diff --git a/.gitignore b/.gitignore
index 0ee7db0c..8f5b91a2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,4 +13,7 @@ build/*
 *.log.*
 */logs/*
 */jdk/*
-jdk/*
\ No newline at end of file
+jdk/*
+
+*/org/apache/mybatis/jpa/*
+org/apache/mybatis/jpa/*
\ No newline at end of file
diff --git a/maxkey-client-sdk/src/main/java/org/maxkey/client/oauth/OAuthClient.java b/maxkey-client-sdk/src/main/java/org/maxkey/client/oauth/OAuthClient.java
index d22ef3c3..4850344c 100644
--- a/maxkey-client-sdk/src/main/java/org/maxkey/client/oauth/OAuthClient.java
+++ b/maxkey-client-sdk/src/main/java/org/maxkey/client/oauth/OAuthClient.java
@@ -17,12 +17,13 @@ import org.maxkey.client.utils.Preconditions;
 public class OAuthClient {
 	
 	private   static  Log log  =  LogFactory.getLog(OAuthClient. class );
+	private static final String DEFAULT_WEB_URL = "http://sso.maxkey.org/maxkey";
 	
-	public static String OAUTH_V20_USERINFO_URI="http://login.connsec.com/maxkey/api/oauth/v20/me";
+	public static String OAUTH_V20_USERINFO_URI=DEFAULT_WEB_URL+"/api/oauth/v20/me";
 	
-	public static String OAUTH_V10A_USERINFO_URI="http://login.connsec.com/maxkey/api/oauth/v10a/me";
+	public static String OAUTH_V10A_USERINFO_URI=DEFAULT_WEB_URL+"/api/oauth/v10a/me";
 	
-	public static String OPENID_CONNECT_V10A_USERINFO_URI="http://login.connsec.com/maxkey/api/connect/v10/userinfo";
+	public static String OPENID_CONNECT_V10A_USERINFO_URI=DEFAULT_WEB_URL+"/api/connect/v10/userinfo";
 	
 	//action method
 	private HttpVerb method = HttpVerb.GET;
diff --git a/maxkey-client-sdk/src/main/java/org/maxkey/client/oauth/builder/api/ConnsecApi10a.java b/maxkey-client-sdk/src/main/java/org/maxkey/client/oauth/builder/api/ConnsecApi10a.java
index 2750426d..f5eedf26 100644
--- a/maxkey-client-sdk/src/main/java/org/maxkey/client/oauth/builder/api/ConnsecApi10a.java
+++ b/maxkey-client-sdk/src/main/java/org/maxkey/client/oauth/builder/api/ConnsecApi10a.java
@@ -4,7 +4,8 @@ import org.maxkey.client.oauth.model.Token;
 
 public class ConnsecApi10a extends DefaultApi10a
 {
-  private static final String AUTHORIZATION_URL = "http://login.connsec.com/maxkey/oauth/v10a/authz?oauth_token=%s";
+	private static final String DEFAULT_WEB_URL = "http://sso.maxkey.org/maxkey";
+	private static final String AUTHORIZATION_URL = DEFAULT_WEB_URL+"/oauth/v10a/authz?oauth_token=%s";
   
   public ConnsecApi10a() {
 	  
@@ -13,13 +14,13 @@ public class ConnsecApi10a extends DefaultApi10a
 @Override
   public String getAccessTokenEndpoint()
   {
-    return "http://login.connsec.com/maxkey/oauth/v10a/access_token";
+    return DEFAULT_WEB_URL+"/oauth/v10a/access_token";
   }
 
   @Override
   public String getRequestTokenEndpoint()
   {
-    return "http://login.connsec.com/maxkey/oauth/v10a/request_token";
+    return DEFAULT_WEB_URL+"/oauth/v10a/request_token";
   }
   
   @Override
diff --git a/maxkey-client-sdk/src/main/java/org/maxkey/client/oauth/builder/api/ConnsecApi20.java b/maxkey-client-sdk/src/main/java/org/maxkey/client/oauth/builder/api/ConnsecApi20.java
index b9607964..0cbe6d31 100644
--- a/maxkey-client-sdk/src/main/java/org/maxkey/client/oauth/builder/api/ConnsecApi20.java
+++ b/maxkey-client-sdk/src/main/java/org/maxkey/client/oauth/builder/api/ConnsecApi20.java
@@ -9,7 +9,7 @@ import org.maxkey.client.utils.Preconditions;
 
 public class ConnsecApi20 extends DefaultApi20 {
 	//approval_prompt:force or auto
-	private static final String DEFAULT_WEB_URL = "http://login.connsec.com/maxkey";
+	private static final String DEFAULT_WEB_URL = "http://sso.maxkey.org/maxkey";
 	
 	private static final String AUTHORIZATION_URL = "%s/oauth/v20/authorize?client_id=%s&response_type=code&redirect_uri=%s&approval_prompt=auto";
     
diff --git a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
index d0c9be2e..c39ace8e 100644
--- a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
@@ -80,12 +80,23 @@ public abstract class AbstractAuthenticationProvider{
         }
         
         // user authenticated
-        _logger.debug("'{0}' authenticated successfully by {}.", authentication.getPrincipal(), getProviderName());
+        _logger.debug("'{}' authenticated successfully by {}.", authentication.getPrincipal(), getProviderName());
         
         UserInfo userInfo=WebContext.getUserInfo();
+        Object password_set_type=WebContext.getSession().getAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE);
+        //登录完成后切换SESSION
+        _logger.debug("Login  Session {}.", WebContext.getSession().getId());
+        WebContext.getSession().invalidate(); 
         WebContext.setAttribute(WebConstants.CURRENT_USER_SESSION_ID, WebContext.getSession().getId());
+        _logger.debug("Login Success Session {}.", WebContext.getSession().getId());
+        
         authenticationRealm.insertLoginHistory(userInfo,LOGINTYPE.LOCAL,"","xe00000004","success");
         
+        //认证设置
+	    WebContext.setAuthentication(authentication);
+	    WebContext.setUserInfo(userInfo);
+	    WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,password_set_type);
+	    
         // create new authentication response containing the user and it's authorities
         UsernamePasswordAuthenticationToken simpleUserAuthentication = new UsernamePasswordAuthenticationToken(userInfo.getUsername(), authentication.getCredentials(), authentication.getAuthorities());
         return simpleUserAuthentication;
diff --git a/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java b/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java
index 1994d03a..9b200429 100644
--- a/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java
@@ -1,8 +1,10 @@
 package org.maxkey.authn;
 
+import java.util.ArrayList;
 import java.util.Collection;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 public class BasicAuthentication implements Authentication{
 	/**
@@ -17,10 +19,13 @@ public class BasicAuthentication implements Authentication{
     String j_remeberme;
     String j_auth_type;
     String j_jwt_token;
-    
+    ArrayList<GrantedAuthority> grantedAuthority;
     boolean authenticated;
     
 	public BasicAuthentication() {
+		grantedAuthority = new ArrayList<GrantedAuthority>();
+		grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER"));
+		grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER"));
 	}
 
 	@Override
@@ -30,7 +35,7 @@ public class BasicAuthentication implements Authentication{
 
 	@Override
 	public Collection<? extends GrantedAuthority> getAuthorities() {
-		return null;
+		return grantedAuthority;
 	}
 
 	@Override
@@ -122,6 +127,14 @@ public class BasicAuthentication implements Authentication{
 	public void setJ_jwt_token(String j_jwt_token) {
 		this.j_jwt_token = j_jwt_token;
 	}
+	
+	public ArrayList<GrantedAuthority> getGrantedAuthority() {
+		return grantedAuthority;
+	}
+
+	public void setGrantedAuthority(ArrayList<GrantedAuthority> grantedAuthority) {
+		this.grantedAuthority = grantedAuthority;
+	}
 
 	@Override
 	public String toString() {
diff --git a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
index fe9c929f..d1386b24 100644
--- a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
@@ -52,6 +52,7 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
     	authenticationRealm.passwordPolicyValid(userInfo);
     	
     	authenticationRealm.passwordMatches(userInfo, auth.getJ_password());
+    	authenticationRealm.grantAuthority(userInfo);
     	/**
     	 *  put userInfo to current session context
     	 */
@@ -63,9 +64,11 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
 		    	_logger.debug("do Remeber Me");
 		    }
 	    }
+
+	    auth.setAuthenticated(true);
 	    UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =new UsernamePasswordAuthenticationToken(
-				userInfo,
-				auth.getJ_password(),
+	    		auth,
+				"PASSWORD",
 				authenticationRealm.grantAuthorityAndNavs(userInfo));
 	    usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(WebContext.getRequest()));
 	    
diff --git a/maxkey-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java b/maxkey-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java
index 3d91f0a5..832047dd 100644
--- a/maxkey-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java
@@ -69,7 +69,7 @@ public  abstract  class AbstractRemeberMeService {
 			cookie.setMaxAge(maxAge);
 			
 			//cookie.setPath("/");
-			cookie.setDomain("."+applicationConfig.getDomainName());
+			cookie.setDomain(applicationConfig.getDomainName());
 			response.addCookie(cookie);
 			request.getSession().removeAttribute(WebConstants.REMEBER_ME_SESSION);
 		}
@@ -126,7 +126,7 @@ public  abstract  class AbstractRemeberMeService {
 		cookie.setMaxAge(maxAge);
 		
 		//cookie.setPath("/");
-		cookie.setDomain("."+applicationConfig.getDomainName());
+		cookie.setDomain(applicationConfig.getDomainName());
 		response.addCookie(cookie);
 		return true;
  	}
@@ -135,7 +135,7 @@ public  abstract  class AbstractRemeberMeService {
 		Cookie cookie= new Cookie(WebConstants.REMEBER_ME_COOKIE,null);
  		cookie.setMaxAge(0);
 		
-		cookie.setDomain("."+applicationConfig.getDomainName());
+		cookie.setDomain(applicationConfig.getDomainName());
 		response.addCookie(cookie);
 		
 		remove(WebContext.getUserInfo().getUsername());
diff --git a/maxkey-core/src/main/java/org/maxkey/domain/Accounts.java b/maxkey-core/src/main/java/org/maxkey/domain/Accounts.java
index a2371bbc..41c36d5a 100644
--- a/maxkey-core/src/main/java/org/maxkey/domain/Accounts.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/Accounts.java
@@ -2,6 +2,12 @@ package org.maxkey.domain;
 
 import java.io.Serializable;
 
+import javax.persistence.Column;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
 import org.apache.mybatis.jpa.persistence.JpaBaseDomain;
 import org.hibernate.validator.constraints.Length;
 
@@ -15,22 +21,33 @@ import org.hibernate.validator.constraints.Length;
    STATUS	            char(1)                        null
    constraint PK_ROLES primary key clustered (ID)
  */
-public class Accounts extends JpaBaseDomain implements Serializable{
 
+@Table(name = "ACCOUNTS")  
+public class Accounts extends JpaBaseDomain implements Serializable{
 
 	/**
 	 * 
 	 */
 	private static final long serialVersionUID = 6829592256223630307L;
+	@Id
+	@Column
+	@GeneratedValue(strategy=GenerationType.AUTO,generator="uuid")
 	private String id;
+	@Column
 	private String uid;
+	@Column
 	private String username;
+	@Column
 	private String displayName;
+	@Column
 	private String appId;
+	@Column
 	private String appName;
 	
 	@Length(max=60)
+	@Column
 	private String relatedUsername;
+	@Column
 	private String relatedPassword;
 	
 	public Accounts(){
diff --git a/maxkey-core/src/main/java/org/maxkey/domain/LoginAppsHistory.java b/maxkey-core/src/main/java/org/maxkey/domain/LoginAppsHistory.java
index 350545dc..cfd3853c 100644
--- a/maxkey-core/src/main/java/org/maxkey/domain/LoginAppsHistory.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/LoginAppsHistory.java
@@ -1,21 +1,39 @@
 package org.maxkey.domain;
 
+import javax.persistence.Column;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
 import org.apache.mybatis.jpa.persistence.JpaBaseDomain;
 
 /**
  * @author Crystal.Sea
  *
  */
+
+@Table(name = "LOGIN_APPS_HISTORY")  
 public class LoginAppsHistory extends JpaBaseDomain {
 	
 	private static final long serialVersionUID = 5085201575292304749L;
+	@Id
+	@Column
+	@GeneratedValue(strategy=GenerationType.AUTO,generator="uuid")
 	String id;
+	@Column
 	private String sessionId;
+	@Column
 	private String appId;
+	@Column
 	private String appName;
+	@Column
 	private String uid;
+	@Column
 	private String username;
+	@Column
 	private String displayName;
+	@Column
 	private String loginTime;
 	
 	
diff --git a/maxkey-core/src/main/java/org/maxkey/domain/LoginHistory.java b/maxkey-core/src/main/java/org/maxkey/domain/LoginHistory.java
index ef5d19b6..bfab0e76 100644
--- a/maxkey-core/src/main/java/org/maxkey/domain/LoginHistory.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/LoginHistory.java
@@ -2,6 +2,9 @@ package org.maxkey.domain;
 
 import java.io.Serializable;
 
+import javax.persistence.Column;
+import javax.persistence.Table;
+
 import org.apache.mybatis.jpa.persistence.JpaBaseDomain;
 
 
@@ -9,32 +12,42 @@ import org.apache.mybatis.jpa.persistence.JpaBaseDomain;
  * @author Crystal.Sea
  *
  */
+@Table(name = "LOGIN_HISTORY")  
 public class LoginHistory  extends JpaBaseDomain  implements Serializable{
 	
 	/**
 	 * 
 	 */
 	private static final long serialVersionUID = -1321470643357719383L;
-	
+	@Column
 	String sessionId;
+	@Column
 	String uid;
+	@Column
 	String username;
+	@Column
 	String displayName;
-	
+	@Column
 	String loginType;
+	@Column
 	String message;
-	
+	@Column
 	String code;
-	
+	@Column
 	String provider;
-	
+	@Column
 	String sourceIp;
+	@Column
 	String browser;
+	@Column
 	String platform;
+	@Column
 	String application;
+	@Column
 	String loginUrl;
-	
+	@Column
 	String loginTime;
+	@Column
 	String logoutTime;
 	
 	
diff --git a/maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java b/maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java
index e1dd9f96..9eebc2f9 100644
--- a/maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java
@@ -3,6 +3,12 @@ package org.maxkey.domain;
 import java.io.IOException;
 import java.util.HashMap;
 
+import javax.persistence.Column;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
 import org.apache.mybatis.jpa.persistence.JpaBaseDomain;
 import org.codehaus.jackson.annotate.JsonIgnore;
 import org.maxkey.util.StringUtils;
@@ -12,6 +18,7 @@ import org.springframework.web.multipart.MultipartFile;
  * @author Crystal.Sea
  * 
  */
+@Table(name = "USERINFO")  
 public class UserInfo extends JpaBaseDomain {
 
 	/**
@@ -19,8 +26,11 @@ public class UserInfo extends JpaBaseDomain {
 	 */
 	private static final long serialVersionUID = 6402443942083382236L;
 	//
-
+	@Id
+	@Column
+	@GeneratedValue(strategy=GenerationType.AUTO,generator="uuid")
 	String id;
+	@Column
 	protected String 	username;
 	protected String 	password;
 	protected String 	decipherable;
diff --git a/maxkey-core/src/main/java/org/maxkey/domain/apps/Applications.java b/maxkey-core/src/main/java/org/maxkey/domain/apps/Applications.java
index 94b074cd..2c7994cb 100644
--- a/maxkey-core/src/main/java/org/maxkey/domain/apps/Applications.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/Applications.java
@@ -3,12 +3,18 @@ package org.maxkey.domain.apps;
 import java.io.Serializable;
 import java.util.Arrays;
 
+import javax.persistence.Column;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
 import org.apache.mybatis.jpa.persistence.JpaBaseDomain;
 import org.maxkey.constants.BOOLEAN;
 import org.maxkey.domain.Accounts;
 import org.springframework.web.multipart.MultipartFile;
 
-
+@Table(name = "APPLICATIONS")  
 public class Applications extends JpaBaseDomain implements Serializable{
 	
 	/**
@@ -30,7 +36,9 @@ public class Applications extends JpaBaseDomain implements Serializable{
 		public static final int INTRANET=3;
 	}
 	
-	
+	@Id
+	@Column
+	@GeneratedValue(strategy=GenerationType.AUTO,generator="uuid")
 	protected String id;
 	/**
 	 * 
diff --git a/maxkey-core/src/main/java/org/maxkey/domain/apps/CasDetails.java b/maxkey-core/src/main/java/org/maxkey/domain/apps/CasDetails.java
index f596c47f..01e8ca5a 100644
--- a/maxkey-core/src/main/java/org/maxkey/domain/apps/CasDetails.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/CasDetails.java
@@ -1,14 +1,25 @@
 package org.maxkey.domain.apps;
 
+import javax.persistence.Column;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
 
+@Table(name = "CAS_DETAILS")  
 public class CasDetails extends Applications {
 
 	/**
 	 * 
 	 */
 	private static final long serialVersionUID = -4272290765948322084L;
+	@Id
+	@Column
+	@GeneratedValue(strategy=GenerationType.AUTO,generator="uuid")
+	private String id;
+	@Column
 	private String service;
-	
+	@Column
 	private String validation;
 	
 	/**
diff --git a/maxkey-core/src/main/java/org/maxkey/domain/apps/FormBasedDetails.java b/maxkey-core/src/main/java/org/maxkey/domain/apps/FormBasedDetails.java
index c5bb7c84..05cb191b 100644
--- a/maxkey-core/src/main/java/org/maxkey/domain/apps/FormBasedDetails.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/FormBasedDetails.java
@@ -1,20 +1,33 @@
 package org.maxkey.domain.apps;
 
+import javax.persistence.Column;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
 
 /**
  * @author Crystal.Sea
  *
  */
+@Table(name = "FORM_BASED_DETAILS")  
 public class FormBasedDetails  extends Applications {
 	/**
 	 * 
 	 */
 	private static final long serialVersionUID = 563313247706861431L;
+	@Id
+	@Column
+	@GeneratedValue(strategy=GenerationType.AUTO,generator="uuid")
+	protected String id;
 	
-	
+	@Column
 	private String redirectUri;
+	@Column
 	private String usernameMapping;
+	@Column
 	private String passwordMapping;
+	@Column
 	private String authorizeView;
 
 
@@ -81,6 +94,16 @@ public class FormBasedDetails  extends Applications {
 	}
 
 
+	public String getId() {
+		return id;
+	}
+
+
+	public void setId(String id) {
+		this.id = id;
+	}
+
+
 	@Override
 	public String toString() {
 		return "FormBasedDetails [redirectUri=" + redirectUri
diff --git a/maxkey-core/src/main/java/org/maxkey/domain/apps/SAML20Details.java b/maxkey-core/src/main/java/org/maxkey/domain/apps/SAML20Details.java
index e25b1cbf..4fb0512c 100644
--- a/maxkey-core/src/main/java/org/maxkey/domain/apps/SAML20Details.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/SAML20Details.java
@@ -1,19 +1,96 @@
 package org.maxkey.domain.apps;
 
+import java.util.Arrays;
+
+import javax.persistence.Column;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import org.springframework.web.multipart.MultipartFile;
 
 /**
  * @author Crystal.Sea
  *
  */
-public class SAML20Details   extends SAMLBaseDetails {
+@Table(name = "SAML_V20_DETAILS")  
+public class SAML20Details   extends Applications {
 
 	/**
 	 * 
 	 */
 	private static final long serialVersionUID = -291159876339333345L;
+	@Id
+	@Column
+	@GeneratedValue(strategy=GenerationType.AUTO,generator="uuid")
+	protected String id;
+	@Column
+	private String certIssuer;
+	@Column
+	private String certSubject;
+	@Column
+	private String certExpiration;
+	@Column
+	private byte[] keyStore;
 	
+	private String entityId;
+	@Column
+	private String spAcsUrl;
+	@Column
+	private String issuer;
+	@Column
+	private String audience;
+	@Column
+	private String nameidFormat;
+	@Column
+	private String validityInterval;
+	/**
+	 * Redirect-Post
+	 * Post-Post
+	 * IdpInit-Post
+	 * Redirect-PostSimpleSign
+	 * Post-PostSimpleSign
+	 * IdpInit-PostSimpleSign
+	 */
+	@Column
+	private String binding;
+
+	/**
+	 * 0  false
+	 * 1  true
+	 */
+	@Column
+	private int encrypted;
+	
+	/**
+	 * for upload
+	 */
+	@Column
+	private MultipartFile certMetaFile;
+	/**
+	 * metadata or certificate
+	 */
+	@Column
+	private String fileType;
+	
+	/**
+	 * 0 original
+	 * 1 uppercase
+	 * 2 lowercase
+	 */
+	@Column
+	private int nameIdConvert;
 
 	
+	public static class BINDINGTYPE{
+		public String Redirect_Post="Redirect-Post";
+		public String Post_Post="Post-Post";
+		public String IdpInit_Post="IdpInit-Post";
+		public String Redirect_PostSimpleSign="Redirect-PostSimpleSign";
+		public String Post_PostSimpleSign="Post-PostSimpleSign";
+		public String IdpInit_PostSimpleSign="IdpInit-PostSimpleSign";
+	}
 
 	
 	
@@ -25,4 +102,315 @@ public class SAML20Details   extends SAMLBaseDetails {
 
 	}
 
+
+	public String getId() {
+		return id;
+	}
+
+
+	public void setId(String id) {
+		this.id = id;
+	}
+
+
+	/**
+	 * @return the certIssuer
+	 */
+	public String getCertIssuer() {
+		return certIssuer;
+	}
+
+
+
+
+	/**
+	 * @param certIssuer the certIssuer to set
+	 */
+	public void setCertIssuer(String certIssuer) {
+		this.certIssuer = certIssuer;
+	}
+
+
+
+
+	/**
+	 * @return the certSubject
+	 */
+	public String getCertSubject() {
+		return certSubject;
+	}
+
+
+
+
+	/**
+	 * @param certSubject the certSubject to set
+	 */
+	public void setCertSubject(String certSubject) {
+		this.certSubject = certSubject;
+	}
+
+
+
+
+	/**
+	 * @return the certExpiration
+	 */
+	public String getCertExpiration() {
+		return certExpiration;
+	}
+
+
+
+
+	/**
+	 * @param certExpiration the certExpiration to set
+	 */
+	public void setCertExpiration(String certExpiration) {
+		this.certExpiration = certExpiration;
+	}
+
+
+
+
+	/**
+	 * @return the keyStore
+	 */
+	public byte[] getKeyStore() {
+		return keyStore;
+	}
+
+
+
+
+	/**
+	 * @param keyStore the keyStore to set
+	 */
+	public void setKeyStore(byte[] keyStore) {
+		this.keyStore = keyStore;
+	}
+
+
+
+
+	/**
+	 * @return the entityId
+	 */
+	public String getEntityId() {
+		return entityId;
+	}
+
+
+
+
+	/**
+	 * @param entityId the entityId to set
+	 */
+	public void setEntityId(String entityId) {
+		this.entityId = entityId;
+	}
+
+
+
+
+	/**
+	 * @return the spAcsUrl
+	 */
+	public String getSpAcsUrl() {
+		return spAcsUrl;
+	}
+
+
+
+
+	/**
+	 * @param spAcsUrl the spAcsUrl to set
+	 */
+	public void setSpAcsUrl(String spAcsUrl) {
+		this.spAcsUrl = spAcsUrl;
+	}
+
+
+
+
+	/**
+	 * @return the issuer
+	 */
+	public String getIssuer() {
+		return issuer;
+	}
+
+
+
+
+	/**
+	 * @param issuer the issuer to set
+	 */
+	public void setIssuer(String issuer) {
+		this.issuer = issuer;
+	}
+
+
+
+
+
+	/**
+	 * @return the audience
+	 */
+	public String getAudience() {
+		return audience;
+	}
+
+
+
+
+	/**
+	 * @param audience the audience to set
+	 */
+	public void setAudience(String audience) {
+		this.audience = audience;
+	}
+
+
+
+
+	/**
+	 * @return the nameidFormat
+	 */
+	public String getNameidFormat() {
+		return nameidFormat;
+	}
+
+
+
+
+	/**
+	 * @param nameidFormat the nameidFormat to set
+	 */
+	public void setNameidFormat(String nameidFormat) {
+		this.nameidFormat = nameidFormat;
+	}
+
+
+
+
+	/**
+	 * @return the validityInterval
+	 */
+	public String getValidityInterval() {
+		return validityInterval;
+	}
+
+
+
+
+	/**
+	 * @param validityInterval the validityInterval to set
+	 */
+	public void setValidityInterval(String validityInterval) {
+		this.validityInterval = validityInterval;
+	}
+
+
+
+
+	/**
+	 * @return the certMetaFile
+	 */
+	public MultipartFile getCertMetaFile() {
+		return certMetaFile;
+	}
+
+
+
+
+	/**
+	 * @param certMetaFile the certMetaFile to set
+	 */
+	public void setCertMetaFile(MultipartFile certMetaFile) {
+		this.certMetaFile = certMetaFile;
+	}
+
+
+
+
+	/**
+	 * @return the fileType
+	 */
+	public String getFileType() {
+		return fileType;
+	}
+
+
+
+
+	/**
+	 * @param fileType the fileType to set
+	 */
+	public void setFileType(String fileType) {
+		this.fileType = fileType;
+	}
+
+
+
+
+	public String getBinding() {
+		return binding;
+	}
+
+
+
+
+	public void setBinding(String binding) {
+		this.binding = binding;
+	}
+
+
+	public int getEncrypted() {
+		return encrypted;
+	}
+
+
+
+
+	public void setEncrypted(int encrypted) {
+		this.encrypted = encrypted;
+	}
+
+
+
+
+	public int getNameIdConvert() {
+		return nameIdConvert;
+	}
+
+
+
+
+	public void setNameIdConvert(int nameIdConvert) {
+		this.nameIdConvert = nameIdConvert;
+	}
+
+
+	/* (non-Javadoc)
+	 * @see java.lang.Object#toString()
+	 */
+	@Override
+	public String toString() {
+		return "SAMLBaseDetails [certIssuer=" + certIssuer + ", certSubject="
+				+ certSubject + ", certExpiration=" + certExpiration
+				+ ", keyStore=" + Arrays.toString(keyStore) + ", entityId="
+				+ entityId + ", spAcsUrl=" + spAcsUrl + ", issuer=" + issuer
+				+ ", audience=" + audience + ", nameidFormat=" + nameidFormat
+				+ ", validityInterval=" + validityInterval + ", binding="
+				+ binding + ", encrypted=" + encrypted + ", certMetaFile="
+				+ certMetaFile + ", fileType=" + fileType + ", nameIdConvert="
+				+ nameIdConvert + "]";
+	}
+	
+
+	
+	
+
+
 }
diff --git a/maxkey-core/src/main/java/org/maxkey/domain/apps/SAMLBaseDetails.java b/maxkey-core/src/main/java/org/maxkey/domain/apps/SAMLBaseDetails.java
deleted file mode 100644
index 6092644f..00000000
--- a/maxkey-core/src/main/java/org/maxkey/domain/apps/SAMLBaseDetails.java
+++ /dev/null
@@ -1,378 +0,0 @@
-package org.maxkey.domain.apps;
-
-import java.util.Arrays;
-
-import org.springframework.web.multipart.MultipartFile;
-
-
-/**
- * @author Crystal.Sea
- *
- */
-public class SAMLBaseDetails  extends Applications {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -1091817972127532386L;
-	
-	private String certIssuer;
-	private String certSubject;
-	private String certExpiration;
-	private byte[] keyStore;
-	
-	private String entityId;
-	private String spAcsUrl;
-	private String issuer;
-	private String audience;
-	private String nameidFormat;
-	private String validityInterval;
-	/**
-	 * Redirect-Post
-	 * Post-Post
-	 * IdpInit-Post
-	 * Redirect-PostSimpleSign
-	 * Post-PostSimpleSign
-	 * IdpInit-PostSimpleSign
-	 */
-	private String binding;
-
-	/**
-	 * 0  false
-	 * 1  true
-	 */
-	private int encrypted;
-	
-	/**
-	 * for upload
-	 */
-	private MultipartFile certMetaFile;
-	/**
-	 * metadata or certificate
-	 */
-	private String fileType;
-	
-	/**
-	 * 0 original
-	 * 1 uppercase
-	 * 2 lowercase
-	 */
-	private int nameIdConvert;
-
-	
-	public static class BINDINGTYPE{
-		public String Redirect_Post="Redirect-Post";
-		public String Post_Post="Post-Post";
-		public String IdpInit_Post="IdpInit-Post";
-		public String Redirect_PostSimpleSign="Redirect-PostSimpleSign";
-		public String Post_PostSimpleSign="Post-PostSimpleSign";
-		public String IdpInit_PostSimpleSign="IdpInit-PostSimpleSign";
-	}
-
-	
-	
-	/**
-	 * 
-	 */
-	public SAMLBaseDetails() {
-		super();
-
-	}
-
-
-	/**
-	 * @return the certIssuer
-	 */
-	public String getCertIssuer() {
-		return certIssuer;
-	}
-
-
-
-
-	/**
-	 * @param certIssuer the certIssuer to set
-	 */
-	public void setCertIssuer(String certIssuer) {
-		this.certIssuer = certIssuer;
-	}
-
-
-
-
-	/**
-	 * @return the certSubject
-	 */
-	public String getCertSubject() {
-		return certSubject;
-	}
-
-
-
-
-	/**
-	 * @param certSubject the certSubject to set
-	 */
-	public void setCertSubject(String certSubject) {
-		this.certSubject = certSubject;
-	}
-
-
-
-
-	/**
-	 * @return the certExpiration
-	 */
-	public String getCertExpiration() {
-		return certExpiration;
-	}
-
-
-
-
-	/**
-	 * @param certExpiration the certExpiration to set
-	 */
-	public void setCertExpiration(String certExpiration) {
-		this.certExpiration = certExpiration;
-	}
-
-
-
-
-	/**
-	 * @return the keyStore
-	 */
-	public byte[] getKeyStore() {
-		return keyStore;
-	}
-
-
-
-
-	/**
-	 * @param keyStore the keyStore to set
-	 */
-	public void setKeyStore(byte[] keyStore) {
-		this.keyStore = keyStore;
-	}
-
-
-
-
-	/**
-	 * @return the entityId
-	 */
-	public String getEntityId() {
-		return entityId;
-	}
-
-
-
-
-	/**
-	 * @param entityId the entityId to set
-	 */
-	public void setEntityId(String entityId) {
-		this.entityId = entityId;
-	}
-
-
-
-
-	/**
-	 * @return the spAcsUrl
-	 */
-	public String getSpAcsUrl() {
-		return spAcsUrl;
-	}
-
-
-
-
-	/**
-	 * @param spAcsUrl the spAcsUrl to set
-	 */
-	public void setSpAcsUrl(String spAcsUrl) {
-		this.spAcsUrl = spAcsUrl;
-	}
-
-
-
-
-	/**
-	 * @return the issuer
-	 */
-	public String getIssuer() {
-		return issuer;
-	}
-
-
-
-
-	/**
-	 * @param issuer the issuer to set
-	 */
-	public void setIssuer(String issuer) {
-		this.issuer = issuer;
-	}
-
-
-
-
-
-	/**
-	 * @return the audience
-	 */
-	public String getAudience() {
-		return audience;
-	}
-
-
-
-
-	/**
-	 * @param audience the audience to set
-	 */
-	public void setAudience(String audience) {
-		this.audience = audience;
-	}
-
-
-
-
-	/**
-	 * @return the nameidFormat
-	 */
-	public String getNameidFormat() {
-		return nameidFormat;
-	}
-
-
-
-
-	/**
-	 * @param nameidFormat the nameidFormat to set
-	 */
-	public void setNameidFormat(String nameidFormat) {
-		this.nameidFormat = nameidFormat;
-	}
-
-
-
-
-	/**
-	 * @return the validityInterval
-	 */
-	public String getValidityInterval() {
-		return validityInterval;
-	}
-
-
-
-
-	/**
-	 * @param validityInterval the validityInterval to set
-	 */
-	public void setValidityInterval(String validityInterval) {
-		this.validityInterval = validityInterval;
-	}
-
-
-
-
-	/**
-	 * @return the certMetaFile
-	 */
-	public MultipartFile getCertMetaFile() {
-		return certMetaFile;
-	}
-
-
-
-
-	/**
-	 * @param certMetaFile the certMetaFile to set
-	 */
-	public void setCertMetaFile(MultipartFile certMetaFile) {
-		this.certMetaFile = certMetaFile;
-	}
-
-
-
-
-	/**
-	 * @return the fileType
-	 */
-	public String getFileType() {
-		return fileType;
-	}
-
-
-
-
-	/**
-	 * @param fileType the fileType to set
-	 */
-	public void setFileType(String fileType) {
-		this.fileType = fileType;
-	}
-
-
-
-
-	public String getBinding() {
-		return binding;
-	}
-
-
-
-
-	public void setBinding(String binding) {
-		this.binding = binding;
-	}
-
-
-	public int getEncrypted() {
-		return encrypted;
-	}
-
-
-
-
-	public void setEncrypted(int encrypted) {
-		this.encrypted = encrypted;
-	}
-
-
-
-
-	public int getNameIdConvert() {
-		return nameIdConvert;
-	}
-
-
-
-
-	public void setNameIdConvert(int nameIdConvert) {
-		this.nameIdConvert = nameIdConvert;
-	}
-
-
-	/* (non-Javadoc)
-	 * @see java.lang.Object#toString()
-	 */
-	@Override
-	public String toString() {
-		return "SAMLBaseDetails [certIssuer=" + certIssuer + ", certSubject="
-				+ certSubject + ", certExpiration=" + certExpiration
-				+ ", keyStore=" + Arrays.toString(keyStore) + ", entityId="
-				+ entityId + ", spAcsUrl=" + spAcsUrl + ", issuer=" + issuer
-				+ ", audience=" + audience + ", nameidFormat=" + nameidFormat
-				+ ", validityInterval=" + validityInterval + ", binding="
-				+ binding + ", encrypted=" + encrypted + ", certMetaFile="
-				+ certMetaFile + ", fileType=" + fileType + ", nameIdConvert="
-				+ nameIdConvert + "]";
-	}
-
-}
diff --git a/maxkey-core/src/main/java/org/maxkey/domain/apps/TokenBasedDetails.java b/maxkey-core/src/main/java/org/maxkey/domain/apps/TokenBasedDetails.java
index cb2b3733..983e419c 100644
--- a/maxkey-core/src/main/java/org/maxkey/domain/apps/TokenBasedDetails.java
+++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/TokenBasedDetails.java
@@ -3,11 +3,17 @@
  */
 package org.maxkey.domain.apps;
 
