ;
+	AuthTokenService authTokenService ;
 	
 	boolean mgmt = false;
 	
@@ -59,7 +59,7 @@ public class PermissionInterceptor  implements AsyncHandlerInterceptor  {
 	@Override
 	public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
 		 _logger.trace("Permission Interceptor .");
-		 AuthorizationUtils.authenticate(request, authJwtService, sessionManager);
+		 AuthorizationUtils.authenticate(request, authTokenService, sessionManager);
 		 SignPrincipal principal = AuthorizationUtils.getPrincipal();
 		//判断用户是否登录,判断用户是否登录用户
 		if(principal == null){

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java

@@ -19,7 +19,8 @@ package org.maxkey.autoconfigure;
 
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.SavedRequestAwareAuthenticationSuccessHandler;
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthRefreshTokenService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.authn.jwt.CongressService;
 import org.maxkey.authn.jwt.InMemoryCongressService;
 import org.maxkey.authn.jwt.RedisCongressService;
@@ -30,8 +31,8 @@ import org.maxkey.authn.provider.TrustedAuthenticationProvider;
 import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 import org.maxkey.authn.session.SessionManager;
 import org.maxkey.authn.session.SessionManagerFactory;
-import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
-import org.maxkey.authn.support.rememberme.JdbcRemeberMeService;
+import org.maxkey.authn.support.rememberme.AbstractRemeberMeManager;
+import org.maxkey.authn.support.rememberme.JdbcRemeberMeManager;
 import org.maxkey.authn.web.HttpSessionListenerAdapter;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.configuration.AuthJwkConfig;
@@ -89,14 +90,14 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
     		AbstractAuthenticationRealm authenticationRealm,
     		ApplicationConfig applicationConfig,
     	    SessionManager sessionManager,
-    	    AuthJwtService authJwtService
+    	    AuthTokenService authTokenService
     		) {
     	_logger.debug("init authentication Provider .");
     	return new NormalAuthenticationProvider(
         		authenticationRealm,
         		applicationConfig,
         		sessionManager,
-        		authJwtService
+        		authTokenService
         	);
     }
     
@@ -131,10 +132,11 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
     }
     
     @Bean
-    public AuthJwtService authJwtService(
+    public AuthTokenService authTokenService(
     		AuthJwkConfig authJwkConfig,
     		RedisConnectionFactory redisConnFactory,
     		MomentaryService  momentaryService,
+    		AuthRefreshTokenService refreshTokenService,
     		@Value("${maxkey.server.persistence}") int persistence) throws JOSEException {
     	CongressService congressService;
     	if (persistence == ConstsPersistence.REDIS) {
@@ -143,9 +145,20 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
     		congressService = new InMemoryCongressService();
     	}
     	
-    	AuthJwtService authJwtService = new AuthJwtService(authJwkConfig,congressService,momentaryService);
+    	AuthTokenService authTokenService = 
+    				new AuthTokenService(
+    							authJwkConfig,
+    							congressService,
+    							momentaryService,
+    							refreshTokenService
+    						);
     	
-    	return authJwtService;
+    	return authTokenService;
+    }
+    
+    @Bean
+    public AuthRefreshTokenService refreshTokenService(AuthJwkConfig authJwkConfig) throws JOSEException {
+    	return new AuthRefreshTokenService(authJwkConfig);
     }
     
     @Bean(name = "otpAuthnService")
@@ -196,21 +209,20 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
         return sessionManager;
     }
     
-    
     /**
      * remeberMeService .
      * @return
      */
     @Bean
-    public AbstractRemeberMeService remeberMeService(
+    public AbstractRemeberMeManager remeberMeManager(
             @Value("${maxkey.server.persistence}") int persistence,
             @Value("${maxkey.login.remeberme.validity}") int validity,
             ApplicationConfig applicationConfig,
-            AuthJwtService authJwtService,
+            AuthTokenService authTokenService,
             JdbcTemplate jdbcTemplate) {
-    	_logger.trace("init remeberMeService , validity {}." , validity);
-        return new  JdbcRemeberMeService(
-        		jdbcTemplate,applicationConfig,authJwtService,validity);
+    	_logger.trace("init RemeberMeManager , validity {}." , validity);
+        return new  JdbcRemeberMeManager(
+        		jdbcTemplate,applicationConfig,authTokenService,validity);
     }
     
     @Bean

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java

@@ -41,7 +41,7 @@ public class JwtAuthnAutoConfiguration implements InitializingBean {
      * jwt Login JwkSetKeyStore.
      * @return
      */
-    @Bean(name = "jwtLoginJwkSetKeyStore")
+    @Bean
     public JWKSetKeyStore jwtLoginJwkSetKeyStore() {
         JWKSetKeyStore jwkSetKeyStore = new JWKSetKeyStore();
         ClassPathResource classPathResource = new ClassPathResource("/config/loginjwkkeystore.jwks");
@@ -57,7 +57,7 @@ public class JwtAuthnAutoConfiguration implements InitializingBean {
      * @throws InvalidKeySpecException 
      * @throws NoSuchAlgorithmException 
      */
-    @Bean(name = "jwtLoginValidationService")
+    @Bean
     public DefaultJwtSigningAndValidationService jwtLoginValidationService(
             JWKSetKeyStore jwtLoginJwkSetKeyStore) 
                     throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
@@ -73,7 +73,7 @@ public class JwtAuthnAutoConfiguration implements InitializingBean {
      * Jwt LoginService.
      * @return
      */
-    @Bean(name = "jwtLoginService")
+    @Bean
     public JwtLoginService jwtLoginService(
             @Value("${maxkey.login.jwt.issuer}")
             String issuer,

maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/AbstractSocialSignOnEndpoint.java

@@ -21,7 +21,7 @@
 package org.maxkey.authn.support.socialsignon;
 
 import org.maxkey.authn.AbstractAuthenticationProvider;
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService;
 import org.maxkey.authn.support.socialsignon.service.SocialsAssociateService;
 import org.maxkey.configuration.ApplicationConfig;
@@ -59,7 +59,7 @@ public class AbstractSocialSignOnEndpoint {
 	AbstractAuthenticationProvider authenticationProvider ;
 	
 	@Autowired
-	AuthJwtService authJwtService;
+	AuthTokenService authTokenService;
 	