+import javax.persistence.Column;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
 
 /**
  * @author Crystal.Sea
  *
  */
+@Table(name = "TOKEN_BASED_DETAILS") 
 public class TokenBasedDetails  extends Applications {
 
 	/**
@@ -15,23 +21,39 @@ public class TokenBasedDetails  extends Applications {
 	 */
 	private static final long serialVersionUID = -1717427271305620545L;
 
+	@Id
+	@Column
+	@GeneratedValue(strategy=GenerationType.AUTO,generator="uuid")
+	protected String id;
 	/**
 	 * 
 	 */
+	@Column
 	private String redirectUri;
 	//
+	@Column
 	private String cookieName;
+	@Column
 	private String algorithm;
+	@Column
 	private String algorithmKey;
+	@Column
 	private String expires;
 	
 	//
+	@Column
 	private int uid;
+	@Column
 	private int username;
+	@Column
 	private int email;
+	@Column
 	private int windowsAccount;
+	@Column
 	private int employeeNumber;
+	@Column
 	private int departmentId;
+	@Column
 	private int department;
 	
 	
diff --git a/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java b/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java
index 52520218..d305e2ca 100644
--- a/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java
+++ b/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java
@@ -53,4 +53,6 @@ public class WebConstants {
 	
 	public static final String CURRENT_SINGLESIGNON_URI				=	"current_singlesignon_uri";
 	
+	public static final String AUTHENTICATION						=	"current_authentication";
+	
 }
diff --git a/maxkey-core/src/main/java/org/maxkey/web/WebContext.java b/maxkey-core/src/main/java/org/maxkey/web/WebContext.java
index d2e24e06..a9ee4d50 100644
--- a/maxkey-core/src/main/java/org/maxkey/web/WebContext.java
+++ b/maxkey-core/src/main/java/org/maxkey/web/WebContext.java
@@ -147,11 +147,15 @@ public final class WebContext {
 	    }
 	    return true;
 	  }
+
+	public static void setAuthentication(Authentication authentication) {
+		setAttribute(WebConstants.AUTHENTICATION,authentication);
+	}
 	
-	public static Authentication getAuthentication(){
-	      UsernamePasswordAuthenticationToken authentication =(UsernamePasswordAuthenticationToken)SecurityContextHolder.getContext().getAuthentication();
-	      return authentication;
-	  }
+	public static Authentication getAuthentication() {
+		Authentication authentication = (Authentication)getAttribute(WebConstants.AUTHENTICATION);
+		return authentication;
+	}
 	  
 	  public static boolean isAuthenticated(){
 	    if (getUserInfo() != null) {
diff --git a/maxkey-dao/.classpath b/maxkey-dao/.classpath
index 467ef2f2..540156aa 100644
--- a/maxkey-dao/.classpath
+++ b/maxkey-dao/.classpath
@@ -12,6 +12,18 @@
 			<attribute name="gradle_used_by_scope" value="main,test"/>
 		</attributes>
 	</classpathentry>
+	<classpathentry kind="src" output="bin/test" path="src/test/java">
+		<attributes>
+			<attribute name="gradle_scope" value="test"/>
+			<attribute name="gradle_used_by_scope" value="test"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="src" output="bin/test" path="src/test/resources">
+		<attributes>
+			<attribute name="gradle_scope" value="test"/>
+			<attribute name="gradle_used_by_scope" value="test"/>
+		</attributes>
+	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8/"/>
 	<classpathentry kind="con" path="org.eclipse.buildship.core.gradleclasspathcontainer"/>
 	<classpathentry kind="output" path="bin/default"/>
diff --git a/maxkey-dao/.settings/org.eclipse.wst.common.component b/maxkey-dao/.settings/org.eclipse.wst.common.component
index bc78e037..b9758908 100644
--- a/maxkey-dao/.settings/org.eclipse.wst.common.component
+++ b/maxkey-dao/.settings/org.eclipse.wst.common.component
@@ -2,5 +2,7 @@
     <wb-module deploy-name="maxkey-dao">
         <wb-resource deploy-path="/" source-path="/src/main/java"/>
         <wb-resource deploy-path="/" source-path="/src/main/resources"/>
+        <wb-resource deploy-path="/" source-path="/src/test/java"/>
+        <wb-resource deploy-path="/" source-path="/src/test/resources"/>
     </wb-module>
 </project-modules>
diff --git a/maxkey-dao/src/main/java/org/maxkey/dao/persistence/MyAppsListMapper.java b/maxkey-dao/src/main/java/org/maxkey/dao/persistence/MyAppsListMapper.java
index 5bce30dd..5ba10635 100644
--- a/maxkey-dao/src/main/java/org/maxkey/dao/persistence/MyAppsListMapper.java
+++ b/maxkey-dao/src/main/java/org/maxkey/dao/persistence/MyAppsListMapper.java
@@ -3,6 +3,8 @@
  */
 package org.maxkey.dao.persistence;
 
+import java.util.List;
+
 import org.apache.mybatis.jpa.persistence.IJpaBaseMapper;
 import org.maxkey.domain.apps.UserApplications;
 
@@ -12,5 +14,5 @@ import org.maxkey.domain.apps.UserApplications;
  */
 public  interface MyAppsListMapper extends IJpaBaseMapper<UserApplications> {
 	
-
+	public List<UserApplications> queryMyApps(UserApplications userApplications);
 }
diff --git a/maxkey-dao/src/main/java/org/maxkey/dao/service/MyAppsListService.java b/maxkey-dao/src/main/java/org/maxkey/dao/service/MyAppsListService.java
index dbf52d71..ba761ce6 100644
--- a/maxkey-dao/src/main/java/org/maxkey/dao/service/MyAppsListService.java
+++ b/maxkey-dao/src/main/java/org/maxkey/dao/service/MyAppsListService.java
@@ -1,5 +1,7 @@
 package org.maxkey.dao.service;
 
+import java.util.List;
+
 import org.apache.mybatis.jpa.persistence.JpaBaseService;
 import org.maxkey.dao.persistence.MyAppsListMapper;
 import org.maxkey.domain.apps.UserApplications;
@@ -12,6 +14,9 @@ public class MyAppsListService  extends JpaBaseService<UserApplications>{
 		super(MyAppsListMapper.class);
 	}
 
+	public List<UserApplications> queryMyApps(UserApplications userApplications){
+		return getMapper().queryMyApps(userApplications);
+	}
 	/* (non-Javadoc)
 	 * @see com.connsec.db.service.BaseService#getMapper()
 	 */
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/DesktopDetailsMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/DesktopDetailsMapper.xml
index 611cff44..dc830d5f 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/DesktopDetailsMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/DesktopDetailsMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.DesktopDetailsMapper">
+<mapper namespace="org.maxkey.dao.persistence.DesktopDetailsMapper">
 
 	
 </mapper>
\ No newline at end of file
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/ForgotPasswordMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/ForgotPasswordMapper.xml
index 9f7305ec..1fdf3e8a 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/ForgotPasswordMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/ForgotPasswordMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.ForgotPasswordMapper">
+<mapper namespace="org.maxkey.dao.persistence.ForgotPasswordMapper">
 
 	<select id="queryUserInfoByEmail" parameterType="string" resultType="UserInfo">
 		SELECT
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/FormBasedDetailsMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/FormBasedDetailsMapper.xml
index 53c2383c..afbf9902 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/FormBasedDetailsMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/FormBasedDetailsMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.FormBasedDetailsMapper">
+<mapper namespace="org.maxkey.dao.persistence.FormBasedDetailsMapper">
 
 	
 </mapper>
\ No newline at end of file
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/GroupMemberMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/GroupMemberMapper.xml
index e939c3cf..5f2ed6ac 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/GroupMemberMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/GroupMemberMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.GroupMemberMapper">
+<mapper namespace="org.maxkey.dao.persistence.GroupMemberMapper">
 
 	<sql id="where_statement">
     	<if test="id != null and id != ''">
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/GroupsMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/GroupsMapper.xml
index bbdccfba..193b5e5b 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/GroupsMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/GroupsMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.GroupsMapper">
+<mapper namespace="org.maxkey.dao.persistence.GroupsMapper">
 
 	<sql id="where_statement">
     	<if test="id != null and id != ''">
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/IpAddrFilterMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/IpAddrFilterMapper.xml
index 521b9826..22b12a95 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/IpAddrFilterMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/IpAddrFilterMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.IpAddrFilterMapper">
+<mapper namespace="org.maxkey.dao.persistence.IpAddrFilterMapper">
 	<sql id="where_statement">
     	<if test="id != null and id != ''">
 			AND	ID	=	#{id}
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/LoginAppsHistoryMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/LoginAppsHistoryMapper.xml
index 5f21392f..d07cf6be 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/LoginAppsHistoryMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/LoginAppsHistoryMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.LoginAppsHistoryMapper" >
+<mapper namespace="org.maxkey.dao.persistence.LoginAppsHistoryMapper" >
 
 	<sql id="dao_where_statement">
     	<if test="id != null and id != ''">
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/LoginHistoryMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/LoginHistoryMapper.xml
index bc2cc67a..7a736d7f 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/LoginHistoryMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/LoginHistoryMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.LoginHistoryMapper" >
+<mapper namespace="org.maxkey.dao.persistence.LoginHistoryMapper" >
 
 	<sql id="dao_where_statement">
     	<if test="id != null and id != ''">
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/LogsMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/LogsMapper.xml
index e297bedd..e8e3739c 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/LogsMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/LogsMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.LogsMapper" >
+<mapper namespace="org.maxkey.dao.persistence.LogsMapper" >
 
 	<sql id="where_statement">
     	<if test="id != null and id != ''">
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/MyAppsListMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/MyAppsListMapper.xml
index dc2b5d56..b890d626 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/MyAppsListMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/MyAppsListMapper.xml
@@ -2,7 +2,7 @@
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
 <mapper namespace="org.maxkey.dao.persistence.MyAppsListMapper">
 
-	<select id="query" parameterType="UserApplications" resultType="UserApplications">
+	<select id="queryMyApps" parameterType="UserApplications" resultType="UserApplications">
 		SELECT DISTINCT
 			APP.*
 		FROM
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/MyProfileMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/MyProfileMapper.xml
index 6c805bb1..62ecc8e7 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/MyProfileMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/MyProfileMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.MyProfileMapper">
+<mapper namespace="org.maxkey.dao.persistence.MyProfileMapper">
 
 	<update id="updateBasic" parameterType="UserInfo" >
     	UPDATE USERINFO SET
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/NavigationsMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/NavigationsMapper.xml
index 3b599294..3b03b12f 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/NavigationsMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/NavigationsMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.NavigationsMapper" >
+<mapper namespace="org.maxkey.dao.persistence.NavigationsMapper" >
 
 	<sql id="dao_where_statement">
     	<if test="id != null and id != ''">
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/Oauth10aDetailsMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/Oauth10aDetailsMapper.xml
deleted file mode 100644
index 06a008d2..00000000
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/Oauth10aDetailsMapper.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.Oauth10aDetailsMapper">
-
-</mapper>
\ No newline at end of file
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/OrganizationsMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/OrganizationsMapper.xml
index d2a6bc41..d1bd5431 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/OrganizationsMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/OrganizationsMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.OrganizationsMapper" >
+<mapper namespace="org.maxkey.dao.persistence.OrganizationsMapper" >
 
 	<sql id="dao_where_statement">
     	<if test="id != null and id != ''">
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/PasswordPolicyMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/PasswordPolicyMapper.xml
index f7749133..ac447263 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/PasswordPolicyMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/PasswordPolicyMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.PasswordPolicyMapper" >
+<mapper namespace="org.maxkey.dao.persistence.PasswordPolicyMapper" >
 	
    
 </mapper>
\ No newline at end of file
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/RegistrationMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/RegistrationMapper.xml
index d2238a0d..9520d82d 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/RegistrationMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/RegistrationMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.RegistrationMapper">
+<mapper namespace="org.maxkey.dao.persistence.RegistrationMapper">
 	
 	<select id="queryUserInfoByEmail" parameterType="string" resultType="UserInfo">
 		SELECT
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/ReportMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/ReportMapper.xml
index 102495d6..82a02d68 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/ReportMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/ReportMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.ReportMapper" >
+<mapper namespace="org.maxkey.dao.persistence.ReportMapper" >
 
 	<select id="analysisDay" parameterType="String" resultType="Map">
     	SELECT 
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/RoleNavMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/RoleNavMapper.xml
index d93c602b..a78a01a2 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/RoleNavMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/RoleNavMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.RoleNavMapper" >
+<mapper namespace="org.maxkey.dao.persistence.RoleNavMapper" >
 	<sql id="sql_condition">
 		WHERE	1	=	1
     	<if test="id != null">
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/RoleUserMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/RoleUserMapper.xml
index 7e801eac..505a58bd 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/RoleUserMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/RoleUserMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.RoleUserMapper" >
+<mapper namespace="org.maxkey.dao.persistence.RoleUserMapper" >
 	<sql id="sql_condition">
 		WHERE	1	=	1
     	<if test="id != null">
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/RolesMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/RolesMapper.xml
index b947fd4c..68b1d012 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/RolesMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/RolesMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.RolesMapper" >
+<mapper namespace="org.maxkey.dao.persistence.RolesMapper" >
 	<sql id="sql_condition">
 		WHERE	1	=	1
     	<if test="id != null">
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/Saml20DetailsMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/Saml20DetailsMapper.xml
index 669507b2..ebaba411 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/Saml20DetailsMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/Saml20DetailsMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.Saml20DetailsMapper">
+<mapper namespace="org.maxkey.dao.persistence.Saml20DetailsMapper">
 
 	
     
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/Saml20MetadataMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/Saml20MetadataMapper.xml
index 05676853..a654f095 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/Saml20MetadataMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/Saml20MetadataMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.Saml20MetadataMapper">
+<mapper namespace="org.maxkey.dao.persistence.Saml20MetadataMapper">
 
 	
 </mapper>
\ No newline at end of file
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/TokenBasedDetailsMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/TokenBasedDetailsMapper.xml
index 431f2e0e..d8789683 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/TokenBasedDetailsMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/TokenBasedDetailsMapper.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="com.connsec.dao.persistence.TokenBasedDetailsMapper">
+<mapper namespace="org.maxkey.dao.persistence.TokenBasedDetailsMapper">
 
 	
 </mapper>
\ No newline at end of file
diff --git a/maxkey-dao/src/test/java/org/apache/mybatis/jpa/test/AccountsServiceTest.java b/maxkey-dao/src/test/java/org/apache/mybatis/jpa/test/AccountsServiceTest.java
new file mode 100644
index 00000000..8c829c8d
--- /dev/null
+++ b/maxkey-dao/src/test/java/org/apache/mybatis/jpa/test/AccountsServiceTest.java
@@ -0,0 +1,91 @@
+package org.apache.mybatis.jpa.test;
+
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import org.apache.mybatis.jpa.util.WebContext;
+import org.junit.Before;
+import org.junit.Test;
+import org.maxkey.dao.service.AccountsService;
+import org.maxkey.dao.service.FormBasedDetailsService;
+import org.maxkey.domain.Accounts;
+import org.maxkey.domain.apps.FormBasedDetails;
+import org.maxkey.util.PathUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+public class AccountsServiceTest {
+	
+	private static final Logger _logger = LoggerFactory.getLogger(AccountsServiceTest.class);
+	
+	public static ApplicationContext context;
+	
+	public static AccountsService service;
+	
+	public AccountsService getservice() {
+		service=(AccountsService)WebContext.getBean("accountsService");
+		return service;
+	}
+	
+
+	@Test
+	public void get() throws Exception{
+		_logger.info("get...");
+		Accounts accounts=service.get("26b1c864-ae81-4b1f-9355-74c4c699cb6b");
+		
+		 _logger.info("accounts "+accounts);
+
+	}
+	
+	@Test
+	public void load() throws Exception{
+		_logger.info("get...");
+		Accounts queryAccounts=new Accounts("7BF5315CA1004CDB8E614B0361C4D46B","fe86db85-5475-4494-b5aa-dbd3b886ff64");
+		Accounts accounts=service.load(queryAccounts);
+		
+		 _logger.info("accounts "+accounts);
+
+	}
+	
+	
+	@Test
+	public void findAll() throws Exception{
+		_logger.info("findAll...");
+		_logger.info("findAll "+service.findAll());
+	}
+	
+	@Before
+	public void initSpringContext(){
+		if(context!=null) return;
+		_logger.info("init Spring Context...");
+		SimpleDateFormat sdf_ymdhms =new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+		String startTime=sdf_ymdhms.format(new Date());
+
+		try{
+			AccountsServiceTest runner=new AccountsServiceTest();
+			runner.init();
+			
+		}catch(Exception e){
+			e.printStackTrace();
+		}
+		
+		_logger.info("-- --Init Start at " + startTime+" , End at  "+sdf_ymdhms.format(new Date()));
+	}
+	
+	//Initialization ApplicationContext for Project
+	public void init(){
+		_logger.info("init ...");
+		
+		_logger.info("Application dir "+System.getProperty("user.dir"));
+		context = new ClassPathXmlApplicationContext(new String[] {"spring/applicationContext.xml"});
+		WebContext.applicationContext=context;
+		getservice();
+		System.out.println("init ...");
+		
+	}
+	
+}
diff --git a/maxkey-dao/src/test/java/org/apache/mybatis/jpa/test/FormBasedDetailsServiceTest.java b/maxkey-dao/src/test/java/org/apache/mybatis/jpa/test/FormBasedDetailsServiceTest.java
new file mode 100644
index 00000000..edcdf998
--- /dev/null
+++ b/maxkey-dao/src/test/java/org/apache/mybatis/jpa/test/FormBasedDetailsServiceTest.java
@@ -0,0 +1,141 @@
+package org.apache.mybatis.jpa.test;
+
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import org.apache.mybatis.jpa.util.WebContext;
+import org.junit.Before;
+import org.junit.Test;
+import org.maxkey.dao.service.FormBasedDetailsService;
+import org.maxkey.domain.apps.FormBasedDetails;
+import org.maxkey.util.PathUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+public class FormBasedDetailsServiceTest {
+	
+	private static final Logger _logger = LoggerFactory.getLogger(FormBasedDetailsServiceTest.class);
+	
+	public static ApplicationContext context;
+	
+	public static FormBasedDetailsService service;
+	
+	public FormBasedDetailsService getservice() {
+		service=(FormBasedDetailsService)WebContext.getBean("formBasedDetailsService");
+		return service;
+	}
+	
+	@Test
+	public void insert() throws Exception{
+		_logger.info("insert...");
+		
+		FormBasedDetails formBasedDetails=new FormBasedDetails();
+		
+		service.insert(formBasedDetails);
+		
+		Thread.sleep(1000);
+		service.remove(formBasedDetails.getId());
+		
+	}
+	
+	@Test
+	public void get() throws Exception{
+		_logger.info("get...");
+		FormBasedDetails formBasedDetails=service.get("850379a1-7923-4f6b-90be-d363b2dfd2ca");
+		
+		 _logger.info("formBasedDetails "+formBasedDetails);
+
+	}
+	
+	
+	@Test
+	public void remove() throws Exception{
+		
+		_logger.info("remove...");
+		FormBasedDetails formBasedDetails=new FormBasedDetails();
+		formBasedDetails.setId("921d3377-937a-4578-b1e2-92fb23b5e512");
+		service.remove(formBasedDetails.getId());
+		
+	}
+	
+	@Test
+	public void batchDelete() throws Exception{
+		_logger.info("batchDelete...");	
+		List<String> idList=new ArrayList<String>();
+		idList.add("8584804d-b5ac-45d2-9f91-4dd8e7a090a7");
+		idList.add("ab7422e9-a91a-4840-9e59-9d911257c918");
+		idList.add("12b6ceb8-573b-4f01-ad85-cfb24cfa007c");
+		idList.add("dafd5ba4-d2e3-4656-bd42-178841e610fe");
+		service.batchDelete(idList);
+	}
+
+	@Test
+	public void queryPageResults() throws Exception{
+		
+		_logger.info("queryPageResults...");
+		FormBasedDetails formBasedDetails=new FormBasedDetails();
+		 //student.setId("af04d610-6092-481e-9558-30bd63ef783c");
+		// student.setStdGender("M");
+		 //student.setStdMajor(政治");
+		 //student.setPageResults(10);
+		 //student.setPage(2);
+		 //_logger.info("queryPageResults "+service.queryPageResults(formBasedDetails));
+	}
+	
+	@Test
+	public void queryPageResultsByMapperId() throws Exception{
+
+		_logger.info("queryPageResults by mapperId...");
+		 FormBasedDetails formBasedDetails=new FormBasedDetails();
+		// student.setStdGender("M");
+		 //student.setStdMajor(政治");
+		// student.setPageResults(10);
+		// student.setPage(2);
+		 
+		 //_logger.info("queryPageResults by mapperId "+service.queryPageResults("queryPageResults1",formBasedDetails));
+		 
+	}
+	
+	
+	
+	@Test
+	public void findAll() throws Exception{
+		_logger.info("findAll...");
+		_logger.info("findAll "+service.findAll());
+	}
+	
+	@Before
+	public void initSpringContext(){
+		if(context!=null) return;
+		_logger.info("init Spring Context...");
+		SimpleDateFormat sdf_ymdhms =new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+		String startTime=sdf_ymdhms.format(new Date());
+
+		try{
+			FormBasedDetailsServiceTest runner=new FormBasedDetailsServiceTest();
+			runner.init();
+			
+		}catch(Exception e){
+			e.printStackTrace();
+		}
+		
+		_logger.info("-- --Init Start at " + startTime+" , End at  "+sdf_ymdhms.format(new Date()));
+	}
+	
+	//Initialization ApplicationContext for Project
+	public void init(){
+		_logger.info("init ...");
+		
+		_logger.info("Application dir "+System.getProperty("user.dir"));
+		context = new ClassPathXmlApplicationContext(new String[] {"spring/applicationContext.xml"});
+		WebContext.applicationContext=context;
+		getservice();
+		System.out.println("init ...");
+		
+	}
+	
+}
diff --git a/maxkey-dao/src/test/resources/config/applicationConfig.properties b/maxkey-dao/src/test/resources/config/applicationConfig.properties
new file mode 100644
index 00000000..c3ab4e03
--- /dev/null
+++ b/maxkey-dao/src/test/resources/config/applicationConfig.properties
@@ -0,0 +1,29 @@
+############################################################################
+#                DataBase configuration  
+############################################################################
+#db2,derby,mysql,oracle,postgresql,sqlserver 
+config.datasource.database=mysql
+# JDBC Driver                                                              
+#     for MySql         com.mysql.jdbc.Driver                              
+#     for oracle        oracle.jdbc.driver.OracleDriver                    
+#     for DB2           com.ibm.db2.jdbc.app.DB2Driver   
+#						com.ibm.db2.jcc.DB2Driver                  
+#     for SqlServer     com.microsoft.jdbc.sqlserver.SQLServerDriver        
+#     for SyBase        com.sybase.jdbc.SybDriver                          
+#     for PostgreSQL    org.postgresql.Driver        
+#	  for Derby			org.apache.derby.jdbc.ClientDriver  
+# JDBC URL
+#    you need database hostname,port,databasename
+#     for MySql           jdbc:mysql://hostname:port/secdb
+#     for oracle          jdbc:oracle:thin:@hostname:port:secdb
+#     for DB2             jdbc:db2://hostname:port/secdb
+#     for SqlServer       jdbc:microsoft:sqlserver://hostname:port;DatabaseName=secdb
+#     for SyBase          jdbc:sybase:Tds:hostname:port/secdb
+#	  for Derby			  jdbc:derby://localhost:1527/secdb
+#
+config.datasource.driverclass=com.mysql.jdbc.Driver
+config.datasource.url=jdbc:mysql://localhost/maxkey?autoReconnect=true&characterEncoding=UTF-8
+config.datasource.username=root
+config.datasource.password=connsec
+
+############################################################################
\ No newline at end of file
diff --git a/maxkey-dao/src/test/resources/log4j2.xml b/maxkey-dao/src/test/resources/log4j2.xml
new file mode 100644
index 00000000..37ff03d7
--- /dev/null
+++ b/maxkey-dao/src/test/resources/log4j2.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>  
+<configuration status="INFO">  
+    <appenders>  
+    	
+        <Console name="consolePrint" target="SYSTEM_OUT">  
+            <PatternLayout pattern="%d{YYYY-MM-dd HH:mm:ss,SSS} [%t] %-5level %logger{36} - %msg%n" />  
+        </Console>
+        <!--
+        <File name="File" fileName="logs/maxkey-dao.log">
+            <PatternLayout pattern="%d{YYYY-MM-dd HH:mm:ss,SSS} [%t] %-5level %logger{36} - %msg%n" />
+        </File>
+        -->
+  
+	 </appenders>  
+	 
+    <loggers>  
+    	<Logger name="org.springframework" level="INFO"></Logger>
+    	<Logger name="org.apache.logging" level="INFO"></Logger>
+    	<Logger name="org.maxkey" level="DEBUG"></Logger>
+    	<Logger name="org.apache.mybatis" level="TRACE"></Logger>
+    	
+    	
+        <root level="INFO">  
+            <appender-ref ref="consolePrint" /> 
+        </root>  
+    </loggers>  
+</configuration>
\ No newline at end of file
diff --git a/maxkey-dao/src/test/resources/spring/applicationContext-database.xml b/maxkey-dao/src/test/resources/spring/applicationContext-database.xml
new file mode 100644
index 00000000..6582bfa6
--- /dev/null
+++ b/maxkey-dao/src/test/resources/spring/applicationContext-database.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans 	xmlns="http://www.springframework.org/schema/beans"
+		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+		xmlns:aop="http://www.springframework.org/schema/aop"
+		xmlns:tx="http://www.springframework.org/schema/tx" 
+		xmlns:jdbc="http://www.springframework.org/schema/jdbc"
+		xmlns:context="http://www.springframework.org/schema/context"
+		xsi:schemaLocation="
+	     http://www.springframework.org/schema/context 
+	     http://www.springframework.org/schema/context/spring-context.xsd
+	     http://www.springframework.org/schema/beans 
+	     http://www.springframework.org/schema/beans/spring-beans.xsd
+	     http://www.springframework.org/schema/jdbc 
+	     http://www.springframework.org/schema/jdbc/spring-jdbc.xsd
+	     http://www.springframework.org/schema/tx 
+	     http://www.springframework.org/schema/tx/spring-tx.xsd
+	     http://www.springframework.org/schema/aop 
+	     http://www.springframework.org/schema/aop/spring-aop.xsd">
+
+	<!-- dataSource define begin -->
+	<!-- c3p0 configuration -->
+	<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"  destroy-method="close" >      
+	    <property name="driverClass" value="${config.datasource.driverclass}"/>      
+	    <property name="jdbcUrl" value="${config.datasource.url}"/>      
+	    <property name="user" value="${config.datasource.username}"/>      
+	    <property name="password" value="${config.datasource.password}"/>  
+	    <property name="maxPoolSize" value="30"/> 
+	    <property name="minPoolSize" value="21"/> 
+	    <property name="initialPoolSize" value="15"/> 
+	    
+	</bean> 
+
+</beans>
\ No newline at end of file
diff --git a/maxkey-dao/src/test/resources/spring/applicationContext-persist.xml b/maxkey-dao/src/test/resources/spring/applicationContext-persist.xml
new file mode 100644
index 00000000..3e13a15f
--- /dev/null
+++ b/maxkey-dao/src/test/resources/spring/applicationContext-persist.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:context="http://www.springframework.org/schema/context" xmlns:p="http://www.springframework.org/schema/p"
+  xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
+  xmlns:cache="http://www.springframework.org/schema/cache"
+  xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans.xsd
+        http://www.springframework.org/schema/context
+        http://www.springframework.org/schema/context/spring-context.xsd
+        http://www.springframework.org/schema/tx
+        http://www.springframework.org/schema/tx/spring-tx.xsd
+        http://www.springframework.org/schema/aop
+        http://www.springframework.org/schema/aop/spring-aop.xsd
+        http://www.springframework.org/schema/cache
+        http://www.springframework.org/schema/cache/spring-cache-3.2.xsd">
+
+
+  <bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
+    <property name="dataSource" ref="dataSource" />
+  </bean>
+
+  <tx:annotation-driven transaction-manager="txManager" />
+
+  <bean id="txManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
+    <property name="dataSource" ref="dataSource" />
+  </bean>
+
+    <!-- enable autowire -->
+    <context:annotation-config />
+
+    <!-- enable transaction demarcation with annotations 
+    <tx:annotation-driven />-->
+
+	<!--<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">-->
+	<bean id="sqlSessionFactory" class="org.apache.mybatis.jpa.MyBatisSessionFactoryBean">
+		<property name="timeout" value="30" />
+		<property name="dataSource" ref="dataSource" />
+		<property name="mapperLocations" value="classpath*:/org/maxkey/dao/persistence/xml/mysql/*.xml" />
+		<property name="typeAliasesPackage" 
+        		  value="
+	        			org.maxkey.domain,
+	        			org.maxkey.domain.apps,
+        			" />
+		<property name="transactionFactory">
+			<bean class="org.apache.ibatis.transaction.managed.ManagedTransactionFactory" />
+		</property>
+		<property name="interceptors">
+			<list>
+					<bean class="org.apache.mybatis.jpa.StatementHandlerInterceptor">
+						<property name="dialectString" value="org.apache.mybatis.jpa.dialect.MySQLDialect"/>
+					</bean>
+			</list>
+		</property>
+	</bean>
+
+    <!-- scan for mappers and let them be autowired -->
+    <bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
+        <property name="basePackage" 
+        		  value="
+        		  		org.maxkey.dao.persistence,
+        		  		" />
+      
+    </bean>
+
+ 	<!-- enable component scanning (beware that this does not enable mapper scanning!) -->    
+    <context:component-scan base-package="org.maxkey.dao.service" />
+    
+    <bean class ="org.apache.mybatis.jpa.id.IdentifierGeneratorFactory">
+    <!-- 
+	    <property name="generatorStrategyMap" >
+	    	<map>
+		        <entry key="serial" >
+		        	<bean class="org.apache.mybatis.jpa.id.SerialGenerator">
+		        		<property name="ipAddressNodeValue"  value="F0-76-1C-B0-26-9C=02,"/>
+		        	</bean></entry>
+		    </map>
+	    </property>
+	    -->
+    </bean>
+    
+   	<!-- 
+	<bean id="sqlSession" class="org.mybatis.spring.SqlSessionTemplate">
+		<constructor-arg index="0" ref="sqlSessionFactory" />
+	</bean>
+	 -->
+</beans>
\ No newline at end of file
diff --git a/maxkey-dao/src/test/resources/spring/applicationContext.xml b/maxkey-dao/src/test/resources/spring/applicationContext.xml
new file mode 100644
index 00000000..919c958e
--- /dev/null
+++ b/maxkey-dao/src/test/resources/spring/applicationContext.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans 	xmlns="http://www.springframework.org/schema/beans"
+		xmlns:context="http://www.springframework.org/schema/context"
+		xmlns:mvc="http://www.springframework.org/schema/mvc"
+		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		xmlns:p="http://www.springframework.org/schema/p"
+		xmlns:tx="http://www.springframework.org/schema/tx"
+		xmlns:util="http://www.springframework.org/schema/util"
+		xsi:schemaLocation="
+	        http://www.springframework.org/schema/beans     
+	        http://www.springframework.org/schema/beans/spring-beans.xsd
+	        http://www.springframework.org/schema/context 
+	        http://www.springframework.org/schema/context/spring-context.xsd
+	        http://www.springframework.org/schema/tx 
+	        http://www.springframework.org/schema/tx/spring-tx.xsd
+	        http://www.springframework.org/schema/util     
+	        http://www.springframework.org/schema/util/spring-util.xsd
+	        http://www.springframework.org/schema/mvc 
+	        http://www.springframework.org/schema/mvc/spring-mvc.xsd">
+ 	<!-- 
+ 	<import resource="applicationContext-task.xml"/>
+ 	-->
+ 	<!-- Application properties configs  -->
+	<bean id="propertySourcesPlaceholderConfigurer" class="org.springframework.context.support.PropertySourcesPlaceholderConfigurer">
+	  <property name="locations">
+	    <list>
+	   	  	<value>classpath:config/applicationConfig.properties</value>
+	    </list>
+	  </property>
+	  <property name="ignoreUnresolvablePlaceholders" value="true"/>
+	</bean>
+ 	
+ 	<!-- Authentication Password Encoder Config -->
+	<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></bean>   
+	
+	<bean id="passwordReciprocal" class="org.maxkey.crypto.password.PasswordReciprocal"></bean>
+	
+ 	<!-- Datastore configuration  -->
+ 	<import resource="applicationContext-database.xml"/>
+ 	<import resource="applicationContext-persist.xml"/>
+ 
+ 	
+ 	<!-- 配置执行的任务列表  -->
+ 	<util:list id="businessTask" list-class="java.util.ArrayList">
+
+ 	</util:list>
+</beans>
\ No newline at end of file
diff --git a/maxkey-demos/maxkey-demo-cas/src/main/webapp/WEB-INF/web.xml b/maxkey-demos/maxkey-demo-cas/src/main/webapp/WEB-INF/web.xml
index 4f53c60d..be718be0 100644
--- a/maxkey-demos/maxkey-demo-cas/src/main/webapp/WEB-INF/web.xml
+++ b/maxkey-demos/maxkey-demo-cas/src/main/webapp/WEB-INF/web.xml
@@ -1,75 +1,78 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
-  <display-name></display-name>
-  <listener>
-    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
-  </listener>
-  <filter>
-    <filter-name>CAS Single Sign Out Filter</filter-name>
-    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
-  </filter>
-  <filter-mapping>
-    <filter-name>CAS Single Sign Out Filter</filter-name>
-    <url-pattern>/*</url-pattern>
-  </filter-mapping>
-  <filter>
-    <filter-name>CAS Filter</filter-name>
-    <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
-    <!-- cas server login url -->
-    <init-param>
-      <param-name>casServerLoginUrl</param-name>
-      <param-value>>http://login.connsec.com/maxkey/authz/cas/</param-value>
-    </init-param>
-    <!-- cas client url,  in end of url / is required-->
-    <init-param>
-      <param-name>serverName</param-name>
-      <param-value>http://cas.demo.connsec.com/</param-value>
-    </init-param>
-  </filter>
-  <filter-mapping>
-    <filter-name>CAS Filter</filter-name>
-    <url-pattern>/*</url-pattern>
-  </filter-mapping>
-  
-  <!--  Cas10TicketValidationFilter
-  		Cas20ProxyReceivingTicketValidationFilter
-   -->
-  <filter>
-    <filter-name>CAS Validation Filter</filter-name>
-    <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
-   <!-- cas server login url -->
-    <init-param>
-      <param-name>casServerUrlPrefix</param-name>
-      <param-value>http://login.connsec.com/maxkey/authz/cas/</param-value>
-    </init-param>
-     <!-- cas client url -->
-    <init-param>
-      <param-name>serverName</param-name>
-      <param-value>http://cas.demo.connsec.com/</param-value>
-    </init-param>
-  </filter>
-  <filter-mapping>
-    <filter-name>CAS Validation Filter</filter-name>
-    <url-pattern>/*</url-pattern>
-  </filter-mapping>
-  <filter>
-    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
-    <filter-class>
-	                org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
-  </filter>
-  <filter-mapping>
-    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
-    <url-pattern>/*</url-pattern>
-  </filter-mapping>
-  <filter>
-    <filter-name>CAS Assertion Thread Local Filter</filter-name>
-    <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
-  </filter>
-  <filter-mapping>
-    <filter-name>CAS Assertion Thread Local Filter</filter-name>
-    <url-pattern>/*</url-pattern>
-  </filter-mapping>
-  <welcome-file-list>
-    <welcome-file>index.jsp</welcome-file>
-  </welcome-file-list>
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns="http://java.sun.com/xml/ns/javaee"
+	xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+	version="2.5">
+	<display-name></display-name>
+	<listener>
+		<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
+	</listener>
+	<filter>
+		<filter-name>CAS Single Sign Out Filter</filter-name>
+		<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>CAS Single Sign Out Filter</filter-name>
+		<url-pattern>/index.jsp</url-pattern>
+	</filter-mapping>
+	<filter>
+		<filter-name>CAS Filter</filter-name>
+		<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
+		<!-- cas server login url -->
+		<init-param>
+			<param-name>casServerLoginUrl</param-name>
+			<param-value>>http://sso.maxkey.org/maxkey/authz/cas/</param-value>
+		</init-param>
+		<!-- cas client url, in end of url / is required -->
+		<init-param>
+			<param-name>serverName</param-name>
+			<param-value>http://casdemo.maxkey.org/</param-value>
+		</init-param>
+	</filter>
+	<filter-mapping>
+		<filter-name>CAS Filter</filter-name>
+		<url-pattern>/index.jsp</url-pattern>
+	</filter-mapping>
+
+	<!-- Cas10TicketValidationFilter Cas20ProxyReceivingTicketValidationFilter -->
+	<filter>
+		<filter-name>CAS Validation Filter</filter-name>
+		<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
+		<!-- cas server login url -->
+		<init-param>
+			<param-name>casServerUrlPrefix</param-name>
+			<param-value>http://sso.maxkey.org/maxkey/authz/cas/</param-value>
+		</init-param>
+		<!-- cas client url -->
+		<init-param>
+			<param-name>serverName</param-name>
+			<param-value>http://casdemo.maxkey.org/</param-value>
+		</init-param>
+	</filter>
+	<filter-mapping>
+		<filter-name>CAS Validation Filter</filter-name>
+		<url-pattern>/index.jsp</url-pattern>
+	</filter-mapping>
+	<filter>
+		<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
+		<filter-class>
+			org.jasig.cas.client.util.HttpServletRequestWrapperFilter
+		</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
+		<url-pattern>/index.jsp</url-pattern>
+	</filter-mapping>
+	<filter>
+		<filter-name>CAS Assertion Thread Local Filter</filter-name>
+		<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>CAS Assertion Thread Local Filter</filter-name>
+		<url-pattern>/index.jsp</url-pattern>
+	</filter-mapping>
+	<welcome-file-list>
+		<welcome-file>index.jsp</welcome-file>
+	</welcome-file-list>
 </web-app>
\ No newline at end of file
diff --git a/maxkey-demos/maxkey-demo-cas/src/main/webapp/index.jsp b/maxkey-demos/maxkey-demo-cas/src/main/webapp/index.jsp
index c353037e..97a25dd9 100644
--- a/maxkey-demos/maxkey-demo-cas/src/main/webapp/index.jsp
+++ b/maxkey-demos/maxkey-demo-cas/src/main/webapp/index.jsp
@@ -7,7 +7,7 @@
 <%
 	String path = request.getContextPath();
 	String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
-
+	System.out.println("CAS Assertion Success . ");
 	Assertion assertion = (Assertion) request.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
 	                
 	                
diff --git a/maxkey-demos/maxkey-demo-cas/src/main/webapp/test.html b/maxkey-demos/maxkey-demo-cas/src/main/webapp/test.html
new file mode 100644
index 00000000..5741816a
--- /dev/null
+++ b/maxkey-demos/maxkey-demo-cas/src/main/webapp/test.html
@@ -0,0 +1,72 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+  <head>
+    <base href="<%=basePath%>">
+    
+    <title>Demo CAS</title>
+	<meta http-equiv="pragma" content="no-cache">
+	<meta http-equiv="cache-control" content="no-cache">
+	<meta http-equiv="expires" content="0">    
+	<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
+	<meta http-equiv="description" content="CAS Demo">
+	<!--
+	<link rel="stylesheet" type="text/css" href="styles.css">
+	-->
+	<style type="text/css">
+		body{
+			margin: 0;
+			margin-top: 0px;
+			margin-left: auto;
+			margin-right: auto;
+			padding: 0 0 0 0px;
+			font-size: 12px;
+			text-align:center;
+			float:center;
+			font-family: "Arial", "Helvetica", "Verdana", "sans-serif";
+		}
+		.container {
+			width: 990px;
+			margin-left: auto;
+			margin-right: auto;
+			padding: 0 10px
+		}
+		table.datatable {
+			border: 1px solid #d8dcdf;
+			border-collapse:collapse;
+			border-spacing:0;
+			width: 100%;
+		}
+		
+		table.datatable th{
+			border: 1px solid #d8dcdf;
+			border-collapse:collapse;
+			border-spacing:0;
+			height: 40px;
+		}
+		
+		
+		table.datatable td{
+			border: 1px solid #d8dcdf;
+			border-collapse:collapse;
+			border-spacing:0;
+			height: 40px;
+		}
+		
+		table.datatable td.title{
+			text-align: center;
+			font-size: 20px;
+			font-weight: bold;
+		}
+	</style>
+  </head>
+  
+  <body>
+  		<div class="container">
+	  		<table class="datatable">
+	  			<tr>
+	  				<td colspan="2" class="title">CAS Demo for MaxKey Test</td>
+	  			</tr>
+	  		</table>
+  		</div>
+  </body>
+</html>
diff --git a/maxkey-demos/maxkey-demo-jwt/bin/main/jwk.jwks b/maxkey-demos/maxkey-demo-jwt/bin/main/jwk.jwks
index d78d95ca..f2fd67f0 100644
--- a/maxkey-demos/maxkey-demo-jwt/bin/main/jwk.jwks
+++ b/maxkey-demos/maxkey-demo-jwt/bin/main/jwk.jwks
@@ -1,12 +1,12 @@
 {
   "keys": [
     {
-      "e": "AQAB",
-      "n": "h5xtDWLssoj5-WLCKPYPUDJlM5pnL4pS8-wMt9sVA57QVRVFdpWHi1dbDCugCApjvmD-giO5yjF5mQSTAF6a14FvktozVw_dDTEzrjG5FgT6WpMzMZd6JpiwQLOtEbV7oBkKYWm1vh1C67-xTlhKgQUNLVNDg4RqRcKFxZd5JPc",
       "kty": "RSA",
+	  "e": "AQAB",
       "use": "sig",
+      "kid": "maxkey_rsa",
       "alg": "RS256",
-      "kid": "connsec_rsa"
+      "n": "vyfZwQuBLNvJDhmziUCFuAfIv-bC6ivodcR6PfanTt8XLd6G63Yx10YChAdsDACjoLz1tEU56WPp_ee_vcTSsEZT3ouWJYghuGI2j4XclXlEj0S7DzdpcBBpI4n5dr8K3iKY-3JUMZR1AMBHI50UaMST9ZTZJAjUPIYxkhRdca5lWBo4wGUh1yj_80-Bq6al0ia9S5NTzNLaJ18jSxFqZ79BAkBm-KjkP248YUk6WBGtYEAV5Fws4dpse4hrqJ3RRHiMZV1o1iTmPHz_l55ZSDP3vpYf6iKqKzoK2RmdjfH5mGpbc4-PclTs4GKfwZ7cWfrny6B7sMnQfzujCH996Q"
     }
   ]
 }
\ No newline at end of file
diff --git a/maxkey-demos/maxkey-demo-jwt/lib/connsec-oidc.jar b/maxkey-demos/maxkey-demo-jwt/lib/connsec-oidc.jar
deleted file mode 100644
index 3d4fe71c..00000000
Binary files a/maxkey-demos/maxkey-demo-jwt/lib/connsec-oidc.jar and /dev/null differ
diff --git a/maxkey-demos/maxkey-demo-jwt/lib/maxkey-client-sdk.jar b/maxkey-demos/maxkey-demo-jwt/lib/maxkey-client-sdk.jar
index ce5799f0..9d47e56e 100644
Binary files a/maxkey-demos/maxkey-demo-jwt/lib/maxkey-client-sdk.jar and b/maxkey-demos/maxkey-demo-jwt/lib/maxkey-client-sdk.jar differ
diff --git a/maxkey-demos/maxkey-demo-jwt/lib/maxkey-jose-jwt.jar b/maxkey-demos/maxkey-demo-jwt/lib/maxkey-jose-jwt.jar
new file mode 100644
index 00000000..7ce8a6ba
Binary files /dev/null and b/maxkey-demos/maxkey-demo-jwt/lib/maxkey-jose-jwt.jar differ
diff --git a/maxkey-demos/maxkey-demo-jwt/lib/nimbus-jose-jwt-3.5.jar b/maxkey-demos/maxkey-demo-jwt/lib/nimbus-jose-jwt-3.5.jar
deleted file mode 100644
index 50adacc0..00000000
Binary files a/maxkey-demos/maxkey-demo-jwt/lib/nimbus-jose-jwt-3.5.jar and /dev/null differ
diff --git a/maxkey-demos/maxkey-demo-jwt/src/main/resources/jwk.jwks b/maxkey-demos/maxkey-demo-jwt/src/main/resources/jwk.jwks
index d78d95ca..f2fd67f0 100644
--- a/maxkey-demos/maxkey-demo-jwt/src/main/resources/jwk.jwks
+++ b/maxkey-demos/maxkey-demo-jwt/src/main/resources/jwk.jwks
@@ -1,12 +1,12 @@
 {
   "keys": [
     {
-      "e": "AQAB",
-      "n": "h5xtDWLssoj5-WLCKPYPUDJlM5pnL4pS8-wMt9sVA57QVRVFdpWHi1dbDCugCApjvmD-giO5yjF5mQSTAF6a14FvktozVw_dDTEzrjG5FgT6WpMzMZd6JpiwQLOtEbV7oBkKYWm1vh1C67-xTlhKgQUNLVNDg4RqRcKFxZd5JPc",
       "kty": "RSA",
+	  "e": "AQAB",
       "use": "sig",
+      "kid": "maxkey_rsa",
       "alg": "RS256",
-      "kid": "connsec_rsa"
+      "n": "vyfZwQuBLNvJDhmziUCFuAfIv-bC6ivodcR6PfanTt8XLd6G63Yx10YChAdsDACjoLz1tEU56WPp_ee_vcTSsEZT3ouWJYghuGI2j4XclXlEj0S7DzdpcBBpI4n5dr8K3iKY-3JUMZR1AMBHI50UaMST9ZTZJAjUPIYxkhRdca5lWBo4wGUh1yj_80-Bq6al0ia9S5NTzNLaJ18jSxFqZ79BAkBm-KjkP248YUk6WBGtYEAV5Fws4dpse4hrqJ3RRHiMZV1o1iTmPHz_l55ZSDP3vpYf6iKqKzoK2RmdjfH5mGpbc4-PclTs4GKfwZ7cWfrny6B7sMnQfzujCH996Q"
     }
   ]
 }
\ No newline at end of file
diff --git a/maxkey-demos/maxkey-demo-jwt/src/main/webapp/jwtcallback.jsp b/maxkey-demos/maxkey-demo-jwt/src/main/webapp/jwtcallback.jsp
index d6296fea..2a1c521f 100644
--- a/maxkey-demos/maxkey-demo-jwt/src/main/webapp/jwtcallback.jsp
+++ b/maxkey-demos/maxkey-demo-jwt/src/main/webapp/jwtcallback.jsp
@@ -14,12 +14,11 @@
 <%@ page language="java" import="com.google.gson.*" %>
 
 
-
 <%
 String path = request.getContextPath();
 String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
 String token=request.getParameter("jwt");
-System.out.println(token);
+System.out.println("jwt "+token);
 SignedJWT signedJWT=null;
 
 //JWKSetKeyStore jwkSetKeyStore=new JWKSetKeyStore();
@@ -27,15 +26,17 @@ SignedJWT signedJWT=null;
 File jwksFile=new File(PathUtils.getInstance().getClassPath()+"jwk.jwks");
 JWKSet jwkSet=JWKSet.load(jwksFile);
 
-RSASSAVerifier rsaSSAVerifier = new RSASSAVerifier(((RSAKey) jwkSet.getKeyByKeyId("connsec_rsa")).toRSAPublicKey());
+RSASSAVerifier rsaSSAVerifier = new RSASSAVerifier(((RSAKey) jwkSet.getKeyByKeyId("maxkey_rsa")).toRSAPublicKey());
 try {
 
     signedJWT = SignedJWT.parse(token);
 } catch (java.text.ParseException e) {
     // Invalid signed JWT encoding
 }
-;
-ReadOnlyJWTClaimsSet jwtClaims =signedJWT.getJWTClaimsSet();
+
+System.out.println("signedJWT "+signedJWT);
+
+JWTClaimsSet jwtClaims =signedJWT.getJWTClaimsSet();
  
 %>
 
diff --git a/maxkey-demos/maxkey-demo-oauth/src/main/webapp/oauth10aindex.jsp b/maxkey-demos/maxkey-demo-oauth/src/main/webapp/oauth10aindex.jsp
deleted file mode 100644
index 0d9af5a9..00000000
--- a/maxkey-demos/maxkey-demo-oauth/src/main/webapp/oauth10aindex.jsp
+++ /dev/null
@@ -1,45 +0,0 @@
-<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
-<%@ page language="java" import="org.maxkey.client.oauth.oauth.*" %>
-<%@ page language="java" import="org.maxkey.client.oauth.builder.*" %>
-<%@ page language="java" import="org.maxkey.client.oauth.builder.api.ConnsecApi10a" %>
-<%@ page language="java" import="org.maxkey.client.oauth.model.Token" %>
-
-<%
-String path = request.getContextPath();
-String basePath = request.getScheme()+"://"+request.getServerName()+path+"/";
-String callback="http://oauth.demo.connsec.com:8080/oauthdemo/callback.jsp";
-OAuthService service = new ServiceBuilder()
-                            .provider(ConnsecApi10a.class)
-                            .apiKey("a08d486a-2007-4436-aeda-4310e9443ec7")
-                            .apiSecret("k3I2MTQxMjIwMTQxMDMxNTM4NzQW27")
-                            .callback(callback)
-                            .build();
-                            
-Token requestToken = service.getRequestToken();
-
-request.getSession().setAttribute("requestToken", requestToken);
-
-request.getSession().setAttribute("oauthv10aservice", service);
-
-%>
-
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-  <head>
-    <base href="<%=basePath%>">
-    
-    <title>My JSP 'index.jsp' starting page</title>
-	<meta http-equiv="pragma" content="no-cache">
-	<meta http-equiv="cache-control" content="no-cache">
-	<meta http-equiv="expires" content="0">    
-	<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
-	<meta http-equiv="description" content="This is my page">
-	<!--
-	<link rel="stylesheet" type="text/css" href="styles.css">
-	-->
-  </head>
-  
-  <body>
-    <a href="<%=service.getAuthorizationUrl(requestToken) %>&approval_prompt=auto">oauth sso</a>
-  </body>
-</html>
diff --git a/maxkey-demos/maxkey-demo-oauth/src/main/webapp/oauth20callback.jsp b/maxkey-demos/maxkey-demo-oauth/src/main/webapp/oauth20callback.jsp
index 09d2215c..cb099e3c 100644
--- a/maxkey-demos/maxkey-demo-oauth/src/main/webapp/oauth20callback.jsp
+++ b/maxkey-demos/maxkey-demo-oauth/src/main/webapp/oauth20callback.jsp
@@ -13,7 +13,7 @@ String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.
 OAuthService service = (OAuthService)request.getSession().getAttribute("oauthv20service");
 
 if(service==null){
-	String callback="http://oauth.demo.connsec.com:8080/oauthdemo/oauth20callback.jsp";
+	String callback="http://oauthdemo.maxkey.org:8080/oauthdemo/oauth20callback.jsp";
 	service = new ServiceBuilder()
      .provider(ConnsecApi20.class)
      .apiKey("b32834accb544ea7a9a09dcae4a36403")
diff --git a/maxkey-demos/maxkey-demo-oauth/src/main/webapp/oauth20index.jsp b/maxkey-demos/maxkey-demo-oauth/src/main/webapp/oauth20index.jsp
index b26d0dd7..f5a00edc 100644
--- a/maxkey-demos/maxkey-demo-oauth/src/main/webapp/oauth20index.jsp
+++ b/maxkey-demos/maxkey-demo-oauth/src/main/webapp/oauth20index.jsp
@@ -8,7 +8,7 @@
 String path = request.getContextPath();
 String basePath = request.getScheme()+"://"+request.getServerName()+path+"/";
 
-String callback="http://oauth.demo.connsec.com:8080/oauthdemo/oauth20callback.jsp";
+String callback="http://oauthdemo.maxkey.org:8080/oauthdemo/oauth20callback.jsp";
 OAuthService service = new ServiceBuilder()
                             .provider(ConnsecApi20.class)
                             .apiKey("b32834accb544ea7a9a09dcae4a36403")
diff --git a/maxkey-demos/maxkey-demo-oauth/src/main/webapp/oidc10callback.jsp b/maxkey-demos/maxkey-demo-oauth/src/main/webapp/oidc10callback.jsp
index 1f411359..cfb5cea6 100644
--- a/maxkey-demos/maxkey-demo-oauth/src/main/webapp/oidc10callback.jsp
+++ b/maxkey-demos/maxkey-demo-oauth/src/main/webapp/oidc10callback.jsp
@@ -24,7 +24,7 @@ String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.
 OAuthService service = (OAuthService)request.getSession().getAttribute("oauthv20service");
 
 if(service==null){
-	String callback="http://oauth.demo.connsec.com:8080/oauthdemo/oidc10callback.jsp";
+	String callback="http://oauthdemo.maxkey.org:8080/oauthdemo/oidc10callback.jsp";
 	service = new ServiceBuilder()
      .provider(ConnsecApi20.class)
      .apiKey("ae20330a-ef0b-4dad-9f10-d5e3485ca2ad")
diff --git a/maxkey-lib/db/mybatis-jpa-extra-1.0.jar b/maxkey-lib/db/mybatis-jpa-extra-1.0.jar
index 7752c5d6..ebad7329 100644
Binary files a/maxkey-lib/db/mybatis-jpa-extra-1.0.jar and b/maxkey-lib/db/mybatis-jpa-extra-1.0.jar differ
diff --git a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
index fd1d169e..ad78010e 100644
--- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
@@ -3,7 +3,7 @@
  */
 package org.maxkey.authz.endpoint;
 
-import org.maxkey.constants.PROTOCOLS;
+import org.maxkey.config.ApplicationConfig;
 import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.dao.service.AccountsService;
 import org.maxkey.dao.service.ApplicationsService;
@@ -28,23 +28,20 @@ public class AuthorizeBaseEndpoint {
 	@Qualifier("applicationsService")
 	protected ApplicationsService applicationsService;
 	
+	@Autowired 
+  	@Qualifier("applicationConfig")
+  	protected ApplicationConfig applicationConfig;
+	
 	@Autowired
-	AccountsService appAccountsService;
+	AccountsService accountsService;
 	
 	
-	protected Applications getApp(String id){
-		Applications  application=null;
-		if(id.equals("manage")){
-			application =new Applications();
-			application.setId("manage");
-			application.setName("Manage App");
-			application.setProtocol(PROTOCOLS.TOKENBASED);
-			application.setIsAdapter(1);
-			application.setAdapter("com.connsec.web.authorize.endpoint.adapter.TokenBasedJWTAdapter");
-		}else{
-			application=applicationsService.get(id);
+	protected Applications getApplication(String id){
+		Applications  application=(Applications)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());
+		//session中为空或者id不一致重新加载
+		if(application==null||!application.getId().equalsIgnoreCase(id)) {
+			application=applicationsService.get(id);		
 		}
-		
 		if(application	==	null){
 			_logger.error("Applications for id "+id + "  is null");
 		}
@@ -52,23 +49,12 @@ public class AuthorizeBaseEndpoint {
 		return application;
 	}
 	
-	protected Applications getSessionApplication(String id){
-		Object object= WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());
-		Applications  application=null;
-		if(object	!=	null){
-			application	=	(Applications)object;
-		}else{
-			application	=	getApp(id);
-		}
-		return application;
-	}
-	
 	protected Accounts getAppAccounts(Applications application){
 		Accounts appAccount=new Accounts();
 		UserInfo userInfo=WebContext.getUserInfo();
 		if(application.getCredential()==Applications.CREDENTIALS.USER_DEFINED){
 			
-			appAccount=appAccountsService.load(new Accounts(userInfo.getId(),application.getId()));
+			appAccount=accountsService.load(new Accounts(userInfo.getId(),application.getId()));
 			if(appAccount!=null){
 				appAccount.setRelatedPassword(ReciprocalUtils.decoder(appAccount.getRelatedPassword()));
 			}
diff --git a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeCredentialEndpoint.java b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeCredentialEndpoint.java
index 2e332775..3ac3f50d 100644
--- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeCredentialEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeCredentialEndpoint.java
@@ -55,12 +55,12 @@ public class AuthorizeCredentialEndpoint extends AuthorizeBaseEndpoint{
 			appUser.setDisplayName(userInfo.getDisplayName());
 			
 			appUser.setAppId(appId);
-			appUser.setAppName(getSessionApplication(appId).getName());
+			appUser.setAppName(getApplication(appId).getName());
 			
 			appUser.setRelatedUsername(identity_username);
 			appUser.setRelatedPassword(ReciprocalUtils.encode(identity_password));
 			
-			if(appAccountsService.insert(appUser)){
+			if(accountsService.insert(appUser)){
 				