 	@Autowired
 	ApplicationConfig applicationConfig;

maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java

@@ -59,7 +59,7 @@ public class SocialSignOnEndpoint  extends AbstractSocialSignOnEndpoint{
 									) {
 		_logger.trace("SocialSignOn provider : " + provider);
 		String instId = WebContext.getInst().getId();
-    	String authorizationUrl = buildAuthRequest(instId,provider).authorize(authJwtService.genJwt());
+    	String authorizationUrl = buildAuthRequest(instId,provider).authorize(authTokenService.genRandomJwt());
 		_logger.trace("authorize SocialSignOn : " + authorizationUrl);
 		return new Message<Object>((Object)authorizationUrl).buildResponse();
 	}
@@ -75,7 +75,7 @@ public class SocialSignOnEndpoint  extends AbstractSocialSignOnEndpoint{
 	    if(authRequest == null ) {
 	        _logger.error("build authRequest fail .");
 	    }
-	    String state = authJwtService.genJwt();
+	    String state = authTokenService.genRandomJwt();
 	    authRequest.authorize(state);
 	    
 		SocialsProvider socialSignOnProvider = socialSignOnProviderService.get(instId,provider);
@@ -139,7 +139,7 @@ public class SocialSignOnEndpoint  extends AbstractSocialSignOnEndpoint{
 	    	//socialsAssociate.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject()));
 		
 	    	this.socialsAssociateService.update(socialsAssociate);
-	    	return new Message<AuthJwt>(authJwtService.genAuthJwt(authentication)).buildResponse();
+	    	return new Message<AuthJwt>(authTokenService.genAuthJwt(authentication)).buildResponse();
 	    }catch(Exception e) {
 	    	 _logger.error("callback Exception  ",e);
 	    	 return new Message<AuthJwt>(Message.ERROR).buildResponse();

maxkey-core/src/main/java/org/maxkey/autoconfigure/ApplicationAutoConfiguration.java

@@ -62,22 +62,22 @@ public class ApplicationAutoConfiguration  implements InitializingBean {
     private static final  Logger _logger = 
             LoggerFactory.getLogger(ApplicationAutoConfiguration.class);
 
-    @Bean(name = "passwordReciprocal")
+    @Bean
     public PasswordReciprocal passwordReciprocal() {
         return new PasswordReciprocal();
     }
     
-    @Bean(name = "transactionManager")
+    @Bean
     public DataSourceTransactionManager transactionManager(DataSource dataSource) {
         return new DataSourceTransactionManager(dataSource);
     }
     
-    @Bean(name = "institutionsRepository")
-    public InstitutionsRepository InstitutionsRepository(JdbcTemplate jdbcTemplate) {
+    @Bean
+    public InstitutionsRepository institutionsRepository(JdbcTemplate jdbcTemplate) {
         return new InstitutionsRepository(jdbcTemplate);
     }
     
-    @Bean(name = "localizationRepository")
+    @Bean
     public LocalizationRepository localizationRepository(JdbcTemplate jdbcTemplate,
     											InstitutionsRepository institutionsRepository) {
         return new LocalizationRepository(jdbcTemplate,institutionsRepository);
@@ -87,7 +87,7 @@ public class ApplicationAutoConfiguration  implements InitializingBean {
      * Authentication Password Encoder .
      * @return
      */
-    @Bean(name = "passwordEncoder")
+    @Bean
     public PasswordEncoder passwordEncoder() {
         String idForEncode = "bcrypt";
         Map<String ,PasswordEncoder > encoders = new HashMap<String ,PasswordEncoder>();
@@ -127,7 +127,7 @@ public class ApplicationAutoConfiguration  implements InitializingBean {
      * keyStoreLoader .
      * @return
      */
-    @Bean(name = "keyStoreLoader")
+    @Bean
     public KeyStoreLoader keyStoreLoader(
             @Value("${maxkey.saml.v20.idp.issuing.entity.id}") String entityName,
             @Value("${maxkey.saml.v20.idp.keystore.password}") String keystorePassword,
@@ -143,7 +143,7 @@ public class ApplicationAutoConfiguration  implements InitializingBean {
      * spKeyStoreLoader .
      * @return
      */
-    @Bean(name = "spKeyStoreLoader")
+    @Bean
     public KeyStoreLoader spKeyStoreLoader(
             @Value("${maxkey.saml.v20.sp.issuing.entity.id}") String entityName,
             @Value("${maxkey.saml.v20.sp.keystore.password}") String keystorePassword,
@@ -159,17 +159,17 @@ public class ApplicationAutoConfiguration  implements InitializingBean {
      * spKeyStoreLoader .
      * @return
      */
-    @Bean(name = "spIssuingEntityName")
+    @Bean
     public String spIssuingEntityName(
             @Value("${maxkey.saml.v20.sp.issuing.entity.id}") String spIssuingEntityName) {
         return spIssuingEntityName;
     }
     
     /**
-     * spKeyStoreLoader .
+     * Id Generator .
      * @return
      */
-    @Bean(name = "idGenerator")
+    @Bean
     public IdGenerator idGenerator(
             @Value("${maxkey.id.strategy:SnowFlake}") String strategy,
             @Value("${maxkey.id.datacenterId:0}") int datacenterId,
@@ -182,7 +182,7 @@ public class ApplicationAutoConfiguration  implements InitializingBean {
     }
 
     
-    @Bean(name = "momentaryService")
+    @Bean
     public MomentaryService momentaryService(
     		RedisConnectionFactory redisConnFactory,
     		@Value("${maxkey.server.persistence}") int persistence) throws JOSEException {

maxkey-core/src/main/java/org/maxkey/configuration/ApplicationConfig.java

@@ -37,16 +37,7 @@ import org.springframework.stereotype.Component;
 @Configuration
 public class ApplicationConfig {
     
-    @Autowired
-    EmailConfig emailConfig;
-    
-    @Autowired
-    CharacterEncodingConfig characterEncodingConfig;
-    
-    @Autowired
-    LoginConfig loginConfig;
-
-    @Value("${maxkey.server.basedomain}")
+	@Value("${maxkey.server.basedomain}")
     String baseDomainName;
 