 			}
 		}
diff --git a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeEndpoint.java
index 7eaa7d7e..517bad32 100644
--- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeEndpoint.java
@@ -6,9 +6,7 @@ package org.maxkey.authz.endpoint;
 import javax.servlet.http.HttpServletRequest;
 
 import org.maxkey.authz.oauth2.provider.ClientDetailsService;
-import org.maxkey.client.oauth.builder.ServiceBuilder;
-import org.maxkey.client.oauth.builder.api.ConnsecApi20;
-import org.maxkey.client.oauth.oauth.OAuthService;
+import org.maxkey.client.utils.HttpEncoder;
 import org.maxkey.constants.PROTOCOLS;
 import org.maxkey.dao.service.CasDetailsService;
 import org.maxkey.domain.apps.Applications;
@@ -28,7 +26,8 @@ import org.springframework.web.servlet.ModelAndView;
  */
 @Controller
 public class AuthorizeEndpoint extends AuthorizeBaseEndpoint{
-
+	private static final String OAUTH_V20_AUTHORIZATION_URL = "%s/oauth/v20/authorize?client_id=%s&response_type=code&redirect_uri=%s&approval_prompt=auto";
+	
 	@Autowired
 	@Qualifier("oauth20JdbcClientDetailsService")
 	private ClientDetailsService clientDetailsService;
@@ -44,65 +43,38 @@ public class AuthorizeEndpoint extends AuthorizeBaseEndpoint{
 		
 		ModelAndView modelAndView=null;
 		
-		Applications  application=getApp(id);
+		Applications  application=getApplication(id);
 		WebContext.setAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID, id);
 		
 		if(application.getProtocol().equalsIgnoreCase(PROTOCOLS.EXTEND_API)){
-			
 			modelAndView=WebContext.forward("/authz/api/"+id);
-			
 		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.FORMBASED)){
-			
 			 modelAndView=WebContext.forward("/authz/formbased/"+id);
-			 
 		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.OAUTH20)){
 			ClientDetails  clientDetails =clientDetailsService.loadClientByClientId(application.getId());
-			OAuthService service = new ServiceBuilder()
-	        .provider(ConnsecApi20.class)
-	        .apiKey(application.getId())
-	        .apiSecret(application.getSecret())
-	        .callback(clientDetails.getRegisteredRedirectUri().toArray()[0].toString())
-	        .build();
 			_logger.debug(""+clientDetails);
+			String authorizationUrl = String.format(OAUTH_V20_AUTHORIZATION_URL, 
+							applicationConfig.getServerPrefix(),
+							clientDetails.getClientId(), 
+							HttpEncoder.encode(clientDetails.getRegisteredRedirectUri().toArray()[0].toString())
+					);
+			
+			_logger.debug("authorizationUrl "+authorizationUrl);
 			
-			String authorizationUrl = service.getAuthorizationUrl(null);
 			modelAndView=WebContext.redirect(authorizationUrl);
-			 
-		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.OAUTH10A)){
-			/*
-			 * Application must get request_token for authn
-			 */
-			modelAndView=WebContext.forward("/authz/oauth10a/"+id);
-			
 		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.OPEN_ID_CONNECT)){
-			
 			// modelAndView=new ModelAndView("openid connect");
 		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.SAML20)){
-			
 			 modelAndView=WebContext.forward("/authz/saml20/idpinit/"+application.getId());
-			 
-		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.SAML11)){
-			
-			modelAndView=WebContext.forward("/authz/saml11/idpinit/"+application.getId());
-			 
 		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.TOKENBASED)){
-			
 			modelAndView=WebContext.forward("/authorize/tokenbased/"+id);
-			
 		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.LTPA)){
-			
 			modelAndView=WebContext.forward("/authz/ltpa/"+id);
-			
 		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.CAS)){
-			
 			modelAndView=WebContext.forward("/authz/cas/"+id);
-			
 		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.DESKTOP)){
-			
 			modelAndView=WebContext.forward("/authz/desktop/"+id);
-			
 		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.BASIC)){
-			
 			modelAndView=WebContext.redirect(application.getLoginUrl());
 		}
 		
@@ -115,7 +87,7 @@ public class AuthorizeEndpoint extends AuthorizeBaseEndpoint{
 	public ModelAndView authorizeOAuth10a(
 			@PathVariable("id") String id){
 		
-		 String redirec_uri=getApp(id).getLoginUrl();
+		 String redirec_uri=getApplication(id).getLoginUrl();
 		return WebContext.redirect(redirec_uri);
 		
 	}
diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
index 44212cb5..09e02f88 100644
--- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
@@ -91,7 +91,6 @@ public class CasAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 		CasDetails casDetails=(CasDetails)WebContext.getAttribute(CasConstants.PARAMETER.ENDPOINT_CAS_DETAILS);
 		ServiceTicketImpl serviceTicket=new ServiceTicketImpl(WebContext.getAuthentication(),casDetails);
 		
-		//InMemoryTicketServices
 		String ticket=ticketServices.createTicket(serviceTicket);
 		
 		return WebContext.redirect(casDetails.getService()+"?"+CasConstants.PARAMETER.TICKET+"="+ticket);
diff --git a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/ExtendApiAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/ExtendApiAuthorizeEndpoint.java
index a7d6e98e..b5a84ebc 100644
--- a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/ExtendApiAuthorizeEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/ExtendApiAuthorizeEndpoint.java
@@ -30,7 +30,7 @@ public class ExtendApiAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 	@RequestMapping("/authz/api/{id}")
 	public ModelAndView authorize(HttpServletRequest request,@PathVariable("id") String id){
 		
-		Applications apps=getApp(id);
+		Applications apps=getApplication(id);
 		_logger.debug(""+apps);
 		
 		if(BOOLEAN.isTrue(apps.getIsAdapter())){
@@ -53,7 +53,7 @@ public class ExtendApiAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 					modelAndView);
 			return modelAndView;
 		}else{
-			String redirec_uri=getApp(id).getLoginUrl();
+			String redirec_uri=getApplication(id).getLoginUrl();
 			return WebContext.redirect(redirec_uri);
 		}
 		
diff --git a/maxkey-protocols/maxkey-protocol-ltpa/src/main/java/org/maxkey/authz/ltpa/endpoint/LtpaAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-ltpa/src/main/java/org/maxkey/authz/ltpa/endpoint/LtpaAuthorizeEndpoint.java
index 3ca5b909..436b5af4 100644
--- a/maxkey-protocols/maxkey-protocol-ltpa/src/main/java/org/maxkey/authz/ltpa/endpoint/LtpaAuthorizeEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-ltpa/src/main/java/org/maxkey/authz/ltpa/endpoint/LtpaAuthorizeEndpoint.java
@@ -83,7 +83,10 @@ public class LtpaAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 		cookie.setMaxAge(maxAge);
 		
 		cookie.setPath("/");
-		cookie.setDomain("."+applicationConfig.getSubDomainName());
+		//
+		//cookie.setDomain("."+applicationConfig.getSubDomainName());
+		//tomcat 8.5
+		cookie.setDomain(applicationConfig.getSubDomainName());
 		