     @Value("${maxkey.server.domain}")
@@ -83,6 +74,17 @@ public class ApplicationConfig {
     private boolean noticesVisible;
     
     public static String  databaseProduct = "MySQL";
+	    
+	@Autowired
+    EmailConfig emailConfig;
+    
+    @Autowired
+    CharacterEncodingConfig characterEncodingConfig;
+    
+    @Autowired
+    LoginConfig loginConfig;
+
+   
     
     
     public int getPort() {

maxkey-core/src/main/java/org/maxkey/configuration/AuthJwkConfig.java

@@ -25,9 +25,6 @@ import org.springframework.stereotype.Component;
 @Configuration
 public class AuthJwkConfig {
 
-	@Value("${maxkey.auth.jwt.issuer:https://sso.maxkey.top/}")
-	String 	issuer;
-	
 	@Value("${maxkey.auth.jwt.expires:86400}")
 	int 	expires;
 	
@@ -35,10 +32,13 @@ public class AuthJwkConfig {
 	String 	secret;
 	
 	@Value("${maxkey.session.timeout}")
-	String 	refreshExpire;
+	int 	refreshExpires;
 	
 	@Value("${maxkey.auth.jwt.refresh.secret}")
 	String 	refreshSecret;
+	
+	@Value("${maxkey.auth.jwt.issuer:https://sso.maxkey.top/}")
+	String 	issuer;
 
 	public AuthJwkConfig() {
 		super();
@@ -52,7 +52,6 @@ public class AuthJwkConfig {
 		this.issuer = issuer;
 	}
 
-	
 
 	public int getExpires() {
 		return expires;
@@ -69,6 +68,22 @@ public class AuthJwkConfig {
 	public void setSecret(String secret) {
 		this.secret = secret;
 	}
+	
+	public int getRefreshExpires() {
+		return refreshExpires;
+	}
+
+	public void setRefreshExpires(int refreshExpires) {
+		this.refreshExpires = refreshExpires;
+	}
+
+	public String getRefreshSecret() {
+		return refreshSecret;
+	}
+
+	public void setRefreshSecret(String refreshSecret) {
+		this.refreshSecret = refreshSecret;
+	}
 
 	@Override
 	public String toString() {

maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java

@@ -45,15 +45,12 @@ public class AuthorizeBaseEndpoint {
 	final static Logger _logger = LoggerFactory.getLogger(AuthorizeBaseEndpoint.class);
 	
 	@Autowired 
-    @Qualifier("applicationConfig")
     protected ApplicationConfig applicationConfig;
 	
 	@Autowired
-	@Qualifier("appsService")
 	protected AppsService appsService;
 		
 	@Autowired
-	@Qualifier("accountsService")
 	protected AccountsService accountsService;
 		
 	protected Apps getApp(String id){

maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasBaseAuthorizeEndpoint.java

@@ -33,11 +33,9 @@ public class CasBaseAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
     final static Logger _logger = LoggerFactory.getLogger(CasBaseAuthorizeEndpoint.class);
     
     @Autowired
-    @Qualifier("appsCasDetailsService")
     protected AppsCasDetailsService casDetailsService;
     
     @Autowired
-    @Qualifier("userInfoService")
     protected UserInfoService userInfoService;
     
     @Autowired

maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java

@@ -33,7 +33,7 @@ import org.apache.commons.lang.Validate;
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.LoginCredential;
 import org.maxkey.authn.jwt.AuthJwt;
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.authz.saml.common.EndpointGenerator;
 import org.maxkey.authz.saml.common.TrustResolver;
 import org.maxkey.authz.saml.service.IDService;
@@ -120,7 +120,7 @@ public class ConsumerEndpoint {
 	private MessageReplayRule messageReplayRule;
 	
 	@Autowired
-	AuthJwtService authJwtService;
+	AuthTokenService authJwtService;
 
 	EndpointGenerator endpointGenerator;
 	AuthnRequestGenerator authnRequestGenerator;

maxkey-web-frontend/maxkey-web-app/src/app/core/net/default.interceptor.ts

@@ -13,9 +13,12 @@ import { DA_SERVICE_TOKEN, ITokenService } from '@delon/auth';
 import { ALAIN_I18N_TOKEN, _HttpClient } from '@delon/theme';
 import { environment } from '@env/environment';
 import { NzNotificationService } from 'ng-zorro-antd/notification';
+import { CookieService } from 'ngx-cookie-service';
 import { BehaviorSubject, Observable, of, throwError } from 'rxjs';
 import { catchError, filter, mergeMap, switchMap, take } from 'rxjs/operators';
 
+import { CONSTS } from '../../shared/consts';
+
 const CODEMESSAGE: { [key: number]: string } = {
   200: '服务器成功返回请求的数据。',
   201: '新建或修改数据成功。',
@@ -54,6 +57,10 @@ export class DefaultInterceptor implements HttpInterceptor {
     return this.injector.get(NzNotificationService);
   }
 
+  private get cookieService(): CookieService {
+    return this.injector.get(CookieService);
+  }
+
   private get tokenSrv(): ITokenService {
     return this.injector.get(DA_SERVICE_TOKEN);
   }
@@ -80,17 +87,18 @@ export class DefaultInterceptor implements HttpInterceptor {
    */
   private refreshTokenRequest(): Observable<any> {
     const model = this.tokenSrv.get();
-    return this.http.post(`/api/auth/refresh`, null, null, { headers: { refresh_token: model?.['refresh_token'] || '' } });
+    return this.http.post(`/auth/token/refresh`, null, null, { headers: { refresh_token: model?.['refreshToken'] || '' } });
   }
 
   // #region 刷新Token方式一：使用 401 重新刷新 Token
 
   private tryRefreshToken(ev: HttpResponseBase, req: HttpRequest<any>, next: HttpHandler): Observable<any> {
     // 1、若请求为刷新Token请求，表示来自刷新Token可以直接跳转登录页
-    if ([`/api/auth/refresh`].some(url => req.url.includes(url))) {
+    if ([`/auth/token/refresh`].some(url => req.url.includes(url))) {
       this.toLogin();
       return throwError(ev);
     }
+
     // 2、如果 `refreshToking` 为 `true` 表示已经在请求刷新 Token 中，后续所有请求转入等待状态，直至结果返回后再重新发起请求
     if (this.refreshToking) {
       return this.refreshToken$.pipe(
@@ -99,17 +107,20 @@ export class DefaultInterceptor implements HttpInterceptor {
         switchMap(() => next.handle(this.reAttachToken(req)))
       );
     }
+
     // 3、尝试调用刷新 Token
     this.refreshToking = true;
     this.refreshToken$.next(null);
 
     return this.refreshTokenRequest().pipe(
       switchMap(res => {
+        console.log(res.data);
         // 通知后续请求继续执行
         this.refreshToking = false;
-        this.refreshToken$.next(res);
+        this.refreshToken$.next(res.data.refreshToken);
+        this.cookieService.set(CONSTS.CONGRESS, res.data.token);
         // 重新保存新 token
-        this.tokenSrv.set(res);
+        this.tokenSrv.set(res.data);
         // 重新发起请求
         return next.handle(this.reAttachToken(req));
       }),
@@ -127,6 +138,7 @@ export class DefaultInterceptor implements HttpInterceptor {
    * > 由于已经发起的请求，不会再走一遍 `@delon/auth` 因此需要结合业务情况重新附加新的 Token
    */
   private reAttachToken(req: HttpRequest<any>): HttpRequest<any> {
+    //console.log('reAttachToken');
     // 以下示例是以 NG-ALAIN 默认使用 `SimpleInterceptor`
     const token = this.tokenSrv.get()?.token;
     return req.clone({

maxkey-web-frontend/maxkey-web-app/src/environments/environment.ts

@@ -13,7 +13,7 @@ export const environment = {
   api: {
     baseUrl: 'http://sso.maxkey.top:8080/maxkey',
     refreshTokenEnabled: true,
-    refreshTokenType: 'auth-refresh'
+    refreshTokenType: 're-request'
   },
   modules: [DelonMockModule.forRoot({ data: MOCKDATA })]
 } as Environment;

maxkey-web-frontend/maxkey-web-mgt-app/src/app/core/net/default.interceptor.ts

@@ -80,14 +80,14 @@ export class DefaultInterceptor implements HttpInterceptor {
    */
   private refreshTokenRequest(): Observable<any> {
     const model = this.tokenSrv.get();
-    return this.http.post(`/api/auth/refresh`, null, null, { headers: { refresh_token: model?.['refresh_token'] || '' } });
+    return this.http.post(`/auth/token/refresh`, null, null, { headers: { refresh_token: model?.['refresh_token'] || '' } });
   }
 
   // #region 刷新Token方式一：使用 401 重新刷新 Token
 
   private tryRefreshToken(ev: HttpResponseBase, req: HttpRequest<any>, next: HttpHandler): Observable<any> {
     // 1、若请求为刷新Token请求，表示来自刷新Token可以直接跳转登录页
-    if ([`/api/auth/refresh`].some(url => req.url.includes(url))) {
+    if ([`/auth/token/refresh`].some(url => req.url.includes(url))) {
       this.toLogin();
       return throwError(ev);
     }

maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java

@@ -77,7 +77,7 @@ public class MaxKeyConfig  implements InitializingBean {
     private static final  Logger _logger = LoggerFactory.getLogger(MaxKeyConfig.class);
     
 
-    @Bean(name = "otpKeyUriFormat")
+    @Bean
     public OtpKeyUriFormat otpKeyUriFormat(
                 @Value("${maxkey.otp.policy.type:totp}")
                 String type,
@@ -96,7 +96,7 @@ public class MaxKeyConfig  implements InitializingBean {
     }
     
     //可以在此实现其他的登陆认证方式，请实现AbstractAuthenticationRealm
-    @Bean(name = "authenticationRealm")
+    @Bean
     public JdbcAuthenticationRealm authenticationRealm(
     			PasswordEncoder passwordEncoder,
 	    		PasswordPolicyValidator passwordPolicyValidator,
@@ -120,7 +120,7 @@ public class MaxKeyConfig  implements InitializingBean {
         return authenticationRealm;
     }
     
-	@Bean(name = "timeBasedOtpAuthn")
+	@Bean
     public TimeBasedOtpAuthn timeBasedOtpAuthn(
                 @Value("${maxkey.otp.policy.digits:6}")
                 int digits,
@@ -131,8 +131,8 @@ public class MaxKeyConfig  implements InitializingBean {
         return tfaOtpAuthn;
     }
     
-    @Bean(name = "tfaOtpAuthn")
-    public AbstractOtpAuthn tfaOptAuthn(
+    @Bean
+    public AbstractOtpAuthn tfaOtpAuthn(
                 @Value("${maxkey.login.mfa.type}")String mfaType,
                 @Value("${maxkey.otp.policy.digits:6}")
                 int digits,
@@ -152,7 +152,7 @@ public class MaxKeyConfig  implements InitializingBean {
         return tfaOtpAuthn;
     }
     
-    @Bean(name = "mailOtpAuthn")
+    @Bean
     public MailOtpAuthn mailOtpAuthn(
             EmailConfig emailConfig,
             @Value("${spring.mail.properties.mailotp.message.subject}")
@@ -185,7 +185,7 @@ public class MaxKeyConfig  implements InitializingBean {
     }
     
     
-    @Bean(name = "kerberosService")
+    @Bean
     public RemoteKerberosService kerberosService(
             @Value("${maxkey.login.kerberos.default.userdomain}")
             String userDomain,

maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java

@@ -46,6 +46,15 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 @EnableWebMvc
 public class MaxKeyMvcConfig implements WebMvcConfigurer {
     private static final  Logger _logger = LoggerFactory.getLogger(MaxKeyMvcConfig.class);
+   
+    @Value("${maxkey.login.basic.enable:false}")
+    private boolean basicEnable;
+    
+    @Value("${maxkey.login.httpheader.enable:false}")
+    private boolean httpHeaderEnable;
+    
+    @Value("${maxkey.login.httpheader.headername:iv-user}")
+    private String httpHeaderName;
     
     @Autowired
   	ApplicationConfig applicationConfig;
@@ -69,15 +78,6 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
     @Autowired
     HistorySignOnAppInterceptor historySignOnAppInterceptor;
     