 		_logger.debug("Sub Domain Name : "+"."+applicationConfig.getSubDomainName());
 		response.addCookie(cookie);
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/json-web-key-generator/Usage.txt b/maxkey-protocols/maxkey-protocol-oauth-2.0/json-web-key-generator/Usage.txt
new file mode 100644
index 00000000..8c6c3db1
--- /dev/null
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/json-web-key-generator/Usage.txt
@@ -0,0 +1,18 @@
+Usage
+Invoking the utility without arguments will print its usage message
+
+usage java -jar json-web-key-generator.jar -t keyType [options]
+ -a arg   Algorithm (optional)
+ -c arg   Key Curve, required for EC key type. Must be one of P-256,
+            P-384, P-521
+ -i arg   Key ID (optional)
+ -p         Display public key separately
+ -s arg   Key Size in bits, required for RSA and OCT key types. Must be
+            an integer divisible by 8
+ -S         Wrap the generated key in a KeySet
+ -t arg   Key Type, one of RSA, oct, EC
+ -u arg   Usage, one of enc, sig (optional)
+Example
+To generate a 2048-bit RSA public  private key pair, with a specified key ID and use, and wrapped in a standard JWK set
+
+java -jar json-web-key-generator.jar -t RSA -s 2048 -i 1 -u sig -S
\ No newline at end of file
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/json-web-key-generator/json-web-key-generator.bat b/maxkey-protocols/maxkey-protocol-oauth-2.0/json-web-key-generator/json-web-key-generator.bat
new file mode 100644
index 00000000..ffe4f46e
--- /dev/null
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/json-web-key-generator/json-web-key-generator.bat
@@ -0,0 +1,2 @@
+java -jar json-web-key-generator.jar -a RS256 -t RSA -s 2048 -i maxkey_rsa -u sig -S >maxkey.jwks
+pause
\ No newline at end of file
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/json-web-key-generator/json-web-key-generator.jar b/maxkey-protocols/maxkey-protocol-oauth-2.0/json-web-key-generator/json-web-key-generator.jar
new file mode 100644
index 00000000..085a017b
Binary files /dev/null and b/maxkey-protocols/maxkey-protocol-oauth-2.0/json-web-key-generator/json-web-key-generator.jar differ
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/json-web-key-generator/maxkey.jwks b/maxkey-protocols/maxkey-protocol-oauth-2.0/json-web-key-generator/maxkey.jwks
new file mode 100644
index 00000000..c09e6147
--- /dev/null
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/json-web-key-generator/maxkey.jwks
@@ -0,0 +1,14 @@
+Full key:
+{
+  "keys": [
+    {
+      "kty": "RSA",
+      "d": "K2VCm_6enq5uoFLZXUlWkgbCXj5m9X5uUX3_Ol3qcY9X1cP04TN98R8lpw-ASeFDRFRhe0FT-lYCYu_fqZcrNXVhyN3rgi27af5x4HdFMnHLTLMPvE6aEyTGmZjTF1AbiX5VOJAl6POI9FiyTbV1Uqt943ydJv8SH4NfcYhKBmpp8Fi1f58mon-bYwsIy8mzZjssc8KZy-GzpscKrc5ewb7106JY3uRQNprAHrpcGAPZ8uXUvVhrxp_FNn5Nf5KVxl2tm50L83_5nw0OZrbJ8Ceg7sZAw_Z41lbYbS9VDaST6TuKRb7W4XCKimZUn57LoQT2-Gkv6msJHCmqTgK02Q",
+      "e": "AQAB",
+      "use": "sig",
+      "kid": "maxkey_rsa",
+      "alg": "RS256",
+      "n": "vyfZwQuBLNvJDhmziUCFuAfIv-bC6ivodcR6PfanTt8XLd6G63Yx10YChAdsDACjoLz1tEU56WPp_ee_vcTSsEZT3ouWJYghuGI2j4XclXlEj0S7DzdpcBBpI4n5dr8K3iKY-3JUMZR1AMBHI50UaMST9ZTZJAjUPIYxkhRdca5lWBo4wGUh1yj_80-Bq6al0ia9S5NTzNLaJ18jSxFqZ79BAkBm-KjkP248YUk6WBGtYEAV5Fws4dpse4hrqJ3RRHiMZV1o1iTmPHz_l55ZSDP3vpYf6iKqKzoK2RmdjfH5mGpbc4-PclTs4GKfwZ7cWfrny6B7sMnQfzujCH996Q"
+    }
+  ]
+}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/META-INF/MANIFEST.MF b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/META-INF/MANIFEST.MF
deleted file mode 100644
index 254272e1..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/META-INF/MANIFEST.MF
+++ /dev/null
@@ -1,3 +0,0 @@
-Manifest-Version: 1.0
-Class-Path: 
-
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
deleted file mode 100644
index e1dc4d59..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core;
-
-import org.springframework.lang.Nullable;
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.util.Assert;
-
-import java.io.Serializable;
-import java.time.Instant;
-
-/**
- * Base class for OAuth 2.0 Token implementations.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see OAuth2AccessToken
- */
-public abstract class AbstractOAuth2Token implements Serializable {
-	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
-	private final String tokenValue;
-	private final Instant issuedAt;
-	private final Instant expiresAt;
-
-	/**
-	 * Sub-class constructor.
-	 *
-	 * @param tokenValue the token value
-	 */
-	protected AbstractOAuth2Token(String tokenValue) {
-		this(tokenValue, null, null);
-	}
-
-	/**
-	 * Sub-class constructor.
-	 *
-	 * @param tokenValue the token value
-	 * @param issuedAt the time at which the token was issued, may be null
-	 * @param expiresAt the expiration time on or after which the token MUST NOT be accepted, may be null
-	 */
-	protected AbstractOAuth2Token(String tokenValue, @Nullable Instant issuedAt, @Nullable Instant expiresAt) {
-		Assert.hasText(tokenValue, "tokenValue cannot be empty");
-		if (issuedAt != null && expiresAt != null) {
-			Assert.isTrue(expiresAt.isAfter(issuedAt), "expiresAt must be after issuedAt");
-		}
-		this.tokenValue = tokenValue;
-		this.issuedAt = issuedAt;
-		this.expiresAt = expiresAt;
-	}
-
-	/**
-	 * Returns the token value.
-	 *
-	 * @return the token value
-	 */
-	public String getTokenValue() {
-		return this.tokenValue;
-	}
-
-	/**
-	 * Returns the time at which the token was issued.
-	 *
-	 * @return the time the token was issued or null
-	 */
-	public @Nullable Instant getIssuedAt() {
-		return this.issuedAt;
-	}
-
-	/**
-	 * Returns the expiration time on or after which the token MUST NOT be accepted.
-	 *
-	 * @return the expiration time of the token or null
-	 */
-	public @Nullable Instant getExpiresAt() {
-		return this.expiresAt;
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj) {
-			return true;
-		}
-		if (obj == null || this.getClass() != obj.getClass()) {
-			return false;
-		}
-
-		AbstractOAuth2Token that = (AbstractOAuth2Token) obj;
-
-		if (!this.getTokenValue().equals(that.getTokenValue())) {
-			return false;
-		}
-		if (this.getIssuedAt() != null ? !this.getIssuedAt().equals(that.getIssuedAt()) : that.getIssuedAt() != null) {
-			return false;
-		}
-		return this.getExpiresAt() != null ? this.getExpiresAt().equals(that.getExpiresAt()) : that.getExpiresAt() == null;
-	}
-
-	@Override
-	public int hashCode() {
-		int result = this.getTokenValue().hashCode();
-		result = 31 * result + (this.getIssuedAt() != null ? this.getIssuedAt().hashCode() : 0);
-		result = 31 * result + (this.getExpiresAt() != null ? this.getExpiresAt().hashCode() : 0);
-		return result;
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/AuthenticationMethod.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/AuthenticationMethod.java
deleted file mode 100644
index 16f7a96c..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/AuthenticationMethod.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core;
-
-import java.io.Serializable;
-
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.util.Assert;
-
-/**
- * The authentication method used when sending bearer access tokens in resource requests to resource servers.
- *
- * @author MyeongHyeon Lee
- * @since 5.1
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6750#section-2">Section 2 Authenticated Requests</a>
- */
-public final class AuthenticationMethod implements Serializable {
-	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
-	public static final AuthenticationMethod HEADER = new AuthenticationMethod("header");
-	public static final AuthenticationMethod FORM = new AuthenticationMethod("form");
-	public static final AuthenticationMethod QUERY = new AuthenticationMethod("query");
-	private final String value;
-
-	/**
-	 * Constructs an {@code AuthenticationMethod} using the provided value.
-	 *
-	 * @param value the value of the authentication method type
-	 */
-	public AuthenticationMethod(String value) {
-		Assert.hasText(value, "value cannot be empty");
-		this.value = value;
-	}
-
-	/**
-	 * Returns the value of the authentication method type.
-	 *
-	 * @return the value of the authentication method type
-	 */
-	public String getValue() {
-		return this.value;
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj) {
-			return true;
-		}
-		if (obj == null || this.getClass() != obj.getClass()) {
-			return false;
-		}
-		AuthenticationMethod that = (AuthenticationMethod) obj;
-		return this.getValue().equals(that.getValue());
-	}
-
-	@Override
-	public int hashCode() {
-		return this.getValue().hashCode();
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/AuthorizationGrantType.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/AuthorizationGrantType.java
deleted file mode 100644
index 266c11cc..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/AuthorizationGrantType.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core;
-
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.util.Assert;
-
-import java.io.Serializable;
-
-/**
- * An authorization grant is a credential representing the resource owner's authorization
- * (to access it's protected resources) to the client and used by the client to obtain an access token.
- *
- * <p>
- * The OAuth 2.0 Authorization Framework defines four standard grant types:
- * authorization code, implicit, resource owner password credentials, and client credentials.
- * It also provides an extensibility mechanism for defining additional grant types.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section 1.3 Authorization Grant</a>
- */
-public final class AuthorizationGrantType implements Serializable {
-	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
-	public static final AuthorizationGrantType AUTHORIZATION_CODE = new AuthorizationGrantType("authorization_code");
-	public static final AuthorizationGrantType IMPLICIT = new AuthorizationGrantType("implicit");
-	public static final AuthorizationGrantType REFRESH_TOKEN = new AuthorizationGrantType("refresh_token");
-	public static final AuthorizationGrantType CLIENT_CREDENTIALS = new AuthorizationGrantType("client_credentials");
-	private final String value;
-
-	/**
-	 * Constructs an {@code AuthorizationGrantType} using the provided value.
-	 *
-	 * @param value the value of the authorization grant type
-	 */
-	public AuthorizationGrantType(String value) {
-		Assert.hasText(value, "value cannot be empty");
-		this.value = value;
-	}
-
-	/**
-	 * Returns the value of the authorization grant type.
-	 *
-	 * @return the value of the authorization grant type
-	 */
-	public String getValue() {
-		return this.value;
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj) {
-			return true;
-		}
-		if (obj == null || this.getClass() != obj.getClass()) {
-			return false;
-		}
-		AuthorizationGrantType that = (AuthorizationGrantType) obj;
-		return this.getValue().equals(that.getValue());
-	}
-
-	@Override
-	public int hashCode() {
-		return this.getValue().hashCode();
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
deleted file mode 100644
index 90280c22..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/ClaimAccessor.java
+++ /dev/null
@@ -1,153 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core;
-
-import org.springframework.util.Assert;
-
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.time.Instant;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-/**
- * An &quot;accessor&quot; for a set of claims that may be used for assertions.
- *
- * @author Joe Grandja
- * @since 5.0
- */
-public interface ClaimAccessor {
-
-	/**
-	 * Returns a set of claims that may be used for assertions.
-	 *
-	 * @return a {@code Map} of claims
-	 */
-	Map<String, Object> getClaims();
-
-	/**
-	 * Returns {@code true} if the claim exists in {@link #getClaims()}, otherwise {@code false}.
-	 *
-	 * @param claim the name of the claim
-	 * @return {@code true} if the claim exists, otherwise {@code false}
-	 */
-	default Boolean containsClaim(String claim) {
-		Assert.notNull(claim, "claim cannot be null");
-		return this.getClaims().containsKey(claim);
-	}
-
-	/**
-	 * Returns the claim value as a {@code String} or {@code null} if it does not exist or is equal to {@code null}.
-	 *
-	 * @param claim the name of the claim
-	 * @return the claim value or {@code null} if it does not exist or is equal to {@code null}
-	 */
-	default String getClaimAsString(String claim) {
-		if (!this.containsClaim(claim)) {
-			return null;
-		}
-		Object claimValue = this.getClaims().get(claim);
-		return (claimValue != null ? claimValue.toString() : null);
-	}
-
-	/**
-	 * Returns the claim value as a {@code Boolean} or {@code null} if it does not exist.
-	 *
-	 * @param claim the name of the claim
-	 * @return the claim value or {@code null} if it does not exist
-	 */
-	default Boolean getClaimAsBoolean(String claim) {
-		return (this.containsClaim(claim) ? Boolean.valueOf(this.getClaimAsString(claim)) : null);
-	}
-
-	/**
-	 * Returns the claim value as an {@code Instant} or {@code null} if it does not exist.
-	 *
-	 * @param claim the name of the claim
-	 * @return the claim value or {@code null} if it does not exist
-	 */
-	default Instant getClaimAsInstant(String claim) {
-		if (!this.containsClaim(claim)) {
-			return null;
-		}
-		Object claimValue = this.getClaims().get(claim);
-		if (Long.class.isAssignableFrom(claimValue.getClass()) ||
-				Integer.class.isAssignableFrom(claimValue.getClass()) ||
-				Double.class.isAssignableFrom(claimValue.getClass())) {
-			return Instant.ofEpochSecond(((Number) claimValue).longValue());
-		}
-		if (Date.class.isAssignableFrom(claimValue.getClass())) {
-			return ((Date) claimValue).toInstant();
-		}
-		if (Instant.class.isAssignableFrom(claimValue.getClass())) {
-			return (Instant) claimValue;
-		}
-		throw new IllegalArgumentException("Unable to convert claim '" + claim +
-				"' of type '" + claimValue.getClass() + "' to Instant.");
-	}
-
-	/**
-	 * Returns the claim value as an {@code URL} or {@code null} if it does not exist.
-	 *
-	 * @param claim the name of the claim
-	 * @return the claim value or {@code null} if it does not exist
-	 */
-	default URL getClaimAsURL(String claim) {
-		if (!this.containsClaim(claim)) {
-			return null;
-		}
-		try {
-			return new URL(this.getClaimAsString(claim));
-		} catch (MalformedURLException ex) {
-			throw new IllegalArgumentException("Unable to convert claim '" + claim + "' to URL: " + ex.getMessage(), ex);
-		}
-	}
-
-	/**
-	 * Returns the claim value as a {@code Map<String, Object>}
-	 * or {@code null} if it does not exist or cannot be assigned to a {@code Map}.
-	 *
-	 * @param claim the name of the claim
-	 * @return the claim value or {@code null} if it does not exist or cannot be assigned to a {@code Map}
-	 */
-	default Map<String, Object> getClaimAsMap(String claim) {
-		if (!this.containsClaim(claim) || !Map.class.isAssignableFrom(this.getClaims().get(claim).getClass())) {
-			return null;
-		}
-		Map<String, Object> claimValues = new HashMap<>();
-		((Map<?, ?>) this.getClaims().get(claim)).forEach((k, v) -> claimValues.put(k.toString(), v));
-		return claimValues;
-	}
-
-	/**
-	 * Returns the claim value as a {@code List<String>}
-	 * or {@code null} if it does not exist or cannot be assigned to a {@code List}.
-	 *
-	 * @param claim the name of the claim
-	 * @return the claim value or {@code null} if it does not exist or cannot be assigned to a {@code List}
-	 */
-	default List<String> getClaimAsStringList(String claim) {
-		if (!this.containsClaim(claim) || !List.class.isAssignableFrom(this.getClaims().get(claim).getClass())) {
-			return null;
-		}
-		List<String> claimValues = new ArrayList<>();
-		((List<?>) this.getClaims().get(claim)).forEach(e -> claimValues.add(e.toString()));
-		return claimValues;
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java
deleted file mode 100644
index 48ecaaa0..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright 2002-2019 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core;
-
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.util.Assert;
-
-import java.io.Serializable;
-
-/**
- * The authentication method used when authenticating the client with the authorization server.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-2.3">Section 2.3 Client Authentication</a>
- */
-public final class ClientAuthenticationMethod implements Serializable {
-	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
-	public static final ClientAuthenticationMethod BASIC = new ClientAuthenticationMethod("basic");
-	public static final ClientAuthenticationMethod POST = new ClientAuthenticationMethod("post");
-
-	/**
-	 * @since 5.2
-	 */
-	public static final ClientAuthenticationMethod NONE = new ClientAuthenticationMethod("none");
-
-	private final String value;
-
-	/**
-	 * Constructs a {@code ClientAuthenticationMethod} using the provided value.
-	 *
-	 * @param value the value of the client authentication method
-	 */
-	public ClientAuthenticationMethod(String value) {
-		Assert.hasText(value, "value cannot be empty");
-		this.value = value;
-	}
-
-	/**
-	 * Returns the value of the client authentication method.
-	 *
-	 * @return the value of the client authentication method
-	 */
-	public String getValue() {
-		return this.value;
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj) {
-			return true;
-		}
-		if (obj == null || this.getClass() != obj.getClass()) {
-			return false;
-		}
-		ClientAuthenticationMethod that = (ClientAuthenticationMethod) obj;
-		return this.getValue().equalsIgnoreCase(that.getValue());
-	}
-
-	@Override
-	public int hashCode() {
-		return this.getValue().hashCode();
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java
deleted file mode 100644
index 785d3cf2..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/DelegatingOAuth2TokenValidator.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.oauth2.core;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-
-import org.springframework.util.Assert;
-
-/**
- * A composite validator
- *
- * @param <T> the type of {@link AbstractOAuth2Token} this validator validates
- *
- * @author Josh Cummings
- * @since 5.1
- */
-public final class DelegatingOAuth2TokenValidator<T extends AbstractOAuth2Token>
-		implements OAuth2TokenValidator<T> {
-
-	private final Collection<OAuth2TokenValidator<T>> tokenValidators;
-
-	/**
-	 * Constructs a {@code DelegatingOAuth2TokenValidator} using the provided validators.
-	 *
-	 * @param tokenValidators the {@link Collection} of {@link OAuth2TokenValidator}s to use
-	 */
-	public DelegatingOAuth2TokenValidator(Collection<OAuth2TokenValidator<T>> tokenValidators) {
-		Assert.notNull(tokenValidators, "tokenValidators cannot be null");
-
-		this.tokenValidators = new ArrayList<>(tokenValidators);
-	}
-
-	/**
-	 * Constructs a {@code DelegatingOAuth2TokenValidator} using the provided validators.
-	 *
-	 * @param tokenValidators the collection of {@link OAuth2TokenValidator}s to use
-	 */
-	@SafeVarargs
-	public DelegatingOAuth2TokenValidator(OAuth2TokenValidator<T>... tokenValidators) {
-		this(Arrays.asList(tokenValidators));
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public OAuth2TokenValidatorResult validate(T token) {
-		Collection<OAuth2Error> errors = new ArrayList<>();
-
-		for ( OAuth2TokenValidator<T> validator : this.tokenValidators) {
-			errors.addAll(validator.validate(token).getErrors());
-		}
-
-		return OAuth2TokenValidatorResult.failure(errors);
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
deleted file mode 100644
index b2ff587f..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core;
-
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.util.Assert;
-
-import java.io.Serializable;
-import java.time.Instant;
-import java.util.Collections;
-import java.util.Set;
-
-/**
- * An implementation of an {@link AbstractOAuth2Token} representing an OAuth 2.0 Access Token.
- *
- * <p>
- * An access token is a credential that represents an authorization
- * granted by the resource owner to the client.
- * It is primarily used by the client to access protected resources on either a
- * resource server or the authorization server that originally issued the access token.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.4">Section 1.4 Access Token</a>
- */
-public class OAuth2AccessToken extends AbstractOAuth2Token {
-	private final TokenType tokenType;
-	private final Set<String> scopes;
-
-	/**
-	 * Constructs an {@code OAuth2AccessToken} using the provided parameters.
-	 *
-	 * @param tokenType the token type
-	 * @param tokenValue the token value
-	 * @param issuedAt the time at which the token was issued
-	 * @param expiresAt the expiration time on or after which the token MUST NOT be accepted
-	 */
-	public OAuth2AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt) {
-		this(tokenType, tokenValue, issuedAt, expiresAt, Collections.emptySet());
-	}
-
-	/**
-	 * Constructs an {@code OAuth2AccessToken} using the provided parameters.
-	 *
-	 * @param tokenType the token type
-	 * @param tokenValue the token value
-	 * @param issuedAt the time at which the token was issued
-	 * @param expiresAt the expiration time on or after which the token MUST NOT be accepted
-	 * @param scopes the scope(s) associated to the token
-	 */
-	public OAuth2AccessToken(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt, Set<String> scopes) {
-		super(tokenValue, issuedAt, expiresAt);
-		Assert.notNull(tokenType, "tokenType cannot be null");
-		this.tokenType = tokenType;
-		this.scopes = Collections.unmodifiableSet(
-			scopes != null ? scopes : Collections.emptySet());
-	}
-
-	/**
-	 * Returns the {@link TokenType token type}.
-	 *
-	 * @return the {@link TokenType}
-	 */
-	public TokenType getTokenType() {
-		return this.tokenType;
-	}
-
-	/**
-	 * Returns the scope(s) associated to the token.
-	 *
-	 * @return the scope(s) associated to the token
-	 */
-	public Set<String> getScopes() {
-		return this.scopes;
-	}
-
-	/**
-	 * Access Token Types.
-	 *
-	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-7.1">Section 7.1 Access Token Types</a>
-	 */
-	public static final class TokenType implements Serializable {
-		private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
-		public static final TokenType BEARER = new TokenType("Bearer");
-		private final String value;
-
-		private TokenType(String value) {
-			Assert.hasText(value, "value cannot be empty");
-			this.value = value;
-		}
-
-		/**
-		 * Returns the value of the token type.
-		 *
-		 * @return the value of the token type
-		 */
-		public String getValue() {
-			return this.value;
-		}
-
-		@Override
-		public boolean equals(Object obj) {
-			if (this == obj) {
-				return true;
-			}
-			if (obj == null || this.getClass() != obj.getClass()) {
-				return false;
-			}
-			TokenType that = (TokenType) obj;
-			return this.getValue().equalsIgnoreCase(that.getValue());
-		}
-
-		@Override
-		public int hashCode() {
-			return this.getValue().hashCode();
-		}
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java
deleted file mode 100644
index 0f938318..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2AuthenticationException.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core;
-
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.util.Assert;
-
-/**
- * This exception is thrown for all OAuth 2.0 related {@link Authentication} errors.
- *
- * <p>
- * There are a number of scenarios where an error may occur, for example:
- * <ul>
- *  <li>The authorization request or token request is missing a required parameter</li>
- *	<li>Missing or invalid client identifier</li>
- *	<li>Invalid or mismatching redirection URI</li>
- *	<li>The requested scope is invalid, unknown, or malformed</li>
- *	<li>The resource owner or authorization server denied the access request</li>
- *	<li>Client authentication failed</li>
- *	<li>The provided authorization grant (authorization code, resource owner credentials) is invalid, expired, or revoked</li>
- * </ul>
- *
- * @author Joe Grandja
- * @since 5.0
- */
-public class OAuth2AuthenticationException extends AuthenticationException {
-	private OAuth2Error error;
-
-	/**
-	 * Constructs an {@code OAuth2AuthenticationException} using the provided parameters.
-	 *
-	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
-	 */
-	public OAuth2AuthenticationException(OAuth2Error error) {
-		this(error, error.getDescription());
-	}
-
-	/**
-	 * Constructs an {@code OAuth2AuthenticationException} using the provided parameters.
-	 *
-	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
-	 * @param cause the root cause
-	 */
-	public OAuth2AuthenticationException(OAuth2Error error, Throwable cause) {
-		this(error, cause.getMessage(), cause);
-	}
-
-	/**
-	 * Constructs an {@code OAuth2AuthenticationException} using the provided parameters.
-	 *
-	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
-	 * @param message the detail message
-	 */
-	public OAuth2AuthenticationException(OAuth2Error error, String message) {
-		super(message);
-		this.setError(error);
-	}
-
-	/**
-	 * Constructs an {@code OAuth2AuthenticationException} using the provided parameters.
-	 *
-	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
-	 * @param message the detail message
-	 * @param cause the root cause
-	 */
-	public OAuth2AuthenticationException(OAuth2Error error, String message, Throwable cause) {
-		super(message, cause);
-		this.setError(error);
-	}
-
-	/**
-	 * Returns the {@link OAuth2Error OAuth 2.0 Error}.
-	 *
-	 * @return the {@link OAuth2Error}
-	 */
-	public OAuth2Error getError() {
-		return this.error;
-	}
-
-	private void setError(OAuth2Error error) {
-		Assert.notNull(error, "error cannot be null");
-		this.error = error;
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java
deleted file mode 100644
index 2c135bfa..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationException.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core;
-
-/**
- * Base exception for OAuth 2.0 Authorization errors.
- *
- * @author Joe Grandja
- * @since 5.1
- */
-public class OAuth2AuthorizationException extends RuntimeException {
-	private OAuth2Error error;
-
-	/**
-	 * Constructs an {@code OAuth2AuthorizationException} using the provided parameters.
-	 *
-	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
-	 */
-	public OAuth2AuthorizationException(OAuth2Error error) {
-		super(error.toString());
-		this.error = error;
-	}
-
-	/**
-	 * Constructs an {@code OAuth2AuthorizationException} using the provided parameters.
-	 *
-	 * @param error the {@link OAuth2Error OAuth 2.0 Error}
-	 * @param cause the root cause
-	 */
-	public OAuth2AuthorizationException(OAuth2Error error, Throwable cause) {
-		super(error.toString(), cause);
-		this.error = error;
-	}
-
-	/**
-	 * Returns the {@link OAuth2Error OAuth 2.0 Error}.
-	 *
-	 * @return the {@link OAuth2Error}
-	 */
-	public OAuth2Error getError() {
-		return this.error;
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2Error.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2Error.java
deleted file mode 100644
index 22d306a0..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2Error.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core;
-
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.util.Assert;
-
-import java.io.Serializable;
-
-/**
- * A representation of an OAuth 2.0 Error.
- *
- * <p>
- * At a minimum, an error response will contain an error code.
- * The error code may be one of the standard codes defined by the specification,
- * or a new code defined in the OAuth Extensions Error Registry,
- * for cases where protocol extensions require additional error code(s) above the standard codes.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see OAuth2ErrorCodes
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-11.4">Section 11.4 OAuth Extensions Error Registry</a>
- */
-public class OAuth2Error implements Serializable {
-	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
-	private final String errorCode;
-	private final String description;
-	private final String uri;
-
-	/**
-	 * Constructs an {@code OAuth2Error} using the provided parameters.
-	 *
-	 * @param errorCode the error code
-	 */
-	public OAuth2Error(String errorCode) {
-		this(errorCode, null, null);
-	}
-
-	/**
-	 * Constructs an {@code OAuth2Error} using the provided parameters.
-	 *
-	 * @param errorCode the error code
-	 * @param description the error description
-	 * @param uri the error uri
-	 */
-	public OAuth2Error(String errorCode, String description, String uri) {
-		Assert.hasText(errorCode, "errorCode cannot be empty");
-		this.errorCode = errorCode;
-		this.description = description;
-		this.uri = uri;
-	}
-
-	/**
-	 * Returns the error code.
-	 *
-	 * @return the error code
-	 */
-	public final String getErrorCode() {
-		return this.errorCode;
-	}
-
-	/**
-	 * Returns the error description.
-	 *
-	 * @return the error description
-	 */
-	public final String getDescription() {
-		return this.description;
-	}
-
-	/**
-	 * Returns the error uri.
-	 *
-	 * @return the error uri
-	 */
-	public final String getUri() {
-		return this.uri;
-	}
-
-	@Override
-	public String toString() {
-		return "[" + this.getErrorCode() + "] " +
-				(this.getDescription() != null ? this.getDescription() : "");
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCodes.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCodes.java
deleted file mode 100644
index 973443ae..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2ErrorCodes.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core;
-
-/**
- * Standard error codes defined by the OAuth 2.0 Authorization Framework.
- *
- * @author Joe Grandja
- * @since 5.0
- */
-public interface OAuth2ErrorCodes {
-
-	/**
-	 * {@code invalid_request} - The request is missing a required parameter,
-	 * includes an invalid parameter value,
-	 * includes a parameter more than once, or is otherwise malformed.
-	 */
-	String INVALID_REQUEST = "invalid_request";
-
-	/**
-	 * {@code unauthorized_client} - The client is not authorized to request
-	 * an authorization code or access token using this method.
-	 */
-	String UNAUTHORIZED_CLIENT = "unauthorized_client";
-
-	/**
-	 * {@code access_denied} - The resource owner or authorization server denied the request.
-	 */
-	String ACCESS_DENIED = "access_denied";
-
-	/**
-	 * {@code unsupported_response_type} - The authorization server does not support
-	 * obtaining an authorization code or access token using this method.
-	 */
-	String UNSUPPORTED_RESPONSE_TYPE = "unsupported_response_type";
-
-	/**
-	 * {@code invalid_scope} - The requested scope is invalid, unknown, malformed or
-	 * exceeds the scope granted by the resource owner.
-	 */
-	String INVALID_SCOPE = "invalid_scope";
-
-	/**
-	 * {@code server_error} - The authorization server encountered an
-	 * unexpected condition that prevented it from fulfilling the request.
-	 * (This error code is needed because a 500 Internal Server Error HTTP status code
-	 * cannot be returned to the client via a HTTP redirect.)
-	 */
-	String SERVER_ERROR = "server_error";
-
-	/**
-	 * {@code temporarily_unavailable} - The authorization server is currently unable
-	 * to handle the request due to a temporary overloading or maintenance of the server.
-	 * (This error code is needed because a 503 Service Unavailable HTTP status code
-	 * cannot be returned to the client via an HTTP redirect.)
-	 */
-	String TEMPORARILY_UNAVAILABLE = "temporarily_unavailable";
-
-	/**
-	 * {@code invalid_client} - Client authentication failed (e.g., unknown client,
-	 * no client authentication included, or unsupported authentication method).
-	 * The authorization server MAY return a HTTP 401 (Unauthorized) status code
-	 * to indicate which HTTP authentication schemes are supported.
-	 * If the client attempted to authenticate via the &quot;Authorization&quot; request header field,
-	 * the authorization server MUST respond with a HTTP 401 (Unauthorized) status code and
-	 * include the &quot;WWW-Authenticate&quot; response header field matching the authentication scheme used by the client.
-	 */
-	String INVALID_CLIENT = "invalid_client";
-
-	/**
-	 * {@code invalid_grant} - The provided authorization grant
-	 * (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked,
-	 * does not match the redirection URI used in the authorization request, or was issued to another client.
-	 */
-	String INVALID_GRANT = "invalid_grant";
-
-	/**
-	 * {@code unsupported_grant_type} - The authorization grant type is not supported by the authorization server.
-	 */
-	String UNSUPPORTED_GRANT_TYPE = "unsupported_grant_type";
-
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java
deleted file mode 100644
index e52f3643..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core;
-
-import java.time.Instant;
-
-/**
- * An implementation of an {@link AbstractOAuth2Token} representing an OAuth 2.0 Refresh Token.
- *
- * <p>
- * A refresh token is a credential that represents an authorization
- * granted by the resource owner to the client.
- * It is used by the client to obtain a new access token when the current access token
- * becomes invalid or expires, or to obtain additional access tokens with identical or narrower scope.
- *
- * @author Joe Grandja
- * @since 5.1
- * @see OAuth2AccessToken
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.5">Section 1.5 Refresh Token</a>
- */
-public class OAuth2RefreshToken extends AbstractOAuth2Token {
-
-	/**
-	 * Constructs an {@code OAuth2RefreshToken} using the provided parameters.
-	 *
-	 * @param tokenValue the token value
-	 * @param issuedAt the time at which the token was issued
-	 */
-	public OAuth2RefreshToken(String tokenValue, Instant issuedAt) {
-		super(tokenValue, issuedAt, null);
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidator.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidator.java
deleted file mode 100644
index d53b089e..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidator.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core;
-
-/**
- * Implementations of this interface are responsible for &quot;verifying&quot;
- * the validity and/or constraints of the attributes contained in an OAuth 2.0 Token.
- *
- * @author Joe Grandja
- * @author Josh Cummings
- * @since 5.1
- */
-public interface OAuth2TokenValidator<T extends AbstractOAuth2Token> {
-
-	/**
-	 * Verify the validity and/or constraints of the provided OAuth 2.0 Token.
-	 *
-	 * @param token an OAuth 2.0 token
-	 * @return OAuth2TokenValidationResult the success or failure detail of the validation
-	 */
-	OAuth2TokenValidatorResult validate(T token);
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResult.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResult.java
deleted file mode 100644
index 0922360a..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/OAuth2TokenValidatorResult.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.oauth2.core;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-
-import org.springframework.util.Assert;
-
-/**
- * A result emitted from an {@link OAuth2TokenValidator} validation attempt
- *
- * @author Josh Cummings
- * @since 5.1
- */
-public final class OAuth2TokenValidatorResult {
-	static final OAuth2TokenValidatorResult NO_ERRORS = new OAuth2TokenValidatorResult(Collections.emptyList());
-
-	private final Collection<OAuth2Error> errors;
-
-	private OAuth2TokenValidatorResult(Collection<OAuth2Error> errors) {
-		Assert.notNull(errors, "errors cannot be null");
-		this.errors = new ArrayList<>(errors);
-	}
-
-	/**
-	 * Say whether this result indicates success
-	 *
-	 * @return whether this result has errors
-	 */
-	public boolean hasErrors() {
-		return !this.errors.isEmpty();
-	}
-
-	/**
-	 * Return error details regarding the validation attempt
-	 *
-	 * @return the collection of results in this result, if any; returns an empty list otherwise
-	 */
-	public Collection<OAuth2Error> getErrors() {
-		return this.errors;
-	}
-
-	/**
-	 * Construct a successful {@link OAuth2TokenValidatorResult}
-	 *
-	 * @return an {@link OAuth2TokenValidatorResult} with no errors
-	 */
-	public static OAuth2TokenValidatorResult success() {
-		return NO_ERRORS;
-	}
-
-	/**
-	 * Construct a failure {@link OAuth2TokenValidatorResult} with the provided detail
-	 *
-	 * @param errors the list of errors
-	 * @return an {@link OAuth2TokenValidatorResult} with the errors specified
-	 */
-	public static OAuth2TokenValidatorResult failure(OAuth2Error... errors) {
-		return failure(Arrays.asList(errors));
-	}
-
-	/**
-	 * Construct a failure {@link OAuth2TokenValidatorResult} with the provided detail
-	 *
-	 * @param errors the list of errors
-	 * @return an {@link OAuth2TokenValidatorResult} with the errors specified
-	 */
-	public static OAuth2TokenValidatorResult failure(Collection<OAuth2Error> errors) {
-		if (errors.isEmpty()) {
-			return NO_ERRORS;
-		}
-
-		return new OAuth2TokenValidatorResult(errors);
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
deleted file mode 100644
index 55488926..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse.java
+++ /dev/null
@@ -1,222 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.endpoint;
-
-import org.springframework.lang.Nullable;
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
-import org.springframework.security.oauth2.core.OAuth2RefreshToken;
-import org.springframework.util.CollectionUtils;
-import org.springframework.util.StringUtils;
-
-import java.time.Instant;
-import java.util.Collections;
-import java.util.Map;
-import java.util.Set;
-
-/**
- * A representation of an OAuth 2.0 Access Token Response.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see OAuth2AccessToken
- * @see OAuth2RefreshToken
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-5.1">Section 5.1 Access Token Response</a>
- */
-public final class OAuth2AccessTokenResponse {
-	private OAuth2AccessToken accessToken;