-    @Value("${maxkey.login.httpheader.enable:false}")
-    private boolean httpHeaderEnable;
-    
-    @Value("${maxkey.login.httpheader.headername:iv-user}")
-    private String httpHeaderName;
-    
-    @Value("${maxkey.login.basic.enable:false}")
-    private boolean basicEnable;
-    
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
     	_logger.debug("addResourceHandlers");

maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java

@@ -20,6 +20,7 @@ package org.maxkey.web.contorller;
 import java.util.List;
 
 import org.maxkey.authn.annotation.CurrentUser;
+import org.maxkey.authn.web.AuthorizationUtils;
 import org.maxkey.constants.ConstsStatus;
 import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.Accounts;
@@ -78,6 +79,7 @@ public class AppListController {
         for (UserApps app : appList) {
         	app.transIconBase64();
         }
+        //AuthorizationUtils.setAuthentication(null);
         return new Message<List<UserApps>>(appList).buildResponse();
     }
  

maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java

@@ -20,7 +20,7 @@ package org.maxkey.web.contorller;
 import java.util.regex.Pattern;
 
 import org.apache.commons.lang3.StringUtils;
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.configuration.EmailConfig;
 import org.maxkey.entity.ChangePassword;
 import org.maxkey.entity.Message;
@@ -68,7 +68,7 @@ public class ForgotPasswordContorller {
     }
     
     @Autowired
-	AuthJwtService authJwtService;
+	AuthTokenService authTokenService;
     
     @Autowired
     UserInfoService userInfoService;
@@ -88,7 +88,7 @@ public class ForgotPasswordContorller {
     			@RequestParam String captcha) {
         _logger.debug("forgotpassword  /forgotpassword/produceOtp.");
         _logger.debug(" Mobile {}: " ,mobile);
-        if (!authJwtService.validateCaptcha(state,captcha)) {    
+        if (!authTokenService.validateCaptcha(state,captcha)) {    
         	_logger.debug("login captcha valid error.");
         	return new Message<ChangePassword>(Message.FAIL).buildResponse();
         }
@@ -116,7 +116,7 @@ public class ForgotPasswordContorller {
     			@RequestParam String state,
     			@RequestParam String captcha) {
         _logger.debug("/forgotpassword/produceEmailOtp Email {} : " , email);
-        if (!authJwtService.validateCaptcha(state,captcha)) {
+        if (!authTokenService.validateCaptcha(state,captcha)) {
         	_logger.debug("captcha valid error.");
         	return new Message<ChangePassword>(Message.FAIL).buildResponse();
         }

maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/IndexEndpoint.java

@@ -49,8 +49,8 @@ public class IndexEndpoint {
 	NoticesService noticesService;
 	
 	@Autowired
-  	@Qualifier("applicationConfig")
   	ApplicationConfig applicationConfig;
+	
 	@RequestMapping(value={"/forwardindex"})
 	public ModelAndView forwardindex(HttpServletRequest request,
             HttpServletResponse response) throws ServletException, IOException {

maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java

@@ -28,9 +28,9 @@ import org.apache.commons.lang3.StringUtils;
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.LoginCredential;
 import org.maxkey.authn.jwt.AuthJwt;
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.authn.support.kerberos.KerberosService;
-import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
+import org.maxkey.authn.support.rememberme.AbstractRemeberMeManager;
 import org.maxkey.authn.support.rememberme.RemeberMe;
 import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService;
 import org.maxkey.configuration.ApplicationConfig;
@@ -45,7 +45,6 @@ import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
@@ -71,17 +70,15 @@ public class LoginEntryPoint {
 	Pattern mobileRegex = Pattern.compile("^(13[4,5,6,7,8,9]|15[0,8,9,1,7]|188|187)\\\\d{8}$");
 	
 	@Autowired
-	AuthJwtService authJwtService;
+	AuthTokenService authTokenService;
 	
 	@Autowired
   	ApplicationConfig applicationConfig;
  	
 	@Autowired
-	@Qualifier("authenticationProvider")
 	AbstractAuthenticationProvider authenticationProvider ;
 
 	@Autowired
-	@Qualifier("socialSignOnProviderService")
 	SocialSignOnProviderService socialSignOnProviderService;
 	
 	@Autowired
@@ -91,15 +88,13 @@ public class LoginEntryPoint {
 	UserInfoService userInfoService;
 	
 	@Autowired
-    @Qualifier("tfaOtpAuthn")
-    protected AbstractOtpAuthn tfaOtpAuthn;
+    AbstractOtpAuthn tfaOtpAuthn;
 	
 	@Autowired
-    @Qualifier("otpAuthnService")
-    protected OtpAuthnService otpAuthnService;
+    OtpAuthnService otpAuthnService;
 	
 	@Autowired
-	AbstractRemeberMeService remeberMeService;
+	AbstractRemeberMeManager remeberMeManager;
 	
 	/**
 	 * init login
@@ -112,16 +107,16 @@ public class LoginEntryPoint {
 		_logger.debug("/get.");
 		//Remember Me
 		if(StringUtils.isNotBlank(rememberMeJwt)
-				&& authJwtService.validateJwtToken(rememberMeJwt)) {
+				&& authTokenService.validateJwtToken(rememberMeJwt)) {
 			try {
-				RemeberMe remeberMe = remeberMeService.resolve(rememberMeJwt);
+				RemeberMe remeberMe = remeberMeManager.resolve(rememberMeJwt);
 				if(remeberMe != null) {
 					LoginCredential credential = new LoginCredential();
-					String remeberMeJwt = remeberMeService.updateRemeberMe(remeberMe);
+					String remeberMeJwt = remeberMeManager.updateRemeberMe(remeberMe);
 					credential.setUsername(remeberMe.getUsername());
 					Authentication  authentication = authenticationProvider.authenticate(credential,true);
 					if(authentication != null) {
-			 			AuthJwt authJwt = authJwtService.genAuthJwt(authentication);
+			 			AuthJwt authJwt = authTokenService.genAuthJwt(authentication);
 			 			authJwt.setRemeberMe(remeberMeJwt);
 			 			return new Message<AuthJwt>(authJwt).buildResponse();
 					}
@@ -150,7 +145,7 @@ public class LoginEntryPoint {
 			model.put("captcha", inst.getCaptchaSupport());
 			model.put("captchaType", inst.getCaptchaType());
 		}
-		model.put("state", authJwtService.genJwt());
+		model.put("state", authTokenService.genRandomJwt());
 		//load Social Sign On Providers
 		model.put("socials", socialSignOnProviderService.loadSocials(inst.getId()));
 		