-	private OAuth2RefreshToken refreshToken;
-	private Map<String, Object> additionalParameters;
-
-	private OAuth2AccessTokenResponse() {
-	}
-
-	/**
-	 * Returns the {@link OAuth2AccessToken Access Token}.
-	 *
-	 * @return the {@link OAuth2AccessToken}
-	 */
-	public OAuth2AccessToken getAccessToken() {
-		return this.accessToken;
-	}
-
-	/**
-	 * Returns the {@link OAuth2RefreshToken Refresh Token}.
-	 *
-	 * @since 5.1
-	 * @return the {@link OAuth2RefreshToken}
-	 */
-	public @Nullable OAuth2RefreshToken getRefreshToken() {
-		return this.refreshToken;
-	}
-
-	/**
-	 * Returns the additional parameters returned in the response.
-	 *
-	 * @return a {@code Map} of the additional parameters returned in the response, may be empty.
-	 */
-	public Map<String, Object> getAdditionalParameters() {
-		return this.additionalParameters;
-	}
-
-	/**
-	 * Returns a new {@link Builder}, initialized with the provided access token value.
-	 *
-	 * @param tokenValue the value of the access token
-	 * @return the {@link Builder}
-	 */
-	public static Builder withToken(String tokenValue) {
-		return new Builder(tokenValue);
-	}
-
-	/**
-	 * Returns a new {@link Builder}, initialized with the provided response
-	 * @param response the response to intialize the builder with
-	 * @return the {@link Builder}
-	 */
-	public static Builder withResponse(OAuth2AccessTokenResponse response) {
-		return new Builder(response);
-	}
-
-	/**
-	 * A builder for {@link OAuth2AccessTokenResponse}.
-	 */
-	public static class Builder {
-		private String tokenValue;
-		private OAuth2AccessToken.TokenType tokenType;
-		private long expiresIn;
-		private Set<String> scopes;
-		private String refreshToken;
-		private Map<String, Object> additionalParameters;
-
-		private Instant issuedAt;
-		private Instant expiresAt;
-
-		private Builder(OAuth2AccessTokenResponse response) {
-			OAuth2AccessToken accessToken = response.getAccessToken();
-			this.tokenValue = accessToken.getTokenValue();
-			this.tokenType = accessToken.getTokenType();
-			this.expiresAt = accessToken.getExpiresAt();
-			this.issuedAt = accessToken.getIssuedAt();
-			this.scopes = accessToken.getScopes();
-			this.refreshToken = response.getRefreshToken() == null ?
-					null : response.getRefreshToken().getTokenValue();
-			this.additionalParameters = response.getAdditionalParameters();
-		}
-
-		private Builder(String tokenValue) {
-			this.tokenValue = tokenValue;
-		}
-
-		/**
-		 * Sets the {@link OAuth2AccessToken.TokenType token type}.
-		 *
-		 * @param tokenType the type of token issued
-		 * @return the {@link Builder}
-		 */
-		public Builder tokenType(OAuth2AccessToken.TokenType tokenType) {
-			this.tokenType = tokenType;
-			return this;
-		}
-
-		/**
-		 * Sets the lifetime (in seconds) of the access token.
-		 *
-		 * @param expiresIn the lifetime of the access token, in seconds.
-		 * @return the {@link Builder}
-		 */
-		public Builder expiresIn(long expiresIn) {
-			this.expiresIn = expiresIn;
-			return this;
-		}
-
-		/**
-		 * Sets the scope(s) associated to the access token.
-		 *
-		 * @param scopes the scope(s) associated to the access token.
-		 * @return the {@link Builder}
-		 */
-		public Builder scopes(Set<String> scopes) {
-			this.scopes = scopes;
-			return this;
-		}
-
-		/**
-		 * Sets the refresh token associated to the access token.
-		 *
-		 * @param refreshToken the refresh token associated to the access token.
-		 * @return the {@link Builder}
-		 */
-		public Builder refreshToken(String refreshToken) {
-			this.refreshToken = refreshToken;
-			return this;
-		}
-
-		/**
-		 * Sets the additional parameters returned in the response.
-		 *
-		 * @param additionalParameters the additional parameters returned in the response
-		 * @return the {@link Builder}
-		 */
-		public Builder additionalParameters(Map<String, Object> additionalParameters) {
-			this.additionalParameters = additionalParameters;
-			return this;
-		}
-
-		/**
-		 * Builds a new {@link OAuth2AccessTokenResponse}.
-		 *
-		 * @return a {@link OAuth2AccessTokenResponse}
-		 */
-		public OAuth2AccessTokenResponse build() {
-			Instant issuedAt = getIssuedAt();
-
-			Instant expiresAt = getExpiresAt();
-
-			OAuth2AccessTokenResponse accessTokenResponse = new OAuth2AccessTokenResponse();
-			accessTokenResponse.accessToken = new OAuth2AccessToken(
-				this.tokenType, this.tokenValue, issuedAt, expiresAt, this.scopes);
-			if (StringUtils.hasText(this.refreshToken)) {
-				accessTokenResponse.refreshToken = new OAuth2RefreshToken(this.refreshToken, issuedAt);
-			}
-			accessTokenResponse.additionalParameters = Collections.unmodifiableMap(
-				CollectionUtils.isEmpty(this.additionalParameters) ? Collections.emptyMap() : this.additionalParameters);
-			return accessTokenResponse;
-		}
-
-		private Instant getIssuedAt() {
-			if (this.issuedAt == null) {
-				this.issuedAt = Instant.now();
-			}
-			return this.issuedAt;
-		}
-
-		/**
-		 * expires_in is RECOMMENDED, as per spec https://tools.ietf.org/html/rfc6749#section-5.1
-		 * Therefore, expires_in may not be returned in the Access Token response which would result in the default value of 0.
-		 * For these instances, default the expiresAt to +1 second from issuedAt time.
-		 * @return
-		 */
-		private Instant getExpiresAt() {
-			if (this.expiresAt == null) {
-				Instant issuedAt = getIssuedAt();
-				this.expiresAt = this.expiresIn > 0 ?
-								issuedAt.plusSeconds(this.expiresIn) :
-								issuedAt.plusSeconds(1);
-			}
-			return this.expiresAt;
-		}
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java
deleted file mode 100644
index e17c9ae0..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.endpoint;
-
-import org.springframework.util.Assert;
-
-/**
- * An &quot;exchange&quot; of an OAuth 2.0 Authorization Request and Response
- * for the authorization code grant type.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see OAuth2AuthorizationRequest
- * @see OAuth2AuthorizationResponse
- */
-public final class OAuth2AuthorizationExchange {
-	private final OAuth2AuthorizationRequest authorizationRequest;
-	private final OAuth2AuthorizationResponse authorizationResponse;
-
-	/**
-	 * Constructs a new {@code OAuth2AuthorizationExchange} with the provided
-	 * Authorization Request and Authorization Response.
-	 *
-	 * @param authorizationRequest the {@link OAuth2AuthorizationRequest Authorization Request}
-	 * @param authorizationResponse the {@link OAuth2AuthorizationResponse Authorization Response}
-	 */
-	public OAuth2AuthorizationExchange(OAuth2AuthorizationRequest authorizationRequest,
-										OAuth2AuthorizationResponse authorizationResponse) {
-		Assert.notNull(authorizationRequest, "authorizationRequest cannot be null");
-		Assert.notNull(authorizationResponse, "authorizationResponse cannot be null");
-		this.authorizationRequest = authorizationRequest;
-		this.authorizationResponse = authorizationResponse;
-	}
-
-	/**
-	 * Returns the {@link OAuth2AuthorizationRequest Authorization Request}.
-	 *
-	 * @return the {@link OAuth2AuthorizationRequest}
-	 */
-	public OAuth2AuthorizationRequest getAuthorizationRequest() {
-		return this.authorizationRequest;
-	}
-
-	/**
-	 * Returns the {@link OAuth2AuthorizationResponse Authorization Response}.
-	 *
-	 * @return the {@link OAuth2AuthorizationResponse}
-	 */
-	public OAuth2AuthorizationResponse getAuthorizationResponse() {
-		return this.authorizationResponse;
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
deleted file mode 100644
index a8eb477f..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
+++ /dev/null
@@ -1,405 +0,0 @@
-/*
- * Copyright 2002-2019 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.endpoint;
-
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.security.oauth2.core.AuthorizationGrantType;
-import org.springframework.util.Assert;
-import org.springframework.util.CollectionUtils;
-import org.springframework.util.LinkedMultiValueMap;
-import org.springframework.util.MultiValueMap;
-import org.springframework.util.StringUtils;
-import org.springframework.web.util.UriComponentsBuilder;
-
-import java.io.Serializable;
-import java.nio.charset.StandardCharsets;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.LinkedHashMap;
-import java.util.LinkedHashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.stream.Collectors;
-
-/**
- * A representation of an OAuth 2.0 Authorization Request
- * for the authorization code grant type or implicit grant type.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see AuthorizationGrantType
- * @see OAuth2AuthorizationResponseType
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Code Grant Request</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.2.1">Section 4.2.1 Implicit Grant Request</a>
- */
-public final class OAuth2AuthorizationRequest implements Serializable {
-	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
-	private String authorizationUri;
-	private AuthorizationGrantType authorizationGrantType;
-	private OAuth2AuthorizationResponseType responseType;
-	private String clientId;
-	private String redirectUri;
-	private Set<String> scopes;
-	private String state;
-	private Map<String, Object> additionalParameters;
-	private String authorizationRequestUri;
-	private Map<String, Object> attributes;
-
-	private OAuth2AuthorizationRequest() {
-	}
-
-	/**
-	 * Returns the uri for the authorization endpoint.
-	 *
-	 * @return the uri for the authorization endpoint
-	 */
-	public String getAuthorizationUri() {
-		return this.authorizationUri;
-	}
-
-	/**
-	 * Returns the {@link AuthorizationGrantType grant type}.
-	 *
-	 * @return the {@link AuthorizationGrantType}
-	 */
-	public AuthorizationGrantType getGrantType() {
-		return this.authorizationGrantType;
-	}
-
-	/**
-	 * Returns the {@link OAuth2AuthorizationResponseType response type}.
-	 *
-	 * @return the {@link OAuth2AuthorizationResponseType}
-	 */
-	public OAuth2AuthorizationResponseType getResponseType() {
-		return this.responseType;
-	}
-
-	/**
-	 * Returns the client identifier.
-	 *
-	 * @return the client identifier
-	 */
-	public String getClientId() {
-		return this.clientId;
-	}
-
-	/**
-	 * Returns the uri for the redirection endpoint.
-	 *
-	 * @return the uri for the redirection endpoint
-	 */
-	public String getRedirectUri() {
-		return this.redirectUri;
-	}
-
-	/**
-	 * Returns the scope(s).
-	 *
-	 * @return the scope(s)
-	 */
-	public Set<String> getScopes() {
-		return this.scopes;
-	}
-
-	/**
-	 * Returns the state.
-	 *
-	 * @return the state
-	 */
-	public String getState() {
-		return this.state;
-	}
-
-	/**
-	 * Returns the additional parameters used in the request.
-	 *
-	 * @return a {@code Map} of the additional parameters used in the request
-	 */
-	public Map<String, Object> getAdditionalParameters() {
-		return this.additionalParameters;
-	}
-
-	/**
-	 * Returns the attributes associated to the request.
-	 *
-	 * @since 5.2
-	 * @return a {@code Map} of the attributes associated to the request
-	 */
-	public Map<String, Object> getAttributes() {
-		return this.attributes;
-	}
-
-	/**
-	 * Returns the value of an attribute associated to the request, or {@code null} if not available.
-	 *
-	 * @since 5.2
-	 * @param name the name of the attribute
-	 * @param <T> the type of the attribute
-	 * @return the value of the attribute associated to the request
-	 */
-	@SuppressWarnings("unchecked")
-	public <T> T getAttribute(String name) {
-		return (T) this.getAttributes().get(name);
-	}
-
-	/**
-	 * Returns the {@code URI} string representation of the OAuth 2.0 Authorization Request.
-	 *
-	 * <p>
-	 * <b>NOTE:</b> The {@code URI} string is encoded in the
-	 * {@code application/x-www-form-urlencoded} MIME format.
-	 *
-	 * @since 5.1
-	 * @return the {@code URI} string representation of the OAuth 2.0 Authorization Request
-	 */
-	public String getAuthorizationRequestUri() {
-		return this.authorizationRequestUri;
-	}
-
-	/**
-	 * Returns a new {@link Builder}, initialized with the authorization code grant type.
-	 *
-	 * @return the {@link Builder}
-	 */
-	public static Builder authorizationCode() {
-		return new Builder(AuthorizationGrantType.AUTHORIZATION_CODE);
-	}
-
-	/**
-	 * Returns a new {@link Builder}, initialized with the implicit grant type.
-	 *
-	 * @return the {@link Builder}
-	 */
-	public static Builder implicit() {
-		return new Builder(AuthorizationGrantType.IMPLICIT);
-	}
-
-	/**
-	 * Returns a new {@link Builder}, initialized with the values
-	 * from the provided {@code authorizationRequest}.
-	 *
-	 * @since 5.1
-	 * @param authorizationRequest the authorization request used for initializing the {@link Builder}
-	 * @return the {@link Builder}
-	 */
-	public static Builder from(OAuth2AuthorizationRequest authorizationRequest) {
-		Assert.notNull(authorizationRequest, "authorizationRequest cannot be null");
-
-		return new Builder(authorizationRequest.getGrantType())
-				.authorizationUri(authorizationRequest.getAuthorizationUri())
-				.clientId(authorizationRequest.getClientId())
-				.redirectUri(authorizationRequest.getRedirectUri())
-				.scopes(authorizationRequest.getScopes())
-				.state(authorizationRequest.getState())
-				.additionalParameters(authorizationRequest.getAdditionalParameters())
-				.attributes(authorizationRequest.getAttributes());
-	}
-
-	/**
-	 * A builder for {@link OAuth2AuthorizationRequest}.
-	 */
-	public static class Builder {
-		private String authorizationUri;
-		private AuthorizationGrantType authorizationGrantType;
-		private OAuth2AuthorizationResponseType responseType;
-		private String clientId;
-		private String redirectUri;
-		private Set<String> scopes;
-		private String state;
-		private Map<String, Object> additionalParameters;
-		private String authorizationRequestUri;
-		private Map<String, Object> attributes;
-
-		private Builder(AuthorizationGrantType authorizationGrantType) {
-			Assert.notNull(authorizationGrantType, "authorizationGrantType cannot be null");
-			this.authorizationGrantType = authorizationGrantType;
-			if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(authorizationGrantType)) {
-				this.responseType = OAuth2AuthorizationResponseType.CODE;
-			} else if (AuthorizationGrantType.IMPLICIT.equals(authorizationGrantType)) {
-				this.responseType = OAuth2AuthorizationResponseType.TOKEN;
-			}
-		}
-
-		/**
-		 * Sets the uri for the authorization endpoint.
-		 *
-		 * @param authorizationUri the uri for the authorization endpoint
-		 * @return the {@link Builder}
-		 */
-		public Builder authorizationUri(String authorizationUri) {
-			this.authorizationUri = authorizationUri;
-			return this;
-		}
-
-		/**
-		 * Sets the client identifier.
-		 *
-		 * @param clientId the client identifier
-		 * @return the {@link Builder}
-		 */
-		public Builder clientId(String clientId) {
-			this.clientId = clientId;
-			return this;
-		}
-
-		/**
-		 * Sets the uri for the redirection endpoint.
-		 *
-		 * @param redirectUri the uri for the redirection endpoint
-		 * @return the {@link Builder}
-		 */
-		public Builder redirectUri(String redirectUri) {
-			this.redirectUri = redirectUri;
-			return this;
-		}
-
-		/**
-		 * Sets the scope(s).
-		 *
-		 * @param scope the scope(s)
-		 * @return the {@link Builder}
-		 */
-		public Builder scope(String... scope) {
-			if (scope != null && scope.length > 0) {
-				return this.scopes(Arrays.stream(scope).collect(
-					Collectors.toCollection(LinkedHashSet::new)));
-			}
-			return this;
-		}
-
-		/**
-		 * Sets the scope(s).
-		 *
-		 * @param scopes the scope(s)
-		 * @return the {@link Builder}
-		 */
-		public Builder scopes(Set<String> scopes) {
-			this.scopes = scopes;
-			return this;
-		}
-
-		/**
-		 * Sets the state.
-		 *
-		 * @param state the state
-		 * @return the {@link Builder}
-		 */
-		public Builder state(String state) {
-			this.state = state;
-			return this;
-		}
-
-		/**
-		 * Sets the additional parameters used in the request.
-		 *
-		 * @param additionalParameters the additional parameters used in the request
-		 * @return the {@link Builder}
-		 */
-		public Builder additionalParameters(Map<String, Object> additionalParameters) {
-			this.additionalParameters = additionalParameters;
-			return this;
-		}
-
-		/**
-		 * Sets the attributes associated to the request.
-		 *
-		 * @since 5.2
-		 * @param attributes the attributes associated to the request
-		 * @return the {@link Builder}
-		 */
-		public Builder attributes(Map<String, Object> attributes) {
-			this.attributes = attributes;
-			return this;
-		}
-
-		/**
-		 * Sets the {@code URI} string representation of the OAuth 2.0 Authorization Request.
-		 *
-		 * <p>
-		 * <b>NOTE:</b> The {@code URI} string is <b>required</b> to be encoded in the
-		 * {@code application/x-www-form-urlencoded} MIME format.
-		 *
-		 * @since 5.1
-		 * @param authorizationRequestUri the {@code URI} string representation of the OAuth 2.0 Authorization Request
-		 * @return the {@link Builder}
-		 */
-		public Builder authorizationRequestUri(String authorizationRequestUri) {
-			this.authorizationRequestUri = authorizationRequestUri;
-			return this;
-		}
-
-		/**
-		 * Builds a new {@link OAuth2AuthorizationRequest}.
-		 *
-		 * @return a {@link OAuth2AuthorizationRequest}
-		 */
-		public OAuth2AuthorizationRequest build() {
-			Assert.hasText(this.authorizationUri, "authorizationUri cannot be empty");
-			Assert.hasText(this.clientId, "clientId cannot be empty");
-			if (AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType)) {
-				Assert.hasText(this.redirectUri, "redirectUri cannot be empty");
-			}
-
-			OAuth2AuthorizationRequest authorizationRequest = new OAuth2AuthorizationRequest();
-			authorizationRequest.authorizationUri = this.authorizationUri;
-			authorizationRequest.authorizationGrantType = this.authorizationGrantType;
-			authorizationRequest.responseType = this.responseType;
-			authorizationRequest.clientId = this.clientId;
-			authorizationRequest.redirectUri = this.redirectUri;
-			authorizationRequest.state = this.state;
-			authorizationRequest.scopes = Collections.unmodifiableSet(
-				CollectionUtils.isEmpty(this.scopes) ?
-					Collections.emptySet() : new LinkedHashSet<>(this.scopes));
-			authorizationRequest.additionalParameters = Collections.unmodifiableMap(
-				CollectionUtils.isEmpty(this.additionalParameters) ?
-					Collections.emptyMap() : new LinkedHashMap<>(this.additionalParameters));
-			authorizationRequest.authorizationRequestUri =
-					StringUtils.hasText(this.authorizationRequestUri) ?
-						this.authorizationRequestUri : this.buildAuthorizationRequestUri();
-			authorizationRequest.attributes = Collections.unmodifiableMap(
-					CollectionUtils.isEmpty(this.attributes) ?
-							Collections.emptyMap() : new LinkedHashMap<>(this.attributes));
-
-			return authorizationRequest;
-		}
-
-		private String buildAuthorizationRequestUri() {
-			MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>();
-			parameters.set(OAuth2ParameterNames.RESPONSE_TYPE, this.responseType.getValue());
-			parameters.set(OAuth2ParameterNames.CLIENT_ID, this.clientId);
-			if (!CollectionUtils.isEmpty(this.scopes)) {
-				parameters.set(OAuth2ParameterNames.SCOPE,
-						StringUtils.collectionToDelimitedString(this.scopes, " "));
-			}
-			if (this.state != null) {
-				parameters.set(OAuth2ParameterNames.STATE, this.state);
-			}
-			if (this.redirectUri != null) {
-				parameters.set(OAuth2ParameterNames.REDIRECT_URI, this.redirectUri);
-			}
-			if (!CollectionUtils.isEmpty(this.additionalParameters)) {
-				this.additionalParameters.forEach((k, v) -> parameters.set(k, v.toString()));
-			}
-
-			return UriComponentsBuilder.fromHttpUrl(this.authorizationUri)
-					.queryParams(parameters)
-					.encode(StandardCharsets.UTF_8)
-					.build()
-					.toUriString();
-		}
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
deleted file mode 100644
index 1e34de0a..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
+++ /dev/null
@@ -1,218 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.endpoint;
-
-import org.springframework.security.oauth2.core.OAuth2Error;
-import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
-
-/**
- * A representation of an OAuth 2.0 Authorization Response for the authorization code grant type.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see OAuth2Error
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization Response</a>
- */
-public final class OAuth2AuthorizationResponse {
-	private String redirectUri;
-	private String state;
-	private String code;
-	private OAuth2Error error;
-
-	private OAuth2AuthorizationResponse() {
-	}
-
-	/**
-	 * Returns the uri where the response was redirected to.
-	 *
-	 * @return the uri where the response was redirected to
-	 */
-	public String getRedirectUri() {
-		return this.redirectUri;
-	}
-
-	/**
-	 * Returns the state.
-	 *
-	 * @return the state
-	 */
-	public String getState() {
-		return this.state;
-	}
-
-	/**
-	 * Returns the authorization code.
-	 *
-	 * @return the authorization code
-	 */
-	public String getCode() {
-		return this.code;
-	}
-
-	/**
-	 * Returns the {@link OAuth2Error OAuth 2.0 Error} if the Authorization Request failed, otherwise {@code null}.
-	 *
-	 * @return the {@link OAuth2Error} if the Authorization Request failed, otherwise {@code null}
-	 */
-	public OAuth2Error getError() {
-		return this.error;
-	}
-
-	/**
-	 * Returns {@code true} if the Authorization Request succeeded, otherwise {@code false}.
-	 *
-	 * @return {@code true} if the Authorization Request succeeded, otherwise {@code false}
-	 */
-	public boolean statusOk() {
-		return !this.statusError();
-	}
-
-	/**
-	 * Returns {@code true} if the Authorization Request failed, otherwise {@code false}.
-	 *
-	 * @return {@code true} if the Authorization Request failed, otherwise {@code false}
-	 */
-	public boolean statusError() {
-		return (this.error != null && this.error.getErrorCode() != null);
-	}
-
-	/**
-	 * Returns a new {@link Builder}, initialized with the authorization code.
-	 *
-	 * @param code the authorization code
-	 * @return the {@link Builder}
-	 */
-	public static Builder success(String code) {
-		Assert.hasText(code, "code cannot be empty");
-		return new Builder().code(code);
-	}
-
-	/**
-	 * Returns a new {@link Builder}, initialized with the error code.
-	 *
-	 * @param errorCode the error code
-	 * @return the {@link Builder}
-	 */
-	public static Builder error(String errorCode) {
-		Assert.hasText(errorCode, "errorCode cannot be empty");
-		return new Builder().errorCode(errorCode);
-	}
-
-	/**
-	 * A builder for {@link OAuth2AuthorizationResponse}.
-	 */
-	public static class Builder {
-		private String redirectUri;
-		private String state;
-		private String code;
-		private String errorCode;
-		private String errorDescription;
-		private String errorUri;
-
-		private Builder() {
-		}
-
-		/**
-		 * Sets the uri where the response was redirected to.
-		 *
-		 * @param redirectUri the uri where the response was redirected to
-		 * @return the {@link Builder}
-		 */
-		public Builder redirectUri(String redirectUri) {
-			this.redirectUri = redirectUri;
-			return this;
-		}
-
-		/**
-		 * Sets the state.
-		 *
-		 * @param state the state
-		 * @return the {@link Builder}
-		 */
-		public Builder state(String state) {
-			this.state = state;
-			return this;
-		}
-
-		/**
-		 * Sets the authorization code.
-		 *
-		 * @param code the authorization code
-		 * @return the {@link Builder}
-		 */
-		public Builder code(String code) {
-			this.code = code;
-			return this;
-		}
-
-		/**
-		 * Sets the error code.
-		 *
-		 * @param errorCode the error code
-		 * @return the {@link Builder}
-		 */
-		public Builder errorCode(String errorCode) {
-			this.errorCode = errorCode;
-			return this;
-		}
-
-		/**
-		 * Sets the error description.
-		 *
-		 * @param errorDescription the error description
-		 * @return the {@link Builder}
-		 */
-		public Builder errorDescription(String errorDescription) {
-			this.errorDescription = errorDescription;
-			return this;
-		}
-
-		/**
-		 * Sets the error uri.
-		 *
-		 * @param errorUri the error uri
-		 * @return the {@link Builder}
-		 */
-		public Builder errorUri(String errorUri) {
-			this.errorUri = errorUri;
-			return this;
-		}
-
-		/**
-		 * Builds a new {@link OAuth2AuthorizationResponse}.
-		 *
-		 * @return a {@link OAuth2AuthorizationResponse}
-		 */
-		public OAuth2AuthorizationResponse build() {
-			if (StringUtils.hasText(this.code) && StringUtils.hasText(this.errorCode)) {
-				throw new IllegalArgumentException("code and errorCode cannot both be set");
-			}
-			Assert.hasText(this.redirectUri, "redirectUri cannot be empty");
-
-			OAuth2AuthorizationResponse authorizationResponse = new OAuth2AuthorizationResponse();
-			authorizationResponse.redirectUri = this.redirectUri;
-			authorizationResponse.state = this.state;
-			if (StringUtils.hasText(this.code)) {
-				authorizationResponse.code = this.code;
-			} else {
-				authorizationResponse.error = new OAuth2Error(
-					this.errorCode, this.errorDescription, this.errorUri);
-			}
-			return authorizationResponse;
-		}
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java
deleted file mode 100644
index ffcdb432..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.endpoint;
-
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.util.Assert;
-
-import java.io.Serializable;
-
-/**
- * The {@code response_type} parameter is consumed by the authorization endpoint which
- * is used by the authorization code grant type and implicit grant type.
- * The client sets the {@code response_type} parameter with the desired grant type before initiating the authorization request.
- *
- * <p>
- * The {@code response_type} parameter value may be one of &quot;code&quot; for requesting an authorization code or
- * &quot;token&quot; for requesting an access token (implicit grant).
-
- * @author Joe Grandja
- * @since 5.0
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-3.1.1">Section 3.1.1 Response Type</a>
- */
-public final class OAuth2AuthorizationResponseType implements Serializable {
-	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
-	public static final OAuth2AuthorizationResponseType CODE = new OAuth2AuthorizationResponseType("code");
-	public static final OAuth2AuthorizationResponseType TOKEN = new OAuth2AuthorizationResponseType("token");
-	private final String value;
-
-	private OAuth2AuthorizationResponseType(String value) {
-		Assert.hasText(value, "value cannot be empty");
-		this.value = value;
-	}
-
-	/**
-	 * Returns the value of the authorization response type.
-	 *
-	 * @return the value of the authorization response type
-	 */
-	public String getValue() {
-		return this.value;
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj) {
-			return true;
-		}
-		if (obj == null || this.getClass() != obj.getClass()) {
-			return false;
-		}
-		OAuth2AuthorizationResponseType that = (OAuth2AuthorizationResponseType) obj;
-		return this.getValue().equals(that.getValue());
-	}
-
-	@Override
-	public int hashCode() {
-		return this.getValue().hashCode();
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2ParameterNames.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2ParameterNames.java
deleted file mode 100644
index b09814fb..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2ParameterNames.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.endpoint;
-
-/**
- * Standard and custom (non-standard) parameter names defined in the OAuth Parameters Registry
- * and used by the authorization endpoint and token endpoint.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-11.2">11.2 OAuth Parameters Registry</a>
- */
-public interface OAuth2ParameterNames {
-
-	/**
-	 * {@code grant_type} - used in Access Token Request.
-	 */
-	String GRANT_TYPE = "grant_type";
-
-	/**
-	 * {@code response_type} - used in Authorization Request.
-	 */
-	String RESPONSE_TYPE = "response_type";
-
-	/**
-	 * {@code client_id} - used in Authorization Request and Access Token Request.
-	 */
-	String CLIENT_ID = "client_id";
-
-	/**
-	 * {@code client_secret} - used in Access Token Request.
-	 */
-	String CLIENT_SECRET = "client_secret";
-
-	/**
-	 * {@code redirect_uri} - used in Authorization Request and Access Token Request.
-	 */
-	String REDIRECT_URI = "redirect_uri";
-
-	/**
-	 * {@code scope} - used in Authorization Request, Authorization Response, Access Token Request and Access Token Response.
-	 */
-	String SCOPE = "scope";
-
-	/**
-	 * {@code state} - used in Authorization Request and Authorization Response.
-	 */
-	String STATE = "state";
-
-	/**
-	 * {@code code} - used in Authorization Response and Access Token Request.
-	 */
-	String CODE = "code";
-
-	/**
-	 * {@code access_token} - used in Authorization Response and Access Token Response.
-	 */
-	String ACCESS_TOKEN = "access_token";
-
-	/**
-	 * {@code token_type} - used in Authorization Response and Access Token Response.
-	 */
-	String TOKEN_TYPE = "token_type";
-
-	/**
-	 * {@code expires_in} - used in Authorization Response and Access Token Response.
-	 */
-	String EXPIRES_IN = "expires_in";
-
-	/**
-	 * {@code refresh_token} - used in Access Token Request and Access Token Response.
-	 */
-	String REFRESH_TOKEN = "refresh_token";
-
-	/**
-	 * {@code error} - used in Authorization Response and Access Token Response.
-	 */
-	String ERROR = "error";
-
-	/**
-	 * {@code error_description} - used in Authorization Response and Access Token Response.
-	 */
-	String ERROR_DESCRIPTION = "error_description";
-
-	/**
-	 * {@code error_uri} - used in Authorization Response and Access Token Response.
-	 */
-	String ERROR_URI = "error_uri";
-
-	/**
-	 * Non-standard parameter (used internally).
-	 */
-	String REGISTRATION_ID = "registration_id";
-
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/PkceParameterNames.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/PkceParameterNames.java
deleted file mode 100644
index d258a558..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/PkceParameterNames.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2002-2019 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.endpoint;
-
-/**
- * Standard parameter names defined in the OAuth Parameters Registry
- * and used by the authorization endpoint and token endpoint.
- *
- * @author Stephen Doxsee
- * @author Kevin Bolduc
- * @since 5.2
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc7636#section-6.1">6.1 OAuth Parameters Registry</a>
- */
-public interface PkceParameterNames {
-
-	/**
-	 * {@code code_challenge} - used in Authorization Request.
-	 */
-	String CODE_CHALLENGE = "code_challenge";
-
-	/**
-	 * {@code code_challenge_method} - used in Authorization Request.
-	 */
-	String CODE_CHALLENGE_METHOD = "code_challenge_method";
-
-	/**
-	 * {@code code_verifier} - used in Token Request.
-	 */
-	String CODE_VERIFIER = "code_verifier";
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/package-info.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/package-info.java
deleted file mode 100644
index 6c214c76..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/endpoint/package-info.java
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * Support classes that model the OAuth 2.0 Request and Response messages
- * from the Authorization Endpoint and Token Endpoint.
- */
-package org.springframework.security.oauth2.core.endpoint;
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java
deleted file mode 100644
index 799599a1..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/http/converter/HttpMessageConverters.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.http.converter;
-
-import org.springframework.http.converter.GenericHttpMessageConverter;
-import org.springframework.http.converter.HttpMessageConverter;
-import org.springframework.http.converter.json.GsonHttpMessageConverter;
-import org.springframework.http.converter.json.JsonbHttpMessageConverter;
-import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
-import org.springframework.util.ClassUtils;
-
-/**
- * Utility methods for {@link HttpMessageConverter}'s.
- *
- * @author Joe Grandja
- * @since 5.1
- */
-final class HttpMessageConverters {
-	private static final boolean jackson2Present;
-	private static final boolean gsonPresent;
-	private static final boolean jsonbPresent;
-
-	static {
-		ClassLoader classLoader = HttpMessageConverters.class.getClassLoader();
-		jackson2Present = ClassUtils.isPresent("com.fasterxml.jackson.databind.ObjectMapper", classLoader) &&
-				ClassUtils.isPresent("com.fasterxml.jackson.core.JsonGenerator", classLoader);
-		gsonPresent = ClassUtils.isPresent("com.google.gson.Gson", classLoader);
-		jsonbPresent = ClassUtils.isPresent("javax.json.bind.Jsonb", classLoader);
-	}
-
-	static GenericHttpMessageConverter<Object> getJsonMessageConverter() {
-		if (jackson2Present) {
-			return new MappingJackson2HttpMessageConverter();
-		} else if (gsonPresent) {
-			return new GsonHttpMessageConverter();
-		} else if (jsonbPresent) {
-			return new JsonbHttpMessageConverter();
-		}
-		return null;
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
deleted file mode 100644
index 75a6718b..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2AccessTokenResponseHttpMessageConverter.java
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.http.converter;
-
-import org.springframework.core.ParameterizedTypeReference;
-import org.springframework.core.convert.converter.Converter;
-import org.springframework.http.HttpInputMessage;
-import org.springframework.http.HttpOutputMessage;
-import org.springframework.http.MediaType;
-import org.springframework.http.converter.AbstractHttpMessageConverter;
-import org.springframework.http.converter.GenericHttpMessageConverter;
-import org.springframework.http.converter.HttpMessageConverter;
-import org.springframework.http.converter.HttpMessageNotReadableException;
-import org.springframework.http.converter.HttpMessageNotWritableException;
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
-import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
-import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
-import org.springframework.util.Assert;
-import org.springframework.util.CollectionUtils;
-import org.springframework.util.StringUtils;
-
-import java.io.IOException;
-import java.nio.charset.Charset;
-import java.nio.charset.StandardCharsets;
-import java.time.Instant;
-import java.time.temporal.ChronoUnit;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.Set;
-import java.util.stream.Collectors;
-import java.util.stream.Stream;
-
-/**
- * A {@link HttpMessageConverter} for an {@link OAuth2AccessTokenResponse OAuth 2.0 Access Token Response}.
- *
- * @see AbstractHttpMessageConverter
- * @see OAuth2AccessTokenResponse
- * @author Joe Grandja
- * @since 5.1
- */
-public class OAuth2AccessTokenResponseHttpMessageConverter extends AbstractHttpMessageConverter<OAuth2AccessTokenResponse> {
-	private static final Charset DEFAULT_CHARSET = StandardCharsets.UTF_8;
-
-	private static final ParameterizedTypeReference<Map<String, String>> PARAMETERIZED_RESPONSE_TYPE =
-			new ParameterizedTypeReference<Map<String, String>>() {};
-
-	private GenericHttpMessageConverter<Object> jsonMessageConverter = HttpMessageConverters.getJsonMessageConverter();
-
-	protected Converter<Map<String, String>, OAuth2AccessTokenResponse> tokenResponseConverter =
-			new OAuth2AccessTokenResponseConverter();
-
-	protected Converter<OAuth2AccessTokenResponse, Map<String, String>> tokenResponseParametersConverter =
-			new OAuth2AccessTokenResponseParametersConverter();
-
-	public OAuth2AccessTokenResponseHttpMessageConverter() {
-		super(DEFAULT_CHARSET, MediaType.APPLICATION_JSON, new MediaType("application", "*+json"));
-	}
-
-	@Override
-	protected boolean supports(Class<?> clazz) {
-		return OAuth2AccessTokenResponse.class.isAssignableFrom(clazz);
-	}
-
-	@Override
-	protected OAuth2AccessTokenResponse readInternal(Class<? extends OAuth2AccessTokenResponse> clazz, HttpInputMessage inputMessage)
-			throws IOException, HttpMessageNotReadableException {
-
-		try {
-			@SuppressWarnings("unchecked")
-			Map<String, String> tokenResponseParameters = (Map<String, String>) this.jsonMessageConverter.read(
-					PARAMETERIZED_RESPONSE_TYPE.getType(), null, inputMessage);
-			return this.tokenResponseConverter.convert(tokenResponseParameters);
-		} catch (Exception ex) {
-			throw new HttpMessageNotReadableException("An error occurred reading the OAuth 2.0 Access Token Response: " +
-					ex.getMessage(), ex, inputMessage);
-		}
-	}
-
-	@Override
-	protected void writeInternal(OAuth2AccessTokenResponse tokenResponse, HttpOutputMessage outputMessage)
-			throws IOException, HttpMessageNotWritableException {
-
-		try {
-			Map<String, String> tokenResponseParameters = this.tokenResponseParametersConverter.convert(tokenResponse);
-			this.jsonMessageConverter.write(
-					tokenResponseParameters, PARAMETERIZED_RESPONSE_TYPE.getType(), MediaType.APPLICATION_JSON, outputMessage);
-		} catch (Exception ex) {
-			throw new HttpMessageNotWritableException("An error occurred writing the OAuth 2.0 Access Token Response: " + ex.getMessage(), ex);
-		}
-	}
-
-	/**
-	 * Sets the {@link Converter} used for converting the OAuth 2.0 Access Token Response parameters
-	 * to an {@link OAuth2AccessTokenResponse}.
-	 *
-	 * @param tokenResponseConverter the {@link Converter} used for converting to an {@link OAuth2AccessTokenResponse}
-	 */
-	public final void setTokenResponseConverter(Converter<Map<String, String>, OAuth2AccessTokenResponse> tokenResponseConverter) {
-		Assert.notNull(tokenResponseConverter, "tokenResponseConverter cannot be null");
-		this.tokenResponseConverter = tokenResponseConverter;
-	}
-
-	/**
-	 * Sets the {@link Converter} used for converting the {@link OAuth2AccessTokenResponse}
-	 * to a {@code Map} representation of the OAuth 2.0 Access Token Response parameters.
-	 *
-	 * @param tokenResponseParametersConverter the {@link Converter} used for converting to a {@code Map} representation of the Access Token Response parameters
-	 */
-	public final void setTokenResponseParametersConverter(Converter<OAuth2AccessTokenResponse, Map<String, String>> tokenResponseParametersConverter) {
-		Assert.notNull(tokenResponseParametersConverter, "tokenResponseParametersConverter cannot be null");
-		this.tokenResponseParametersConverter = tokenResponseParametersConverter;
-	}
-
-	/**
-	 * A {@link Converter} that converts the provided
-	 * OAuth 2.0 Access Token Response parameters to an {@link OAuth2AccessTokenResponse}.
-	 */
-	private static class OAuth2AccessTokenResponseConverter implements Converter<Map<String, String>, OAuth2AccessTokenResponse> {
-		private static final Set<String> TOKEN_RESPONSE_PARAMETER_NAMES = Stream.of(
-				OAuth2ParameterNames.ACCESS_TOKEN,
-				OAuth2ParameterNames.TOKEN_TYPE,
-				OAuth2ParameterNames.EXPIRES_IN,
-				OAuth2ParameterNames.REFRESH_TOKEN,
-				OAuth2ParameterNames.SCOPE).collect(Collectors.toSet());
-
-		@Override
-		public OAuth2AccessTokenResponse convert(Map<String, String> tokenResponseParameters) {
-			String accessToken = tokenResponseParameters.get(OAuth2ParameterNames.ACCESS_TOKEN);
-
-			OAuth2AccessToken.TokenType accessTokenType = null;
-			if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(
-					tokenResponseParameters.get(OAuth2ParameterNames.TOKEN_TYPE))) {
-				accessTokenType = OAuth2AccessToken.TokenType.BEARER;
-			}
-
-			long expiresIn = 0;
-			if (tokenResponseParameters.containsKey(OAuth2ParameterNames.EXPIRES_IN)) {
-				try {
-					expiresIn = Long.valueOf(tokenResponseParameters.get(OAuth2ParameterNames.EXPIRES_IN));
-				} catch (NumberFormatException ex) { }
-			}
-
-			Set<String> scopes = Collections.emptySet();
-			if (tokenResponseParameters.containsKey(OAuth2ParameterNames.SCOPE)) {
-				String scope = tokenResponseParameters.get(OAuth2ParameterNames.SCOPE);
-				scopes = Arrays.stream(StringUtils.delimitedListToStringArray(scope, " ")).collect(Collectors.toSet());
-			}
-
-			String refreshToken = tokenResponseParameters.get(OAuth2ParameterNames.REFRESH_TOKEN);
-
-			Map<String, Object> additionalParameters = new LinkedHashMap<>();
-			tokenResponseParameters.entrySet().stream()
-					.filter(e -> !TOKEN_RESPONSE_PARAMETER_NAMES.contains(e.getKey()))
-					.forEach(e -> additionalParameters.put(e.getKey(), e.getValue()));
-
-			return OAuth2AccessTokenResponse.withToken(accessToken)
-					.tokenType(accessTokenType)
-					.expiresIn(expiresIn)
-					.scopes(scopes)
-					.refreshToken(refreshToken)
-					.additionalParameters(additionalParameters)
-					.build();
-		}
-	}
-
-	/**
-	 * A {@link Converter} that converts the provided {@link OAuth2AccessTokenResponse}
-	 * to a {@code Map} representation of the OAuth 2.0 Access Token Response parameters.
-	 */
-	private static class OAuth2AccessTokenResponseParametersConverter implements Converter<OAuth2AccessTokenResponse, Map<String, String>> {
-
-		@Override
-		public Map<String, String> convert(OAuth2AccessTokenResponse tokenResponse) {
-			Map<String, String> parameters = new HashMap<>();
-
-			long expiresIn = -1;
-			if (tokenResponse.getAccessToken().getExpiresAt() != null) {
-				expiresIn = ChronoUnit.SECONDS.between(Instant.now(), tokenResponse.getAccessToken().getExpiresAt());
-			}
-
-			parameters.put(OAuth2ParameterNames.ACCESS_TOKEN, tokenResponse.getAccessToken().getTokenValue());
-			parameters.put(OAuth2ParameterNames.TOKEN_TYPE, tokenResponse.getAccessToken().getTokenType().getValue());
-			parameters.put(OAuth2ParameterNames.EXPIRES_IN, String.valueOf(expiresIn));
-			if (!CollectionUtils.isEmpty(tokenResponse.getAccessToken().getScopes())) {
-				parameters.put(OAuth2ParameterNames.SCOPE,
-						StringUtils.collectionToDelimitedString(tokenResponse.getAccessToken().getScopes(), " "));
-			}
-			if (tokenResponse.getRefreshToken() != null) {
-				parameters.put(OAuth2ParameterNames.REFRESH_TOKEN, tokenResponse.getRefreshToken().getTokenValue());
-			}
-			if (!CollectionUtils.isEmpty(tokenResponse.getAdditionalParameters())) {
-				tokenResponse.getAdditionalParameters().entrySet().stream()
-						.forEach(e -> parameters.put(e.getKey(), e.getValue().toString()));
-			}
-
-			return parameters;
-		}
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
deleted file mode 100644
index b5f192b0..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/http/converter/OAuth2ErrorHttpMessageConverter.java
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.http.converter;
-
-import org.springframework.core.ParameterizedTypeReference;
-import org.springframework.core.convert.converter.Converter;
-import org.springframework.http.HttpInputMessage;
-import org.springframework.http.HttpOutputMessage;
-import org.springframework.http.MediaType;
-import org.springframework.http.converter.AbstractHttpMessageConverter;
-import org.springframework.http.converter.GenericHttpMessageConverter;
-import org.springframework.http.converter.HttpMessageConverter;
-import org.springframework.http.converter.HttpMessageNotReadableException;
-import org.springframework.http.converter.HttpMessageNotWritableException;
-import org.springframework.security.oauth2.core.OAuth2Error;
-import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
-import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
-
-import java.io.IOException;
-import java.nio.charset.Charset;
-import java.nio.charset.StandardCharsets;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * A {@link HttpMessageConverter} for an {@link OAuth2Error OAuth 2.0 Error}.
- *
- * @see AbstractHttpMessageConverter
- * @see OAuth2Error
- * @author Joe Grandja
- * @since 5.1
- */
-public class OAuth2ErrorHttpMessageConverter extends AbstractHttpMessageConverter<OAuth2Error> {
-	private static final Charset DEFAULT_CHARSET = StandardCharsets.UTF_8;
-
-	private static final ParameterizedTypeReference<Map<String, String>> PARAMETERIZED_RESPONSE_TYPE =
-			new ParameterizedTypeReference<Map<String, String>>() {};
-
-	private GenericHttpMessageConverter<Object> jsonMessageConverter = HttpMessageConverters.getJsonMessageConverter();
-
-	protected Converter<Map<String, String>, OAuth2Error> errorConverter = new OAuth2ErrorConverter();
-
-	protected Converter<OAuth2Error, Map<String, String>> errorParametersConverter = new OAuth2ErrorParametersConverter();
-
-	public OAuth2ErrorHttpMessageConverter() {
-		super(DEFAULT_CHARSET, MediaType.APPLICATION_JSON, new MediaType("application", "*+json"));
-	}
-
-	@Override
-	protected boolean supports(Class<?> clazz) {
-		return OAuth2Error.class.isAssignableFrom(clazz);
-	}
-
-	@Override
-	protected OAuth2Error readInternal(Class<? extends OAuth2Error> clazz, HttpInputMessage inputMessage)
-			throws IOException, HttpMessageNotReadableException {
-
-		try {
-			@SuppressWarnings("unchecked")
-			Map<String, String> errorParameters = (Map<String, String>) this.jsonMessageConverter.read(
-					PARAMETERIZED_RESPONSE_TYPE.getType(), null, inputMessage);
-			return this.errorConverter.convert(errorParameters);
-		} catch (Exception ex) {
-			throw new HttpMessageNotReadableException("An error occurred reading the OAuth 2.0 Error: " +
-					ex.getMessage(), ex, inputMessage);
-		}
-	}
-
-	@Override
-	protected void writeInternal(OAuth2Error oauth2Error, HttpOutputMessage outputMessage)
-			throws IOException, HttpMessageNotWritableException {
-
-		try {
-			Map<String, String> errorParameters = this.errorParametersConverter.convert(oauth2Error);
-			this.jsonMessageConverter.write(
-					errorParameters, PARAMETERIZED_RESPONSE_TYPE.getType(), MediaType.APPLICATION_JSON, outputMessage);
-		} catch (Exception ex) {
-			throw new HttpMessageNotWritableException("An error occurred writing the OAuth 2.0 Error: " + ex.getMessage(), ex);
-		}
-	}
-
-	/**
-	 * Sets the {@link Converter} used for converting the OAuth 2.0 Error parameters
-	 * to an {@link OAuth2Error}.
-	 *
-	 * @param errorConverter the {@link Converter} used for converting to an {@link OAuth2Error}
-	 */
-	public final void setErrorConverter(Converter<Map<String, String>, OAuth2Error> errorConverter) {
-		Assert.notNull(errorConverter, "errorConverter cannot be null");
-		this.errorConverter = errorConverter;
-	}
-
-	/**
-	 * Sets the {@link Converter} used for converting the {@link OAuth2Error}
-	 * to a {@code Map} representation of the OAuth 2.0 Error parameters.
-	 *
-	 * @param errorParametersConverter the {@link Converter} used for converting to a {@code Map} representation of the Error parameters
-	 */
-	public final void setErrorParametersConverter(Converter<OAuth2Error, Map<String, String>> errorParametersConverter) {
-		Assert.notNull(errorParametersConverter, "errorParametersConverter cannot be null");
-		this.errorParametersConverter = errorParametersConverter;
-	}
-
-	/**
-	 * A {@link Converter} that converts the provided
-	 * OAuth 2.0 Error parameters to an {@link OAuth2Error}.
-	 */
-	private static class OAuth2ErrorConverter implements Converter<Map<String, String>, OAuth2Error> {
-
-		@Override
-		public OAuth2Error convert(Map<String, String> parameters) {
-			String errorCode = parameters.get(OAuth2ParameterNames.ERROR);
-			String errorDescription = parameters.get(OAuth2ParameterNames.ERROR_DESCRIPTION);
-			String errorUri = parameters.get(OAuth2ParameterNames.ERROR_URI);
-
-			return new OAuth2Error(errorCode, errorDescription, errorUri);
-		}
-	}
-
-	/**
-	 * A {@link Converter} that converts the provided {@link OAuth2Error}
-	 * to a {@code Map} representation of OAuth 2.0 Error parameters.
-	 */
-	private static class OAuth2ErrorParametersConverter implements Converter<OAuth2Error, Map<String, String>> {
-
-		@Override
-		public Map<String, String> convert(OAuth2Error oauth2Error) {
-			Map<String, String> parameters = new HashMap<>();
-
-			parameters.put(OAuth2ParameterNames.ERROR, oauth2Error.getErrorCode());
-			if (StringUtils.hasText(oauth2Error.getDescription())) {
-				parameters.put(OAuth2ParameterNames.ERROR_DESCRIPTION, oauth2Error.getDescription());
-			}
-			if (StringUtils.hasText(oauth2Error.getUri())) {
-				parameters.put(OAuth2ParameterNames.ERROR_URI, oauth2Error.getUri());
-			}
-
-			return parameters;
-		}
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java
deleted file mode 100644
index 47037a31..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/AddressStandardClaim.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.oidc;
-
-/**
- * The Address Claim represents a physical mailing address defined by the OpenID Connect Core 1.0 specification
- * that can be returned either in the UserInfo Response or the ID Token.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim">Address Claim</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse">UserInfo Response</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
- */
-public interface AddressStandardClaim {
-
-	/**
-	 * Returns the full mailing address, formatted for display.
-	 *
-	 * @return the full mailing address
-	 */
-	String getFormatted();
-
-	/**
-	 * Returns the full street address, which may include house number, street name, P.O. Box, etc.
-	 *
-	 * @return the full street address
-	 */
-	String getStreetAddress();
-
-	/**
-	 * Returns the city or locality.
-	 *
-	 * @return the city or locality
-	 */
-	String getLocality();
-
-	/**
-	 * Returns the state, province, prefecture, or region.
-	 *
-	 * @return the state, province, prefecture, or region
-	 */
-	String getRegion();
-
-	/**
-	 * Returns the zip code or postal code.
-	 *
-	 * @return the zip code or postal code
-	 */
-	String getPostalCode();
-
-	/**
-	 * Returns the country.
-	 *
-	 * @return the country
-	 */
-	String getCountry();
-
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java
deleted file mode 100644
index 48e2fc8e..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/DefaultAddressStandardClaim.java
+++ /dev/null
@@ -1,228 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.oidc;
-
-import java.util.Map;
-
-/**
- * The default implementation of an {@link AddressStandardClaim Address Claim}.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see AddressStandardClaim
- */
-public final class DefaultAddressStandardClaim implements AddressStandardClaim {
-	private String formatted;
-	private String streetAddress;
-	private String locality;
-	private String region;
-	private String postalCode;
-	private String country;
-
-	private DefaultAddressStandardClaim() {
-	}
-
-	@Override
-	public String getFormatted() {
-		return this.formatted;
-	}
-
-	@Override
-	public String getStreetAddress() {
-		return this.streetAddress;
-	}
-
-	@Override
-	public String getLocality() {
-		return this.locality;
-	}
-
-	@Override
-	public String getRegion() {
-		return this.region;
-	}
-
-	@Override
-	public String getPostalCode() {
-		return this.postalCode;
-	}
-
-	@Override
-	public String getCountry() {
-		return this.country;
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj) {
-			return true;
-		}
-		if (obj == null || !AddressStandardClaim.class.isAssignableFrom(obj.getClass())) {
-			return false;
-		}
-
-		AddressStandardClaim that = (AddressStandardClaim) obj;
-
-		if (this.getFormatted() != null ? !this.getFormatted().equals(that.getFormatted()) : that.getFormatted() != null) {
-			return false;
-		}
-		if (this.getStreetAddress() != null ? !this.getStreetAddress().equals(that.getStreetAddress()) : that.getStreetAddress() != null) {
-			return false;
-		}
-		if (this.getLocality() != null ? !this.getLocality().equals(that.getLocality()) : that.getLocality() != null) {
-			return false;
-		}
-		if (this.getRegion() != null ? !this.getRegion().equals(that.getRegion()) : that.getRegion() != null) {
-			return false;
-		}
-		if (this.getPostalCode() != null ? !this.getPostalCode().equals(that.getPostalCode()) : that.getPostalCode() != null) {
-			return false;
-		}
-		return this.getCountry() != null ? this.getCountry().equals(that.getCountry()) : that.getCountry() == null;
-	}
-
-	@Override
-	public int hashCode() {
-		int result = this.getFormatted() != null ? this.getFormatted().hashCode() : 0;
-		result = 31 * result + (this.getStreetAddress() != null ? this.getStreetAddress().hashCode() : 0);
-		result = 31 * result + (this.getLocality() != null ? this.getLocality().hashCode() : 0);
-		result = 31 * result + (this.getRegion() != null ? this.getRegion().hashCode() : 0);
-		result = 31 * result + (this.getPostalCode() != null ? this.getPostalCode().hashCode() : 0);
-		result = 31 * result + (this.getCountry() != null ? this.getCountry().hashCode() : 0);
-		return result;
-	}
-
-	/**
-	 * A builder for {@link DefaultAddressStandardClaim}.
-	 */
-	public static class Builder {
-		private static final String FORMATTED_FIELD_NAME = "formatted";
-		private static final String STREET_ADDRESS_FIELD_NAME = "street_address";
-		private static final String LOCALITY_FIELD_NAME = "locality";
-		private static final String REGION_FIELD_NAME = "region";
-		private static final String POSTAL_CODE_FIELD_NAME = "postal_code";
-		private static final String COUNTRY_FIELD_NAME = "country";
-		private String formatted;
-		private String streetAddress;
-		private String locality;
-		private String region;
-		private String postalCode;
-		private String country;
-
-		/**
-		 * Default constructor.
-		 */
-		public Builder() {
-		}
-
-		/**
-		 * Constructs and initializes the address attributes using the provided {@code addressFields}.
-		 *
-		 * @param addressFields the fields used to initialize the address attributes
-		 */
-		public Builder(Map<String, Object> addressFields) {
-			this.formatted((String) addressFields.get(FORMATTED_FIELD_NAME));
-			this.streetAddress((String) addressFields.get(STREET_ADDRESS_FIELD_NAME));
-			this.locality((String) addressFields.get(LOCALITY_FIELD_NAME));
-			this.region((String) addressFields.get(REGION_FIELD_NAME));
-			this.postalCode((String) addressFields.get(POSTAL_CODE_FIELD_NAME));
-			this.country((String) addressFields.get(COUNTRY_FIELD_NAME));
-		}
-
-		/**
-		 * Sets the full mailing address, formatted for display.
-		 *
-		 * @param formatted the full mailing address
-		 * @return the {@link Builder}
-		 */
-		public Builder formatted(String formatted) {
-			this.formatted = formatted;
-			return this;
-		}
-
-		/**
-		 * Sets the full street address, which may include house number, street name, P.O. Box, etc.
-		 *
-		 * @param streetAddress the full street address
-		 * @return the {@link Builder}
-		 */
-		public Builder streetAddress(String streetAddress) {
-			this.streetAddress = streetAddress;
-			return this;
-		}
-
-		/**
-		 * Sets the city or locality.
-		 *
-		 * @param locality the city or locality
-		 * @return the {@link Builder}
-		 */
-		public Builder locality(String locality) {
-			this.locality = locality;
-			return this;
-		}
-
-		/**
-		 * Sets the state, province, prefecture, or region.
-		 *
-		 * @param region the state, province, prefecture, or region
-		 * @return the {@link Builder}
-		 */
-		public Builder region(String region) {
-			this.region = region;
-			return this;
-		}
-
-		/**
-		 * Sets the zip code or postal code.
-		 *
-		 * @param postalCode the zip code or postal code
-		 * @return the {@link Builder}
-		 */
-		public Builder postalCode(String postalCode) {
-			this.postalCode = postalCode;
-			return this;
-		}
-
-		/**
-		 * Sets the country.
-		 *
-		 * @param country the country
-		 * @return the {@link Builder}
-		 */
-		public Builder country(String country) {
-			this.country = country;
-			return this;
-		}
-
-		/**
-		 * Builds a new {@link DefaultAddressStandardClaim}.
-		 *
-		 * @return a {@link AddressStandardClaim}
-		 */
-		public AddressStandardClaim build() {
-			DefaultAddressStandardClaim address = new DefaultAddressStandardClaim();
-			address.formatted = this.formatted;
-			address.streetAddress = this.streetAddress;
-			address.locality = this.locality;
-			address.region = this.region;
-			address.postalCode = this.postalCode;
-			address.country = this.country;
-
-			return address;
-		}
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
deleted file mode 100644
index 0170f933..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimAccessor.java
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.oidc;
-
-import org.springframework.security.oauth2.core.ClaimAccessor;
-
-import java.net.URL;
-import java.time.Instant;
-import java.util.List;
-
-/**
- * A {@link ClaimAccessor} for the &quot;claims&quot; that can be returned in the ID Token,
- * which provides information about the authentication of an End-User by an Authorization Server.
- *
- * @see ClaimAccessor
- * @see StandardClaimAccessor
- * @see StandardClaimNames
- * @see IdTokenClaimNames
- * @see OidcIdToken
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard Claims</a>
- * @author Joe Grandja
- * @since 5.0
- */
-public interface IdTokenClaimAccessor extends StandardClaimAccessor {
-
-	/**
-	 * Returns the Issuer identifier {@code (iss)}.
-	 *
-	 * @return the Issuer identifier
-	 */
-	default URL getIssuer() {
-		return this.getClaimAsURL(IdTokenClaimNames.ISS);
-	}
-
-	/**
-	 * Returns the Subject identifier {@code (sub)}.
-	 *
-	 * @return the Subject identifier
-	 */
-	default String getSubject() {
-		return this.getClaimAsString(IdTokenClaimNames.SUB);
-	}
-
-	/**
-	 * Returns the Audience(s) {@code (aud)} that this ID Token is intended for.
-	 *
-	 * @return the Audience(s) that this ID Token is intended for
-	 */
-	default List<String> getAudience() {
-		return this.getClaimAsStringList(IdTokenClaimNames.AUD);
-	}
-
-	/**
-	 * Returns the Expiration time {@code (exp)} on or after which the ID Token MUST NOT be accepted.
-	 *
-	 * @return the Expiration time on or after which the ID Token MUST NOT be accepted
-	 */
-	default Instant getExpiresAt() {
-		return this.getClaimAsInstant(IdTokenClaimNames.EXP);
-	}
-
-	/**
-	 * Returns the time at which the ID Token was issued {@code (iat)}.
-	 *
-	 * @return the time at which the ID Token was issued
-	 */
-	default Instant getIssuedAt() {
-		return this.getClaimAsInstant(IdTokenClaimNames.IAT);
-	}
-
-	/**
-	 * Returns the time when the End-User authentication occurred {@code (auth_time)}.
-	 *
-	 * @return the time when the End-User authentication occurred
-	 */
-	default Instant getAuthenticatedAt() {
-		return this.getClaimAsInstant(IdTokenClaimNames.AUTH_TIME);
-	}
-
-	/**
-	 * Returns a {@code String} value {@code (nonce)} used to associate a Client session with an ID Token,
-	 * and to mitigate replay attacks.
-	 *
-	 * @return the nonce used to associate a Client session with an ID Token
-	 */
-	default String getNonce() {
-		return this.getClaimAsString(IdTokenClaimNames.NONCE);
-	}
-
-	/**
-	 * Returns the Authentication Context Class Reference {@code (acr)}.
-	 *
-	 * @return the Authentication Context Class Reference
-	 */
-	default String getAuthenticationContextClass() {
-		return this.getClaimAsString(IdTokenClaimNames.ACR);
-	}
-
-	/**
-	 * Returns the Authentication Methods References {@code (amr)}.
-	 *
-	 * @return the Authentication Methods References
-	 */
-	default List<String> getAuthenticationMethods() {
-		return this.getClaimAsStringList(IdTokenClaimNames.AMR);
-	}
-
-	/**
-	 * Returns the Authorized party {@code (azp)} to which the ID Token was issued.
-	 *
-	 * @return the Authorized party to which the ID Token was issued
-	 */
-	default String getAuthorizedParty() {
-		return this.getClaimAsString(IdTokenClaimNames.AZP);
-	}
-
-	/**
-	 * Returns the Access Token hash value {@code (at_hash)}.
-	 *
-	 * @return the Access Token hash value
-	 */
-	default String getAccessTokenHash() {
-		return this.getClaimAsString(IdTokenClaimNames.AT_HASH);
-	}
-
-	/**
-	 * Returns the Authorization Code hash value {@code (c_hash)}.
-	 *
-	 * @return the Authorization Code hash value
-	 */
-	default String getAuthorizationCodeHash() {
-		return this.getClaimAsString(IdTokenClaimNames.C_HASH);
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java
deleted file mode 100644
index c73b604f..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/IdTokenClaimNames.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.oidc;
-
-/**
- * The names of the &quot;claims&quot; defined by the OpenID Connect Core 1.0 specification
- * that can be returned in the ID Token.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see OidcIdToken
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
- */
-
-public interface IdTokenClaimNames {
-
-	/**
-	 * {@code iss} - the Issuer identifier
-	 */
-	String ISS = "iss";
-
-	/**
-	 * {@code sub} - the Subject identifier
-	 */
-	String SUB = "sub";
-
-	/**
-	 * {@code aud} - the Audience(s) that the ID Token is intended for
-	 */
-	String AUD = "aud";
-
-	/**
-	 * {@code exp} - the Expiration time on or after which the ID Token MUST NOT be accepted
-	 */
-	String EXP = "exp";
-
-	/**
-	 * {@code iat} - the time at which the ID Token was issued
-	 */
-	String IAT = "iat";
-
-	/**
-	 * {@code auth_time} - the time when the End-User authentication occurred
-	 */
-	String AUTH_TIME = "auth_time";
-
-	/**
-	 * {@code nonce} - a {@code String} value used to associate a Client session with an ID Token,
-	 * and to mitigate replay attacks.
-	 */
-	String NONCE = "nonce";
-
-	/**
-	 * {@code acr} - the Authentication Context Class Reference
-	 */
-	String ACR = "acr";
-
-	/**
-	 * {@code amr} - the Authentication Methods References
-	 */
-	String AMR = "amr";
-
-	/**
-	 * {@code azp} - the Authorized party to which the ID Token was issued
-	 */
-	String AZP = "azp";
-
-	/**
-	 * {@code at_hash} - the Access Token hash value
-	 */
-	String AT_HASH = "at_hash";
-
-	/**
-	 * {@code c_hash} - the Authorization Code hash value
-	 */
-	String C_HASH = "c_hash";
-
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java
deleted file mode 100644
index 6e129786..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.oidc;
-
-import org.springframework.security.oauth2.core.AbstractOAuth2Token;
-import org.springframework.util.Assert;
-
-import java.time.Instant;
-import java.util.Collections;
-import java.util.LinkedHashMap;
-import java.util.Map;
-
-/**
- * An implementation of an {@link AbstractOAuth2Token} representing an OpenID Connect Core 1.0 ID Token.
- *
- * <p>
- * The {@code OidcIdToken} is a security token that contains &quot;claims&quot;
- * about the authentication of an End-User by an Authorization Server.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see AbstractOAuth2Token
- * @see IdTokenClaimAccessor
- * @see StandardClaimAccessor
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard Claims</a>
- */
-public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAccessor {
-	private final Map<String, Object> claims;
-
-	/**
-	 * Constructs a {@code OidcIdToken} using the provided parameters.
-	 *
-	 * @param tokenValue the ID Token value
-	 * @param issuedAt the time at which the ID Token was issued {@code (iat)}
-	 * @param expiresAt the expiration time {@code (exp)} on or after which the ID Token MUST NOT be accepted
-	 * @param claims the claims about the authentication of the End-User
-	 */
-	public OidcIdToken(String tokenValue, Instant issuedAt, Instant expiresAt, Map<String, Object> claims) {
-		super(tokenValue, issuedAt, expiresAt);
-		Assert.notEmpty(claims, "claims cannot be empty");
-		this.claims = Collections.unmodifiableMap(new LinkedHashMap<>(claims));
-	}
-
-	@Override
-	public Map<String, Object> getClaims() {
-		return this.claims;
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java
deleted file mode 100644
index e8b70c75..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/OidcScopes.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.oidc;
-
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
-
-/**
- * The scope values defined by the OpenID Connect Core 1.0 specification
- * that can be used to request {@link StandardClaimNames claims}.
- * <p>
- * The scope(s) associated to an {@link OAuth2AccessToken} determine what claims (resources)
- * will be available when they are used to access OAuth 2.0 Protected Endpoints,
- * such as the UserInfo Endpoint.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see StandardClaimNames
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims">Requesting Claims using Scope Values</a>
- */
-public interface OidcScopes {
-
-	/**
-	 * The {@code openid} scope is required for OpenID Connect Authentication Requests.
-	 */
-	String OPENID = "openid";
-
-	/**
-	 * The {@code profile} scope requests access to the default profile claims, which are:
-	 * {@code name, family_name, given_name, middle_name, nickname, preferred_username,
-	 * profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at}.
-	 */
-	String PROFILE = "profile";
-
-	/**
-	 * The {@code email} scope requests access to the {@code email} and {@code email_verified} claims.
-	 */
-	String EMAIL = "email";
-
-	/**
-	 * The {@code address} scope requests access to the {@code address} claim.
-	 */
-	String ADDRESS = "address";
-
-	/**
-	 * The {@code phone} scope requests access to the {@code phone_number} and {@code phone_number_verified} claims.
-	 */
-	String PHONE = "phone";
-
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
deleted file mode 100644
index 0d3ba431..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.oidc;
-
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.util.Assert;
-
-import java.io.Serializable;
-import java.util.Collections;
-import java.util.LinkedHashMap;
-import java.util.Map;
-
-/**
- * A representation of a UserInfo Response that is returned
- * from the OAuth 2.0 Protected Resource UserInfo Endpoint.
- *
- * <p>
- * The {@code OidcUserInfo} contains a set of &quot;Standard Claims&quot; about the authentication of an End-User.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see StandardClaimAccessor
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse">UserInfo Response</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#UserInfo">UserInfo Endpoint</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard Claims</a>
- */
-public class OidcUserInfo implements StandardClaimAccessor, Serializable {
-	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
-	private final Map<String, Object> claims;
-
-	/**
-	 * Constructs a {@code OidcUserInfo} using the provided parameters.
-	 *
-	 * @param claims the claims about the authentication of the End-User
-	 */
-	public OidcUserInfo(Map<String, Object> claims) {
-		Assert.notEmpty(claims, "claims cannot be empty");
-		this.claims = Collections.unmodifiableMap(new LinkedHashMap<>(claims));
-	}
-
-	@Override
-	public Map<String, Object> getClaims() {
-		return this.claims;
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj) {
-			return true;
-		}
-		if (obj == null || this.getClass() != obj.getClass()) {
-			return false;
-		}
-
-		OidcUserInfo that = (OidcUserInfo) obj;
-
-		return this.getClaims().equals(that.getClaims());
-	}
-
-	@Override
-	public int hashCode() {
-		return this.getClaims().hashCode();
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
deleted file mode 100644
index 455e0f8f..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimAccessor.java
+++ /dev/null
@@ -1,220 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.oidc;
-
-import org.springframework.security.oauth2.core.ClaimAccessor;
-import org.springframework.util.CollectionUtils;
-
-import java.time.Instant;
-import java.util.Map;
-
-/**
- * A {@link ClaimAccessor} for the &quot;Standard Claims&quot; that can be returned
- * either in the UserInfo Response or the ID Token.
- *
- * @see ClaimAccessor
- * @see StandardClaimNames
- * @see OidcUserInfo
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse">UserInfo Response</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard Claims</a>
- * @author Joe Grandja
- * @since 5.0
- */
-public interface StandardClaimAccessor extends ClaimAccessor {
-
-	/**
-	 * Returns the Subject identifier {@code (sub)}.
-	 *
-	 * @return the Subject identifier
-	 */
-	default String getSubject() {
-		return this.getClaimAsString(StandardClaimNames.SUB);
-	}
-
-	/**
-	 * Returns the user's full name {@code (name)} in displayable form.
-	 *
-	 * @return the user's full name
-	 */
-	default String getFullName() {
-		return this.getClaimAsString(StandardClaimNames.NAME);
-	}
-
-	/**
-	 * Returns the user's given name(s) or first name(s) {@code (given_name)}.
-	 *
-	 * @return the user's given name(s)
-	 */
-	default String getGivenName() {
-		return this.getClaimAsString(StandardClaimNames.GIVEN_NAME);
-	}
-
-	/**
-	 * Returns the user's surname(s) or last name(s) {@code (family_name)}.
-	 *
-	 * @return the user's family names(s)
-	 */
-	default String getFamilyName() {
-		return this.getClaimAsString(StandardClaimNames.FAMILY_NAME);
-	}
-
-	/**
-	 * Returns the user's middle name(s) {@code (middle_name)}.
-	 *
-	 * @return the user's middle name(s)
-	 */
-	default String getMiddleName() {
-		return this.getClaimAsString(StandardClaimNames.MIDDLE_NAME);
-	}
-
-	/**
-	 * Returns the user's nick name {@code (nickname)} that may or may not be the same as the {@code (given_name)}.
-	 *
-	 * @return the user's nick name
-	 */
-	default String getNickName() {
-		return this.getClaimAsString(StandardClaimNames.NICKNAME);
-	}
-
-	/**
-	 * Returns the preferred username {@code (preferred_username)} that the user wishes to be referred to.
-	 *
-	 * @return the user's preferred user name
-	 */
-	default String getPreferredUsername() {
-		return this.getClaimAsString(StandardClaimNames.PREFERRED_USERNAME);
-	}
-
-	/**
-	 * Returns the URL of the user's profile page {@code (profile)}.
-	 *
-	 * @return the URL of the user's profile page
-	 */
-	default String getProfile() {
-		return this.getClaimAsString(StandardClaimNames.PROFILE);
-	}
-
-	/**
-	 * Returns the URL of the user's profile picture {@code (picture)}.
-	 *
-	 * @return the URL of the user's profile picture
-	 */
-	default String getPicture() {
-		return this.getClaimAsString(StandardClaimNames.PICTURE);
-	}
-
-	/**
-	 * Returns the URL of the user's web page or blog {@code (website)}.
-	 *
-	 * @return the URL of the user's web page or blog
-	 */
-	default String getWebsite() {
-		return this.getClaimAsString(StandardClaimNames.WEBSITE);
-	}
-
-	/**
-	 * Returns the user's preferred e-mail address {@code (email)}.
-	 *
-	 * @return the user's preferred e-mail address
-	 */
-	default String getEmail() {
-		return this.getClaimAsString(StandardClaimNames.EMAIL);
-	}
-
-	/**
-	 * Returns {@code true} if the user's e-mail address has been verified {@code (email_verified)}, otherwise {@code false}.
-	 *
-	 * @return {@code true} if the user's e-mail address has been verified, otherwise {@code false}
-	 */
-	default Boolean getEmailVerified() {
-		return this.getClaimAsBoolean(StandardClaimNames.EMAIL_VERIFIED);
-	}
-
-	/**
-	 * Returns the user's gender {@code (gender)}.
-	 *
-	 * @return the user's gender
-	 */
-	default String getGender() {
-		return this.getClaimAsString(StandardClaimNames.GENDER);
-	}
-
-	/**
-	 * Returns the user's birth date {@code (birthdate)}.
-	 *
-	 * @return the user's birth date
-	 */
-	default String getBirthdate() {
-		return this.getClaimAsString(StandardClaimNames.BIRTHDATE);
-	}
-
-	/**
-	 * Returns the user's time zone {@code (zoneinfo)}.
-	 *
-	 * @return the user's time zone
-	 */
-	default String getZoneInfo() {
-		return this.getClaimAsString(StandardClaimNames.ZONEINFO);
-	}
-
-	/**
-	 * Returns the user's locale {@code (locale)}.
-	 *
-	 * @return the user's locale
-	 */
-	default String getLocale() {
-		return this.getClaimAsString(StandardClaimNames.LOCALE);
-	}
-
-	/**
-	 * Returns the user's preferred phone number {@code (phone_number)}.
-	 *
-	 * @return the user's preferred phone number
-	 */
-	default String getPhoneNumber() {
-		return this.getClaimAsString(StandardClaimNames.PHONE_NUMBER);
-	}
-
-	/**
-	 * Returns {@code true} if the user's phone number has been verified {@code (phone_number_verified)}, otherwise {@code false}.
-	 *
-	 * @return {@code true} if the user's phone number has been verified, otherwise {@code false}
-	 */
-	default Boolean getPhoneNumberVerified() {
-		return this.getClaimAsBoolean(StandardClaimNames.PHONE_NUMBER_VERIFIED);
-	}
-
-	/**
-	 * Returns the user's preferred postal address {@code (address)}.
-	 *
-	 * @return the user's preferred postal address
-	 */
-	default AddressStandardClaim getAddress() {
-		Map<String, Object> addressFields = this.getClaimAsMap(StandardClaimNames.ADDRESS);
-		return (!CollectionUtils.isEmpty(addressFields) ?
-			new DefaultAddressStandardClaim.Builder(addressFields).build() :
-			new DefaultAddressStandardClaim.Builder().build());
-	}
-
-	/**
-	 * Returns the time the user's information was last updated {@code (updated_at)}.
-	 *
-	 * @return the time the user's information was last updated
-	 */
-	default Instant getUpdatedAt() {
-		return this.getClaimAsInstant(StandardClaimNames.UPDATED_AT);
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java
deleted file mode 100644
index e57b4df7..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/StandardClaimNames.java
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.oidc;
-
-/**
- * The names of the &quot;Standard Claims&quot; defined by the OpenID Connect Core 1.0 specification
- * that can be returned either in the UserInfo Response or the ID Token.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard Claims</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse">UserInfo Response</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
- */
-public interface StandardClaimNames {
-
-	/**
-	 * {@code sub} - the Subject identifier
-	 */
-	String SUB = "sub";
-
-	/**
-	 * {@code name} - the user's full name
-	 */
-	String NAME = "name";
-
-	/**
-	 * {@code given_name} - the user's given name(s) or first name(s)
-	 */
-	String GIVEN_NAME = "given_name";
-
-	/**
-	 * {@code family_name} - the user's surname(s) or last name(s)
-	 */
-	String FAMILY_NAME = "family_name";
-
-	/**
-	 * {@code middle_name} - the user's middle name(s)
-	 */
-	String MIDDLE_NAME = "middle_name";
-
-	/**
-	 * {@code nickname} - the user's nick name that may or may not be the same as the {@code given_name}
-	 */
-	String NICKNAME = "nickname";
-
-	/**
-	 * {@code preferred_username} - the preferred username that the user wishes to be referred to
-	 */
-	String PREFERRED_USERNAME = "preferred_username";
-
-	/**
-	 * {@code profile} - the URL of the user's profile page
-	 */
-	String PROFILE = "profile";
-
-	/**
-	 * {@code picture} - the URL of the user's profile picture
-	 */
-	String PICTURE = "picture";
-
-	/**
-	 * {@code website} - the URL of the user's web page or blog
-	 */
-	String WEBSITE = "website";
-
-	/**
-	 * {@code email} - the user's preferred e-mail address
-	 */
-	String EMAIL = "email";
-
-	/**
-	 * {@code email_verified} - {@code true} if the user's e-mail address has been verified, otherwise {@code false}
-	 */
-	String EMAIL_VERIFIED = "email_verified";
-
-	/**
-	 * {@code gender} - the user's gender
-	 */
-	String GENDER = "gender";
-
-	/**
-	 * {@code birthdate} - the user's birth date
-	 */
-	String BIRTHDATE = "birthdate";
-
-	/**
-	 * {@code zoneinfo} - the user's time zone
-	 */
-	String ZONEINFO = "zoneinfo";
-
-	/**
-	 * {@code locale} - the user's locale
-	 */
-	String LOCALE = "locale";
-
-	/**
-	 * {@code phone_number} - the user's preferred phone number
-	 */
-	String PHONE_NUMBER = "phone_number";
-
-	/**
-	 * {@code phone_number_verified} - {@code true} if the user's phone number has been verified, otherwise {@code false}
-	 */
-	String PHONE_NUMBER_VERIFIED = "phone_number_verified";
-
-	/**
-	 * {@code address} - the user's preferred postal address
-	 */
-	String ADDRESS = "address";
-
-	/**
-	 * {@code updated_at} - the time the user's information was last updated