@@ -178,16 +173,16 @@ public class LoginEntryPoint {
 	public ResponseEntity<?> signin( HttpServletRequest request, HttpServletResponse response,
 					@RequestBody LoginCredential credential) {
  		Message<AuthJwt> authJwtMessage = new Message<AuthJwt>(Message.FAIL);
- 		if(authJwtService.validateJwtToken(credential.getState())){
+ 		if(authTokenService.validateJwtToken(credential.getState())){
  			String authType =  credential.getAuthType();
  			 _logger.debug("Login AuthN Type  " + authType);
  	        if (StringUtils.isNotBlank(authType)){
 		 		Authentication  authentication = authenticationProvider.authenticate(credential);	 				
 		 		if(authentication != null) {
-		 			AuthJwt authJwt = authJwtService.genAuthJwt(authentication);
+		 			AuthJwt authJwt = authTokenService.genAuthJwt(authentication);
 		 			if(StringUtils.isNotBlank(credential.getRemeberMe())
 		 					&&credential.getRemeberMe().equalsIgnoreCase("true")) {
-		 				String remeberMe = remeberMeService.createRemeberMe(authentication, request, response);
+		 				String remeberMe = remeberMeManager.createRemeberMe(authentication, request, response);
 		 				authJwt.setRemeberMe(remeberMe);
 			 		}
 		 			if(WebContext.getAttribute(WebConstants.CURRENT_USER_PASSWORD_SET_TYPE)!=null)
@@ -211,7 +206,7 @@ public class LoginEntryPoint {
  	@RequestMapping(value={"/congress"}, produces = {MediaType.APPLICATION_JSON_VALUE})
 	public ResponseEntity<?> congress( @RequestBody LoginCredential credential) {
  		if(StringUtils.isNotBlank(credential.getCongress())){
- 			AuthJwt authJwt = authJwtService.consumeCongress(credential.getCongress());
+ 			AuthJwt authJwt = authTokenService.consumeCongress(credential.getCongress());
  			if(authJwt != null) {
  				return new Message<AuthJwt>(authJwt).buildResponse();
  			}

maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/OneTimePasswordController.java

@@ -35,7 +35,6 @@ import org.maxkey.web.image.ImageEndpoint;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -54,11 +53,9 @@ public class OneTimePasswordController {
     static final  Logger _logger  =  LoggerFactory.getLogger(OneTimePasswordController.class);
 
     @Autowired
-    @Qualifier("userInfoService")
     private UserInfoService userInfoService;
 
     @Autowired
-    @Qualifier("otpKeyUriFormat")
     OtpKeyUriFormat otpKeyUriFormat;
 
     @RequestMapping(value = {"/timebased"})

maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/RegisterController.java

@@ -22,7 +22,7 @@ import java.util.regex.Pattern;
 
 import javax.servlet.ServletException;
 
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstsStatus;
 import org.maxkey.crypto.password.PasswordReciprocal;
@@ -55,7 +55,7 @@ public class RegisterController {
 	Pattern mobileRegex = Pattern.compile("^[1][3,4,5,7,8][0-9]{9}$");
 	
 	@Autowired
-	AuthJwtService authJwtService;
+	AuthTokenService authTokenService;
 	
 	@Autowired 
   	protected ApplicationConfig applicationConfig;

maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SocialSignOnListController.java

@@ -44,7 +44,6 @@ public class SocialSignOnListController {
 	@Autowired
 	protected SocialsAssociatesService socialsAssociatesService;
 	
-	
 	@RequestMapping(value={"/fetch"})
 	@ResponseBody
 	public ResponseEntity<?> fetch(@CurrentUser UserInfo currentUser){

maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/SingleSignOnInterceptor.java

@@ -19,7 +19,7 @@ package org.maxkey.web.interceptor;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.authn.session.SessionManager;
 import org.maxkey.authn.web.AuthorizationUtils;
 import org.maxkey.configuration.ApplicationConfig;
@@ -42,7 +42,7 @@ public class SingleSignOnInterceptor  implements AsyncHandlerInterceptor {
 	SessionManager sessionManager;
     
     @Autowired
-	AuthJwtService authJwtService ;
+	AuthTokenService authTokenService ;
     
     @Override
     public boolean preHandle(HttpServletRequest request, 
@@ -51,7 +51,7 @@ public class SingleSignOnInterceptor  implements AsyncHandlerInterceptor {
     	_logger.trace("Single Sign On Interceptor");
        
     	AuthorizationUtils.authenticateWithCookie(
-    				request,authJwtService,sessionManager);
+    				request,authTokenService,sessionManager);
 
         if(AuthorizationUtils.isNotAuthenticated()){
         	String loginUrl = applicationConfig.getFrontendUri() + "/#/passport/login?redirect_uri=%s";

maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties

@@ -55,7 +55,7 @@ maxkey.app.issuer                               =CN=ConSec,CN=COM,CN=SH
 maxkey.session.timeout                          =${SERVER_SESSION_TIMEOUT:1800}
 
 maxkey.auth.jwt.issuer                          =${maxkey.server.uri}
-maxkey.auth.jwt.expire                          =600
+maxkey.auth.jwt.expires                         =60
 maxkey.auth.jwt.secret                          =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
 maxkey.auth.jwt.refresh.secret                  =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
 ############################################################################

maxkey-webs/maxkey-web-maxkey/src/main/resources/application-https.properties

@@ -51,7 +51,7 @@ maxkey.app.issuer                               =CN=ConSec,CN=COM,CN=SH
 maxkey.session.timeout                          =${SERVER_SESSION_TIMEOUT:1800}
 
 maxkey.auth.jwt.issuer                          =${maxkey.server.uri}
-maxkey.auth.jwt.expire                          =600
+maxkey.auth.jwt.expires                         =600
 maxkey.auth.jwt.secret                          =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
 maxkey.auth.jwt.refresh.secret                  =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
 ############################################################################

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/MaxKeyMgtConfig.java

@@ -37,7 +37,7 @@ public class MaxKeyMgtConfig  implements InitializingBean {
     private static final  Logger _logger = LoggerFactory.getLogger(MaxKeyMgtConfig.class);
     
 	//authenticationRealm for MaxKeyMgtApplication
-	@Bean(name = "authenticationRealm")
+	@Bean
 	public JdbcAuthenticationRealm authenticationRealm(
  			PasswordEncoder passwordEncoder,
 	    		PasswordPolicyValidator passwordPolicyValidator,
@@ -58,7 +58,7 @@ public class MaxKeyMgtConfig  implements InitializingBean {
         return authenticationRealm;
     }
 
-	@Bean(name = "timeBasedOtpAuthn")
+	@Bean
     public AbstractOtpAuthn timeBasedOtpAuthn() {
 		AbstractOtpAuthn tfaOtpAuthn = new TimeBasedOtpAuthn();
 	    _logger.debug("TimeBasedOtpAuthn inited.");

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/Oauth20ClientAutoConfiguration.java

@@ -46,8 +46,8 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 public class Oauth20ClientAutoConfiguration  implements InitializingBean {
     private static final  Logger _logger = LoggerFactory.getLogger(Oauth20ClientAutoConfiguration.class);
     
-    @Bean(name = "oauth20JdbcClientDetailsService")
-    public JdbcClientDetailsService jdbcClientDetailsService(
+    @Bean
+    public JdbcClientDetailsService oauth20JdbcClientDetailsService(
                 DataSource dataSource,PasswordEncoder passwordReciprocal) {
 	    JdbcClientDetailsService clientDetailsService = new JdbcClientDetailsService(dataSource);
 	    clientDetailsService.setPasswordEncoder(passwordReciprocal);
@@ -60,7 +60,7 @@ public class Oauth20ClientAutoConfiguration  implements InitializingBean {
      * @param persistence int
      * @return oauth20TokenStore
      */
-    @Bean(name = "oauth20TokenStore")
+    @Bean
     public TokenStore oauth20TokenStore(
             @Value("${maxkey.server.persistence}") int persistence,
             JdbcTemplate jdbcTemplate,
@@ -81,8 +81,8 @@ public class Oauth20ClientAutoConfiguration  implements InitializingBean {
      * clientDetailsUserDetailsService. 
      * @return oauth20TokenServices
      */
-    @Bean(name = "oauth20TokenServices")
-    public DefaultTokenServices defaultTokenServices(
+    @Bean
+    public DefaultTokenServices oauth20TokenServices(
             JdbcClientDetailsService oauth20JdbcClientDetailsService,
             TokenStore oauth20TokenStore) {
         DefaultTokenServices tokenServices = new DefaultTokenServices();
@@ -96,7 +96,7 @@ public class Oauth20ClientAutoConfiguration  implements InitializingBean {
      * ProviderManager. 
      * @return oauth20ClientAuthenticationManager
      */
-    @Bean(name = "oauth20ClientAuthenticationManager")
+    @Bean
     public ProviderManager oauth20ClientAuthenticationManager(
             JdbcClientDetailsService oauth20JdbcClientDetailsService,
             PasswordEncoder passwordReciprocal

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java

@@ -21,7 +21,6 @@ import org.maxkey.entity.UserInfo;
 import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
 import org.maxkey.persistence.service.UserInfoService;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -36,11 +35,9 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 public class RestTimeBasedOtpController {
 
 	@Autowired
-    @Qualifier("timeBasedOtpAuthn")
     protected AbstractOtpAuthn timeBasedOtpAuthn;
     
     @Autowired
-    @Qualifier("userInfoService")
     private UserInfoService userInfoService;
     
     @Operation(summary = "基于时间令牌验证 API文档模块", description = "传递参数username和token",method="GET")

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/SAML20DetailsController.java

@@ -63,8 +63,7 @@ public class SAML20DetailsController   extends BaseAppContorller {
 	final static Logger _logger = LoggerFactory.getLogger(SAML20DetailsController.class);
 	
 	@Autowired
-	@Qualifier("keyStoreLoader")
-	private KeyStoreLoader idpKeyStoreLoader;
+	private KeyStoreLoader keyStoreLoader;
 	
 	@Autowired
 	AppsSaml20DetailsService saml20DetailsService;
@@ -184,7 +183,7 @@ public class SAML20DetailsController   extends BaseAppContorller {
 		
 			samlDetails.setCertIssuer(X509CertUtils.getCommonName(samlDetails.getTrustCert().getIssuerX500Principal()));
 			
-			KeyStore keyStore = KeyStoreUtil.clone(idpKeyStoreLoader.getKeyStore(),idpKeyStoreLoader.getKeystorePassword());
+			KeyStore keyStore = KeyStoreUtil.clone(keyStoreLoader.getKeyStore(),keyStoreLoader.getKeystorePassword());
 		
 			KeyStore trustKeyStore = null;
 			if (!samlDetails.getEntityId().equals("")) {
@@ -193,7 +192,7 @@ public class SAML20DetailsController   extends BaseAppContorller {
 				trustKeyStore = KeyStoreUtil.importTrustCertificate(keyStore,samlDetails.getTrustCert());
 			}
 		
-			byte[] keyStoreByte = KeyStoreUtil.keyStore2Bytes(trustKeyStore,idpKeyStoreLoader.getKeystorePassword());
+			byte[] keyStoreByte = KeyStoreUtil.keyStore2Bytes(trustKeyStore,keyStoreLoader.getKeystorePassword());
 		
 			// store KeyStore content
 			samlDetails.setKeyStore(keyStoreByte);

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/DashboardController.java

@@ -26,7 +26,6 @@ import org.maxkey.persistence.service.ReportService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
@@ -41,7 +40,6 @@ public class DashboardController {
 	
 	private static Logger _logger = LoggerFactory.getLogger(DashboardController.class);
 	@Autowired
-	@Qualifier("reportService")
 	ReportService reportService;
 
 	@RequestMapping(value={"/dashboard"}, produces = {MediaType.APPLICATION_JSON_VALUE})

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java

@@ -22,7 +22,7 @@ import java.util.HashMap;
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.LoginCredential;
 import org.maxkey.authn.jwt.AuthJwt;
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.entity.Institutions;
 import org.maxkey.entity.Message;
@@ -50,13 +50,12 @@ public class LoginEntryPoint {
 	private static Logger _logger = LoggerFactory.getLogger(LoginEntryPoint.class);
 	
 	@Autowired
-	AuthJwtService authJwtService;
+	AuthTokenService authTokenService;
 	
 	@Autowired
   	protected ApplicationConfig applicationConfig;
  	
 	@Autowired
-	@Qualifier("authenticationProvider")
 	AbstractAuthenticationProvider authenticationProvider ;
 	
 	/**
@@ -77,15 +76,15 @@ public class LoginEntryPoint {
 			model.put("captcha", inst.getCaptchaSupport());
 			model.put("captchaType", inst.getCaptchaType());
 		}
-		model.put("state", authJwtService.genJwt());
+		model.put("state", authTokenService.genRandomJwt());
 		return new Message<HashMap<String , Object>>(model).buildResponse();
 	}
  	
  	@RequestMapping(value={"/signin"}, produces = {MediaType.APPLICATION_JSON_VALUE})
 	public ResponseEntity<?> signin( @RequestBody LoginCredential loginCredential) {
- 		if(authJwtService.validateJwtToken(loginCredential.getState())){
+ 		if(authTokenService.validateJwtToken(loginCredential.getState())){
 	 		Authentication  authentication  = authenticationProvider.authenticate(loginCredential);
-	 		AuthJwt authJwt = authJwtService.genAuthJwt(authentication);
+	 		AuthJwt authJwt = authTokenService.genAuthJwt(authentication);
 	 		return new Message<AuthJwt>(authJwt).buildResponse();
  		}
  		return new Message<AuthJwt>(Message.FAIL).buildResponse();

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/UserAdjointController.java

@@ -29,7 +29,6 @@ import org.maxkey.web.message.MessageType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -44,7 +43,6 @@ public class UserAdjointController {
 	final static Logger _logger = LoggerFactory.getLogger(UserAdjointController.class);
 	
 	@Autowired
-	@Qualifier("userInfoAdjointService")
 	UserInfoAdjointService userInfoAdjointService;
 
 	

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/historys/contorller/ConnectorHistoryController.java

@@ -52,7 +52,6 @@ public class ConnectorHistoryController {
 final static Logger _logger = LoggerFactory.getLogger(ConnectorHistoryController.class);
 
 	@Autowired
-    @Qualifier("historyConnectorService")
 	HistoryConnectorService historyConnectorService;
 	
 	/**

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/historys/contorller/SynchronizerHistoryController.java

@@ -29,7 +29,6 @@ import org.maxkey.util.DateUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.propertyeditors.CustomDateEditor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
@@ -52,7 +51,6 @@ public class SynchronizerHistoryController {
 final static Logger _logger = LoggerFactory.getLogger(SynchronizerHistoryController.class);
 
 	@Autowired
-    @Qualifier("historySynchronizerService")
 	HistorySynchronizerService historySynchronizerService;
 	
 	/**

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/Oauth20ApiPermissionAdapter.java

@@ -30,7 +30,6 @@ import org.maxkey.util.AuthorizationHeaderUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.AsyncHandlerInterceptor;
 
@@ -44,12 +43,10 @@ public class Oauth20ApiPermissionAdapter  implements AsyncHandlerInterceptor  {
 	private static final Logger _logger = LoggerFactory.getLogger(Oauth20ApiPermissionAdapter.class);
 	
 	@Autowired
-    @Qualifier("passwordReciprocal")
     protected PasswordReciprocal passwordReciprocal;
 	
 	@Autowired
-    @Qualifier("oauth20TokenServices")
-    private DefaultTokenServices oauth20tokenServices;
+    private DefaultTokenServices oauth20TokenServices;
 	
 	static  ConcurrentHashMap<String ,String >navigationsMap=null;
 	
@@ -64,7 +61,7 @@ public class Oauth20ApiPermissionAdapter  implements AsyncHandlerInterceptor  {
 		String  authorization = request.getHeader(AuthorizationHeaderUtils.HEADER_Authorization);
 		 
 		 String accessToken = AuthorizationHeaderUtils.resolveBearer(authorization);
-		 OAuth2Authentication authentication = oauth20tokenServices.loadAuthentication(accessToken);
+		 OAuth2Authentication authentication = oauth20TokenServices.loadAuthentication(accessToken);
 		 
 		//判断应用的accessToken信息
 		if(authentication != null ){

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java

@@ -31,7 +31,6 @@ import org.maxkey.util.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.userdetails.User;
@@ -48,12 +47,10 @@ public class RestApiPermissionAdapter  implements AsyncHandlerInterceptor  {
 	private static final Logger _logger = LoggerFactory.getLogger(RestApiPermissionAdapter.class);
 
 	@Autowired
-	@Qualifier("oauth20TokenServices")
 	DefaultTokenServices oauth20TokenServices;
 
 	@Autowired
-    @Qualifier("oauth20ClientAuthenticationManager")
-	ProviderManager authenticationManager;
+	ProviderManager oauth20ClientAuthenticationManager;
 	
 	static  ConcurrentHashMap<String ,String >navigationsMap=null;
 	
@@ -79,7 +76,7 @@ public class RestApiPermissionAdapter  implements AsyncHandlerInterceptor  {
 							new UsernamePasswordAuthenticationToken(
 									headerCredential.getUsername(),
 									headerCredential.getCredential());
-			    	authenticationToken= (UsernamePasswordAuthenticationToken)authenticationManager.authenticate(authRequest);
+			    	authenticationToken= (UsernamePasswordAuthenticationToken)oauth20ClientAuthenticationManager.authenticate(authRequest);
 			    }
 			}else {
 				_logger.trace("Authentication bearer " + headerCredential.getCredential());

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/permissions/contorller/RolePrivilegesController.java

@@ -30,7 +30,6 @@ import org.maxkey.util.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
@@ -46,7 +45,6 @@ public class RolePrivilegesController {
 	final static Logger _logger = LoggerFactory.getLogger(RolePrivilegesController.class);
 	
 	@Autowired
-    @Qualifier("rolesService")
     RolesService rolesService;
 	
 	@ResponseBody

maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties

@@ -40,9 +40,11 @@ maxkey.server.persistence                       =0
 #identity none, Kafka ,RocketMQ
 maxkey.server.message.queue                     =${SERVER_MESSAGE_QUEUE:none}
 
-maxkey.auth.jwt.expire                          =86400
+maxkey.session.timeout                          =${SERVER_SESSION_TIMEOUT:1800}
+maxkey.auth.jwt.expires                         =86400
 maxkey.auth.jwt.issuer                          =${maxkey.server.uri}
 maxkey.auth.jwt.secret                          =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
+maxkey.auth.jwt.refresh.secret                  =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
 ############################################################################
 #Login configuration                                                       #
 ############################################################################