-	 */
-	String UPDATED_AT = "updated_at";
-
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java
deleted file mode 100644
index 13c37441..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/endpoint/OidcParameterNames.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.oidc.endpoint;
-
-/**
- * Standard parameter names defined in the OAuth Parameters Registry
- * and used by the authorization endpoint and token endpoint.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#OAuthParametersRegistry">18.2 OAuth Parameters Registration</a>
- */
-public interface OidcParameterNames {
-
-	/**
-	 * {@code id_token} - used in the Access Token Response.
-	 */
-	String ID_TOKEN = "id_token";
-
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/endpoint/package-info.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/endpoint/package-info.java
deleted file mode 100644
index f96f4788..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/endpoint/package-info.java
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * Support classes that model the OpenID Connect Core 1.0 Request and Response messages
- * from the Authorization Endpoint and Token Endpoint.
- */
-package org.springframework.security.oauth2.core.oidc.endpoint;
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/package-info.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/package-info.java
deleted file mode 100644
index 001ba472..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/package-info.java
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * Core classes and interfaces providing support for OpenID Connect Core 1.0.
- */
-package org.springframework.security.oauth2.core.oidc;
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java
deleted file mode 100644
index b162ba85..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.oauth2.core.oidc.user;
-
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
-import org.springframework.security.oauth2.core.oidc.OidcIdToken;
-import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
-import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
-
-import java.util.Collection;
-import java.util.Map;
-
-/**
- * The default implementation of an {@link OidcUser}.
- *
- * <p>
- * The default claim used for accessing the &quot;name&quot; of the
- * user {@code Principal} from {@link #getClaims()} is {@link IdTokenClaimNames#SUB}.
- *
- * @author Joe Grandja
- * @author Vedran Pavic
- * @since 5.0
- * @see OidcUser
- * @see DefaultOAuth2User
- * @see OidcIdToken
- * @see OidcUserInfo
- */
-public class DefaultOidcUser extends DefaultOAuth2User implements OidcUser {
-	private final OidcIdToken idToken;
-	private final OidcUserInfo userInfo;
-
-	/**
-	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
-	 *
-	 * @param authorities the authorities granted to the user
-	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
-	 */
-	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken) {
-		this(authorities, idToken, IdTokenClaimNames.SUB);
-	}
-
-	/**
-	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
-	 *
-	 * @param authorities the authorities granted to the user
-	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
-	 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from {@link #getAttributes()}
-	 */
-	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken, String nameAttributeKey) {
-		this(authorities, idToken, null, nameAttributeKey);
-	}
-
-	/**
-	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
-	 *
-	 * @param authorities the authorities granted to the user
-	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
-	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user, may be {@code null}
-	 */
-	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken, OidcUserInfo userInfo) {
-		this(authorities, idToken, userInfo, IdTokenClaimNames.SUB);
-	}
-
-	/**
-	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
-	 *
-	 * @param authorities the authorities granted to the user
-	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
-	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user, may be {@code null}
-	 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from {@link #getAttributes()}
-	 */
-	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken,
-							OidcUserInfo userInfo, String nameAttributeKey) {
-		super(authorities, OidcUserAuthority.collectClaims(idToken, userInfo), nameAttributeKey);
-		this.idToken = idToken;
-		this.userInfo = userInfo;
-	}
-
-	@Override
-	public Map<String, Object> getClaims() {
-		return this.getAttributes();
-	}
-
-	@Override
-	public OidcIdToken getIdToken() {
-		return this.idToken;
-	}
-
-	@Override
-	public OidcUserInfo getUserInfo() {
-		return this.userInfo;
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
deleted file mode 100644
index 15b30140..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUser.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.oidc.user;
-
-import org.springframework.security.core.AuthenticatedPrincipal;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor;
-import org.springframework.security.oauth2.core.oidc.OidcIdToken;
-import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
-import org.springframework.security.oauth2.core.oidc.StandardClaimAccessor;
-import org.springframework.security.oauth2.core.user.OAuth2User;
-
-import java.util.Map;
-
-/**
- * A representation of a user {@code Principal}
- * that is registered with an OpenID Connect 1.0 Provider.
- *
- * <p>
- * An {@code OidcUser} contains &quot;claims&quot; about the authentication of the End-User.
- * The claims are aggregated from the {@link OidcIdToken} and the {@link OidcUserInfo} (if available).
- *
- * <p>
- * Implementation instances of this interface represent an {@link AuthenticatedPrincipal}
- * which is associated to an {@link Authentication} object
- * and may be accessed via {@link Authentication#getPrincipal()}.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see DefaultOidcUser
- * @see OAuth2User
- * @see OidcIdToken
- * @see OidcUserInfo
- * @see IdTokenClaimAccessor
- * @see StandardClaimAccessor
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken">ID Token</a>
- * @see <a target="_blank" href="https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">Standard Claims</a>
- */
-public interface OidcUser extends OAuth2User, IdTokenClaimAccessor {
-
-	/**
-	 * Returns the claims about the user.
-	 * The claims are aggregated from {@link #getIdToken()} and {@link #getUserInfo()} (if available).
-	 *
-	 * @return a {@code Map} of claims about the user
-	 */
-	Map<String, Object> getClaims();
-
-	/**
-	 * Returns the {@link OidcUserInfo UserInfo} containing claims about the user.
-	 *
-	 * @return the {@link OidcUserInfo} containing claims about the user.
-	 */
-	OidcUserInfo getUserInfo();
-
-	/**
-	 * Returns the {@link OidcIdToken ID Token} containing claims about the user.
-	 *
-	 * @return the {@link OidcIdToken} containing claims about the user.
-	 */
-	OidcIdToken getIdToken();
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
deleted file mode 100644
index 2d215b13..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.oidc.user;
-
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.oauth2.core.oidc.OidcIdToken;
-import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
-import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
-import org.springframework.util.Assert;
-
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * A {@link GrantedAuthority} that may be associated to an {@link OidcUser}.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see OidcUser
- */
-public class OidcUserAuthority extends OAuth2UserAuthority {
-	private final OidcIdToken idToken;
-	private final OidcUserInfo userInfo;
-
-	/**
-	 * Constructs a {@code OidcUserAuthority} using the provided parameters.
-	 *
-	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
-	 */
-	public OidcUserAuthority(OidcIdToken idToken) {
-		this(idToken, null);
-	}
-
-	/**
-	 * Constructs a {@code OidcUserAuthority} using the provided parameters
-	 * and defaults {@link #getAuthority()} to {@code ROLE_USER}.
-	 *
-	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
-	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user, may be {@code null}
-	 */
-	public OidcUserAuthority(OidcIdToken idToken, OidcUserInfo userInfo) {
-		this("ROLE_USER", idToken, userInfo);
-	}
-
-	/**
-	 * Constructs a {@code OidcUserAuthority} using the provided parameters.
-	 *
-	 * @param authority the authority granted to the user
-	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
-	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user, may be {@code null}
-	 */
-	public OidcUserAuthority(String authority, OidcIdToken idToken, OidcUserInfo userInfo) {
-		super(authority, collectClaims(idToken, userInfo));
-		this.idToken = idToken;
-		this.userInfo = userInfo;
-	}
-
-	/**
-	 * Returns the {@link OidcIdToken ID Token} containing claims about the user.
-	 *
-	 * @return the {@link OidcIdToken} containing claims about the user.
-	 */
-	public OidcIdToken getIdToken() {
-		return this.idToken;
-	}
-
-	/**
-	 * Returns the {@link OidcUserInfo UserInfo} containing claims about the user, may be {@code null}.
-	 *
-	 * @return the {@link OidcUserInfo} containing claims about the user, or {@code null}
-	 */
-	public OidcUserInfo getUserInfo() {
-		return this.userInfo;
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj) {
-			return true;
-		}
-		if (obj == null || this.getClass() != obj.getClass()) {
-			return false;
-		}
-		if (!super.equals(obj)) {
-			return false;
-		}
-
-		OidcUserAuthority that = (OidcUserAuthority) obj;
-
-		if (!this.getIdToken().equals(that.getIdToken())) {
-			return false;
-		}
-		return this.getUserInfo() != null ?
-			this.getUserInfo().equals(that.getUserInfo()) :
-			that.getUserInfo() == null;
-	}
-
-	@Override
-	public int hashCode() {
-		int result = super.hashCode();
-		result = 31 * result + this.getIdToken().hashCode();
-		result = 31 * result + (this.getUserInfo() != null ? this.getUserInfo().hashCode() : 0);
-		return result;
-	}
-
-	static Map<String, Object> collectClaims(OidcIdToken idToken, OidcUserInfo userInfo) {
-		Assert.notNull(idToken, "idToken cannot be null");
-		Map<String, Object> claims = new HashMap<>();
-		if (userInfo != null) {
-			claims.putAll(userInfo.getClaims());
-		}
-		claims.putAll(idToken.getClaims());
-		return claims;
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/user/package-info.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/user/package-info.java
deleted file mode 100644
index 3af0286c..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/oidc/user/package-info.java
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * Provides a model for an OpenID Connect Core 1.0 representation of a user {@code Principal}.
- */
-package org.springframework.security.oauth2.core.oidc.user;
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/package-info.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/package-info.java
deleted file mode 100644
index 77190dd4..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/package-info.java
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * Core classes and interfaces providing support for the OAuth 2.0 Authorization Framework.
- */
-package org.springframework.security.oauth2.core;
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
deleted file mode 100644
index 68538bf6..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.user;
-
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.util.Assert;
-
-import java.io.Serializable;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.LinkedHashMap;
-import java.util.LinkedHashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.SortedSet;
-import java.util.TreeSet;
-import java.util.stream.Collectors;
-
-/**
- * The default implementation of an {@link OAuth2User}.
- *
- * <p>
- * User attribute names are <b>not</b> standardized between providers
- * and therefore it is required to supply the <i>key</i>
- * for the user's &quot;name&quot; attribute to one of the constructors.
- * The <i>key</i> will be used for accessing the &quot;name&quot; of the
- * {@code Principal} (user) via {@link #getAttributes()}
- * and returning it from {@link #getName()}.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see OAuth2User
- */
-public class DefaultOAuth2User implements OAuth2User, Serializable {
-	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
-	private final Set<GrantedAuthority> authorities;
-	private final Map<String, Object> attributes;
-	private final String nameAttributeKey;
-
-	/**
-	 * Constructs a {@code DefaultOAuth2User} using the provided parameters.
-	 *
-	 * @param authorities the authorities granted to the user
-	 * @param attributes the attributes about the user
-	 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from {@link #getAttributes()}
-	 */
-	public DefaultOAuth2User(Collection<? extends GrantedAuthority> authorities, Map<String, Object> attributes, String nameAttributeKey) {
-		Assert.notEmpty(authorities, "authorities cannot be empty");
-		Assert.notEmpty(attributes, "attributes cannot be empty");
-		Assert.hasText(nameAttributeKey, "nameAttributeKey cannot be empty");
-		if (!attributes.containsKey(nameAttributeKey)) {
-			throw new IllegalArgumentException("Missing attribute '" + nameAttributeKey + "' in attributes");
-		}
-		this.authorities = Collections.unmodifiableSet(new LinkedHashSet<>(this.sortAuthorities(authorities)));
-		this.attributes = Collections.unmodifiableMap(new LinkedHashMap<>(attributes));
-		this.nameAttributeKey = nameAttributeKey;
-	}
-
-	@Override
-	public String getName() {
-		return this.getAttributes().get(this.nameAttributeKey).toString();
-	}
-
-	@Override
-	public Collection<? extends GrantedAuthority> getAuthorities() {
-		return this.authorities;
-	}
-
-	@Override
-	public Map<String, Object> getAttributes() {
-		return this.attributes;
-	}
-
-	private Set<GrantedAuthority> sortAuthorities(Collection<? extends GrantedAuthority> authorities) {
-		SortedSet<GrantedAuthority> sortedAuthorities =
-			new TreeSet<>(Comparator.comparing(GrantedAuthority::getAuthority));
-		sortedAuthorities.addAll(authorities);
-		return sortedAuthorities;
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj) {
-			return true;
-		}
-		if (obj == null || this.getClass() != obj.getClass()) {
-			return false;
-		}
-
-		DefaultOAuth2User that = (DefaultOAuth2User) obj;
-
-		if (!this.getName().equals(that.getName())) {
-			return false;
-		}
-		if (!this.getAuthorities().equals(that.getAuthorities())) {
-			return false;
-		}
-		return this.getAttributes().equals(that.getAttributes());
-	}
-
-	@Override
-	public int hashCode() {
-		int result = this.getName().hashCode();
-		result = 31 * result + this.getAuthorities().hashCode();
-		result = 31 * result + this.getAttributes().hashCode();
-		return result;
-	}
-
-	@Override
-	public String toString() {
-		StringBuilder sb = new StringBuilder();
-		sb.append("Name: [");
-		sb.append(this.getName());
-		sb.append("], Granted Authorities: [");
-		sb.append(this.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.joining(", ")));
-		sb.append("], User Attributes: [");
-		sb.append(this.getAttributes().entrySet().stream().map(e -> e.getKey() + "=" + e.getValue()).collect(Collectors.joining(", ")));
-		sb.append("]");
-		return sb.toString();
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/user/OAuth2User.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/user/OAuth2User.java
deleted file mode 100644
index e31498cf..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/user/OAuth2User.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.user;
-
-import org.springframework.security.core.AuthenticatedPrincipal;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-
-import java.util.Collection;
-import java.util.Map;
-
-/**
- * A representation of a user {@code Principal}
- * that is registered with an OAuth 2.0 Provider.
- *
- * <p>
- * An OAuth 2.0 user is composed of one or more attributes, for example,
- * first name, middle name, last name, email, phone number, address, etc.
- * Each user attribute has a &quot;name&quot; and &quot;value&quot; and
- * is keyed by the &quot;name&quot; in {@link #getAttributes()}.
- *
- * <p>
- * <b>NOTE:</b> Attribute names are <b>not</b> standardized between providers and therefore will vary.
- * Please consult the provider's API documentation for the set of supported user attribute names.
- *
- * <p>
- * Implementation instances of this interface represent an {@link AuthenticatedPrincipal}
- * which is associated to an {@link Authentication} object
- * and may be accessed via {@link Authentication#getPrincipal()}.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see DefaultOAuth2User
- * @see AuthenticatedPrincipal
- */
-public interface OAuth2User extends AuthenticatedPrincipal {
-
-	/**
-	 * Returns the authorities granted to the user.
-	 *
-	 * @return a {@code Collection} of {@link GrantedAuthority}(s)
-	 */
-	Collection<? extends GrantedAuthority> getAuthorities();
-
-	/**
-	 * Returns the attributes about the user.
-	 *
-	 * @return a {@code Map} of attributes about the user
-	 */
-	Map<String, Object> getAttributes();
-
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java
deleted file mode 100644
index 161fc1f6..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.user;
-
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.SpringSecurityCoreVersion;
-import org.springframework.util.Assert;
-
-import java.util.Collections;
-import java.util.LinkedHashMap;
-import java.util.Map;
-
-/**
- * A {@link GrantedAuthority} that may be associated to an {@link OAuth2User}.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see OAuth2User
- */
-public class OAuth2UserAuthority implements GrantedAuthority {
-	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
-	private final String authority;
-	private final Map<String, Object> attributes;
-
-	/**
-	 * Constructs a {@code OAuth2UserAuthority} using the provided parameters
-	 * and defaults {@link #getAuthority()} to {@code ROLE_USER}.
-	 *
-	 * @param attributes the attributes about the user
-	 */
-	public OAuth2UserAuthority(Map<String, Object> attributes) {
-		this("ROLE_USER", attributes);
-	}
-
-	/**
-	 * Constructs a {@code OAuth2UserAuthority} using the provided parameters.
-	 *
-	 * @param authority the authority granted to the user
-	 * @param attributes the attributes about the user
-	 */
-	public OAuth2UserAuthority(String authority, Map<String, Object> attributes) {
-		Assert.hasText(authority, "authority cannot be empty");
-		Assert.notEmpty(attributes, "attributes cannot be empty");
-		this.authority = authority;
-		this.attributes = Collections.unmodifiableMap(new LinkedHashMap<>(attributes));
-	}
-
-	@Override
-	public String getAuthority() {
-		return this.authority;
-	}
-
-	/**
-	 * Returns the attributes about the user.
-	 *
-	 * @return a {@code Map} of attributes about the user
-	 */
-	public Map<String, Object> getAttributes() {
-		return this.attributes;
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj) {
-			return true;
-		}
-		if (obj == null || this.getClass() != obj.getClass()) {
-			return false;
-		}
-
-		OAuth2UserAuthority that = (OAuth2UserAuthority) obj;
-
-		if (!this.getAuthority().equals(that.getAuthority())) {
-			return false;
-		}
-		return this.getAttributes().equals(that.getAttributes());
-	}
-
-	@Override
-	public int hashCode() {
-		int result = this.getAuthority().hashCode();
-		result = 31 * result + this.getAttributes().hashCode();
-		return result;
-	}
-
-	@Override
-	public String toString() {
-		return this.getAuthority();
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/user/package-info.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/user/package-info.java
deleted file mode 100644
index 2f429402..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/user/package-info.java
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * Provides a model for an OAuth 2.0 representation of a user {@code Principal}.
- */
-package org.springframework.security.oauth2.core.user;
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
deleted file mode 100644
index b9c5c9bf..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2AccessTokenResponseBodyExtractor.java
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.oauth2.core.web.reactive.function;
-
-import com.nimbusds.oauth2.sdk.AccessTokenResponse;
-import com.nimbusds.oauth2.sdk.ErrorObject;
-import com.nimbusds.oauth2.sdk.ParseException;
-import com.nimbusds.oauth2.sdk.TokenErrorResponse;
-import com.nimbusds.oauth2.sdk.TokenResponse;
-import com.nimbusds.oauth2.sdk.token.AccessToken;
-import net.minidev.json.JSONObject;
-import org.springframework.core.ParameterizedTypeReference;
-import org.springframework.http.ReactiveHttpInputMessage;
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
-import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
-import org.springframework.security.oauth2.core.OAuth2Error;
-import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
-import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
-import org.springframework.web.reactive.function.BodyExtractor;
-import org.springframework.web.reactive.function.BodyExtractors;
-import reactor.core.publisher.Mono;
-
-import java.util.Collections;
-import java.util.LinkedHashMap;
-import java.util.LinkedHashSet;
-import java.util.Map;
-import java.util.Set;
-
-/**
- * Provides a way to create an {@link OAuth2AccessTokenResponse} from a {@link ReactiveHttpInputMessage}
- * @author Rob Winch
- * @since 5.1
- */
-class OAuth2AccessTokenResponseBodyExtractor
-		implements BodyExtractor<Mono<OAuth2AccessTokenResponse>, ReactiveHttpInputMessage> {
-
-	private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
-
-	OAuth2AccessTokenResponseBodyExtractor() {}
-
-	@Override
-	public Mono<OAuth2AccessTokenResponse> extract(ReactiveHttpInputMessage inputMessage,
-			Context context) {
-		ParameterizedTypeReference<Map<String, Object>> type = new ParameterizedTypeReference<Map<String, Object>>() {};
-		BodyExtractor<Mono<Map<String, Object>>, ReactiveHttpInputMessage> delegate = BodyExtractors.toMono(type);
-		return delegate.extract(inputMessage, context)
-				.map(OAuth2AccessTokenResponseBodyExtractor::parse)
-				.flatMap(OAuth2AccessTokenResponseBodyExtractor::oauth2AccessTokenResponse)
-				.map(OAuth2AccessTokenResponseBodyExtractor::oauth2AccessTokenResponse);
-	}
-
-	private static TokenResponse parse(Map<String, Object> json) {
-		try {
-			return TokenResponse.parse(new JSONObject(json));
-		}
-		catch (ParseException pe) {
-			OAuth2Error oauth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE,
-					"An error occurred parsing the Access Token response: " + pe.getMessage(), null);
-			throw new OAuth2AuthorizationException(oauth2Error, pe);
-		}
-	}
-
-	private static Mono<AccessTokenResponse> oauth2AccessTokenResponse(TokenResponse tokenResponse) {
-		if (tokenResponse.indicatesSuccess()) {
-			return Mono.just(tokenResponse)
-					.cast(AccessTokenResponse.class);
-		}
-		TokenErrorResponse tokenErrorResponse = (TokenErrorResponse) tokenResponse;
-		ErrorObject errorObject = tokenErrorResponse.getErrorObject();
-		OAuth2Error oauth2Error;
-		if (errorObject == null) {
-			oauth2Error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR);
-		} else {
-			oauth2Error = new OAuth2Error(
-					errorObject.getCode() != null ? errorObject.getCode() : OAuth2ErrorCodes.SERVER_ERROR,
-					errorObject.getDescription(),
-					errorObject.getURI() != null ? errorObject.getURI().toString() : null);
-		}
-		return Mono.error(new OAuth2AuthorizationException(oauth2Error));
-	}
-
-	private static OAuth2AccessTokenResponse oauth2AccessTokenResponse(AccessTokenResponse accessTokenResponse) {
-		AccessToken accessToken = accessTokenResponse.getTokens().getAccessToken();
-		OAuth2AccessToken.TokenType accessTokenType = null;
-		if (OAuth2AccessToken.TokenType.BEARER.getValue()
-				.equalsIgnoreCase(accessToken.getType().getValue())) {
-			accessTokenType = OAuth2AccessToken.TokenType.BEARER;
-		}
-		long expiresIn = accessToken.getLifetime();
-
-		Set<String> scopes = accessToken.getScope() == null ?
-				Collections.emptySet() : new LinkedHashSet<>(accessToken.getScope().toStringList());
-
-		String refreshToken = null;
-		if (accessTokenResponse.getTokens().getRefreshToken() != null) {
-			refreshToken = accessTokenResponse.getTokens().getRefreshToken().getValue();
-		}
-
-		Map<String, Object> additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters());
-
-		return OAuth2AccessTokenResponse.withToken(accessToken.getValue())
-				.tokenType(accessTokenType)
-				.expiresIn(expiresIn)
-				.scopes(scopes)
-				.refreshToken(refreshToken)
-				.additionalParameters(additionalParameters)
-				.build();
-	}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractors.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractors.java
deleted file mode 100644
index 4818f7a0..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/java/org/springframework/security/oauth2/core/web/reactive/function/OAuth2BodyExtractors.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright 2002-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.oauth2.core.web.reactive.function;
-
-import org.springframework.http.ReactiveHttpInputMessage;
-import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
-import org.springframework.web.reactive.function.BodyExtractor;
-import reactor.core.publisher.Mono;
-
-/**
- * Static factory methods for OAuth2 {@link BodyExtractor} implementations.
- * @author Rob Winch
- * @since 5.1
- */
-public abstract class OAuth2BodyExtractors {
-
-	/**
-	 * Extractor to decode an {@link OAuth2AccessTokenResponse}
-	 * @return a BodyExtractor for {@link OAuth2AccessTokenResponse}
-	 */
-	public static BodyExtractor<Mono<OAuth2AccessTokenResponse>, ReactiveHttpInputMessage> oauth2AccessTokenResponse() {
-		return new OAuth2AccessTokenResponseBodyExtractor();
-	}
-
-	private OAuth2BodyExtractors() {}
-}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/resources/META-INF/MANIFEST.MF b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/resources/META-INF/MANIFEST.MF
deleted file mode 100644
index 254272e1..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/resources/META-INF/MANIFEST.MF
+++ /dev/null
@@ -1,3 +0,0 @@
-Manifest-Version: 1.0
-Class-Path: 
-
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/resources/META-INF/spring.handlers b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/resources/META-INF/spring.handlers
deleted file mode 100644
index c9bae2aa..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/resources/META-INF/spring.handlers
+++ /dev/null
@@ -1,2 +0,0 @@
-http\://www.springframework.org/schema/security/oauth2=org.springframework.security.oauth2.config.xml.OAuth2SecurityNamespaceHandler
-http\://www.springframework.org/schema/security/oauth=org.springframework.security.oauth.config.OAuthSecurityNamespaceHandler
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/resources/META-INF/spring.schemas b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/resources/META-INF/spring.schemas
deleted file mode 100644
index af765299..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/resources/META-INF/spring.schemas
+++ /dev/null
@@ -1,5 +0,0 @@
-http\://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd=org/springframework/security/oauth2/spring-security-oauth2-1.0.xsd
-http\://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd=org/springframework/security/oauth2/spring-security-oauth2-2.0.xsd
-http\://www.springframework.org/schema/security/spring-security-oauth2.xsd=org/springframework/security/oauth2/spring-security-oauth2-2.0.xsd
-http\://www.springframework.org/schema/security/spring-security-oauth-1.0.xsd=org/springframework/security/oauth/spring-security-oauth-1.0.xsd
-http\://www.springframework.org/schema/security/spring-security-oauth.xsd=org/springframework/security/oauth/spring-security-oauth-1.0.xsd
\ No newline at end of file
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/resources/org/springframework/security/oauth2/spring-security-oauth2-1.0.xsd b/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/resources/org/springframework/security/oauth2/spring-security-oauth2-1.0.xsd
deleted file mode 100644
index 71007dd0..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src.bak/main/resources/org/springframework/security/oauth2/spring-security-oauth2-1.0.xsd
+++ /dev/null
@@ -1,728 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<xs:schema xmlns="http://www.springframework.org/schema/security/oauth2" xmlns:xs="http://www.w3.org/2001/XMLSchema"
-	xmlns:beans="http://www.springframework.org/schema/beans" targetNamespace="http://www.springframework.org/schema/security/oauth2"
-	elementFormDefault="qualified" attributeFormDefault="unqualified">
-
-	<xs:import namespace="http://www.springframework.org/schema/beans" schemaLocation="http://www.springframework.org/schema/beans/spring-beans-3.1.xsd" />
-
-	<xs:element name="rest-template">
-		<xs:annotation>
-			<xs:documentation>
-				Creates an OAuth2RestTemplate with all the pieces needed to connect to a remote resource from
-				a web
-				application. Injects request and session-scoped beans into the template, so can only be
-				used in the context of a web
-				request.
-			</xs:documentation>
-		</xs:annotation>
-		<xs:complexType>
-			<xs:complexContent>
-				<xs:extension base="beans:identifiedType">
-					<xs:sequence>
-						<xs:element ref="beans:description" minOccurs="0" />
-						<xs:choice minOccurs="0" maxOccurs="unbounded">
-							<xs:element ref="beans:property" />
-						</xs:choice>
-					</xs:sequence>
-					<xs:attribute name="resource">
-						<xs:annotation>
-							<xs:documentation>
-								The OAuth2ProtectedResourceDetails governing the configuration of this client. Mandatory.
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-					<xs:attribute name="access-token-provider" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								The reference to the bean that manages access token acquisition. Optional (defaults to a chain
-								including common grant types from the spec).
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-				</xs:extension>
-			</xs:complexContent>
-		</xs:complexType>
-	</xs:element>
-
-	<xs:element name="authorization-server">
-		<xs:annotation>
-			<xs:documentation>
-				Specifies that the oauth 2 authorization and token
-				endpoints should be created in the application
-				context. These are
-				implemented as regular Spring @Controller beans, so as long as the
-				default Spring MVC set up in
-				present in the application
-				the endpoints should work (at /oauth/authorization and /oauth/token by
-				default).
-			</xs:documentation>
-		</xs:annotation>
-		<xs:complexType>
-
-			<xs:sequence>
-				<xs:element name="authorization-code" minOccurs="0" maxOccurs="1">
-					<xs:annotation>
-						<xs:documentation>
-							The configuration of the authorization code
-							mechanism. This
-							mechanism enables a way for clients to
-							obtain an
-							access token by obtaining an authorization code.
-						</xs:documentation>
-					</xs:annotation>
-					<xs:complexType>
-						<xs:attribute name="disabled" type="xs:boolean">
-							<xs:annotation>
-								<xs:documentation>
-									Whether to disable the authorization code
-									mechanism.
-								</xs:documentation>
-							</xs:annotation>
-						</xs:attribute>
-						<xs:attribute name="authorization-code-services-ref" type="xs:string">
-							<xs:annotation>
-								<xs:documentation>
-									The reference to the bean that defines the
-									authorization code
-									services. Default value is an
-									instance of
-									"org.springframework.security.oauth2.provider.authorization_code.InMemoryAuthorizationCodeServices".
-								</xs:documentation>
-							</xs:annotation>
-						</xs:attribute>
-					</xs:complexType>
-				</xs:element>
-				<xs:element name="implicit" minOccurs="0" maxOccurs="1">
-					<xs:annotation>
-						<xs:documentation>
-							The configuration of the client credentials
-							grant type.
-						</xs:documentation>
-					</xs:annotation>
-					<xs:complexType>
-						<xs:attribute name="disabled" type="xs:boolean">
-							<xs:annotation>
-								<xs:documentation>
-									Whether to disable the implicit grant type
-								</xs:documentation>
-							</xs:annotation>
-						</xs:attribute>
-					</xs:complexType>
-				</xs:element>
-				<xs:element name="refresh-token" minOccurs="0" maxOccurs="1">
-					<xs:annotation>
-						<xs:documentation>
-							The configuration of the refresh token grant
-							type.
-						</xs:documentation>
-					</xs:annotation>
-					<xs:complexType>
-						<xs:attribute name="disabled" type="xs:boolean">
-							<xs:annotation>
-								<xs:documentation>
-									Whether to disable the refresh token grant
-									type
-								</xs:documentation>
-							</xs:annotation>
-						</xs:attribute>
-					</xs:complexType>
-				</xs:element>
-				<xs:element name="client-credentials" minOccurs="0" maxOccurs="1">
-					<xs:annotation>
-						<xs:documentation>
-							The configuration of the client credentials
-							grant type.
-						</xs:documentation>
-					</xs:annotation>
-					<xs:complexType>
-						<xs:attribute name="disabled" type="xs:boolean">
-							<xs:annotation>
-								<xs:documentation>
-									Whether to disable the refresh token grant
-									type
-								</xs:documentation>
-							</xs:annotation>
-						</xs:attribute>
-					</xs:complexType>
-				</xs:element>
-				<xs:element name="password" minOccurs="0" maxOccurs="1">
-					<xs:annotation>
-						<xs:documentation>
-							The configuration of the resource owner password
-							grant type.
-						</xs:documentation>
-					</xs:annotation>
-					<xs:complexType>
-						<xs:attribute name="disabled" type="xs:boolean">
-							<xs:annotation>
-								<xs:documentation>
-									Whether to disable the refresh token grant
-									type
-								</xs:documentation>
-							</xs:annotation>
-						</xs:attribute>
-						<xs:attribute name="authentication-manager-ref" type="xs:string">
-							<xs:annotation>
-								<xs:documentation>
-									A reference to an authentication manager that
-									can be used to
-									authenticate the resource owner
-								</xs:documentation>
-							</xs:annotation>
-						</xs:attribute>
-					</xs:complexType>
-				</xs:element>
-				<xs:element name="custom-grant" minOccurs="0" maxOccurs="unbounded">
-					<xs:annotation>
-						<xs:documentation>
-							The configuration of your custom grant type.
-						</xs:documentation>
-					</xs:annotation>
-					<xs:complexType>
-						<xs:attribute name="disabled" type="xs:boolean">
-							<xs:annotation>
-								<xs:documentation>
-									Whether to disable this grant
-									type
-								</xs:documentation>
-							</xs:annotation>
-						</xs:attribute>
-						<xs:attribute name="token-granter-ref" type="xs:string" use="required">
-							<xs:annotation>
-								<xs:documentation>
-									A reference to your token granter
-								</xs:documentation>
-							</xs:annotation>
-						</xs:attribute>
-					</xs:complexType>
-				</xs:element>
-			</xs:sequence>
-			<xs:attribute name="client-details-service-ref" type="xs:string">
-				<xs:annotation>
-					<xs:documentation>
-						The reference to the bean that defines the client
-						details service.
-					</xs:documentation>
-				</xs:annotation>
-			</xs:attribute>
-			<xs:attribute name="token-endpoint-url" type="xs:string">
-				<xs:annotation>
-					<xs:documentation>
-						The URL at which a request for an access token
-						will be serviced.
-						Default value: "/oauth/token"
-					</xs:documentation>
-				</xs:annotation>
-			</xs:attribute>
-			<xs:attribute name="authorization-endpoint-url" type="xs:string">
-				<xs:annotation>
-					<xs:documentation>
-						The URL at which a user is redirected for
-						authorization. Default
-						value: "/oauth/authorize"
-					</xs:documentation>
-				</xs:annotation>
-			</xs:attribute>
-
-			<!--the following attributes are less used -->
-			<xs:attribute name="token-granter-ref" type="xs:string">
-				<xs:annotation>
-					<xs:documentation>
-						The reference to the bean that defines the
-						granter of different oauth
-						token types.
-					</xs:documentation>
-				</xs:annotation>
-			</xs:attribute>
-
-			<xs:attribute name="implicit-grant-service-ref" type="xs:string">
-				<xs:annotation>
-					<xs:documentation>
-						The reference to the bean that defines the
-						implicit grant service.
-					</xs:documentation>
-				</xs:annotation>
-			</xs:attribute>
-			
-			<xs:attribute name="token-services-ref" type="xs:string">
-				<xs:annotation>
-					<xs:documentation>
-						The reference to the bean that defines the token
-						services. Default
-						value is an instance of
-						"org.springframework.security.oauth2.provider.token.DefaultTokenServices".
-					</xs:documentation>
-				</xs:annotation>
-			</xs:attribute>
-
-			<xs:attribute name="authorization-request-manager-ref" type="xs:string">
-				<xs:annotation>
-					<xs:documentation>
-						The reference to the bean that defines the manager for
-						authorization requests from the input
-						parameters (e.g. request parameters).
-						Default
-						value is an
-						instance of
-						"org.springframework.security.oauth2.provider.token.DefaultAuthorizationRequestManager".
-					</xs:documentation>
-				</xs:annotation>
-			</xs:attribute>
-
-			<xs:attribute name="user-approval-handler-ref" type="xs:string">
-				<xs:annotation>
-					<xs:documentation>
-						Reference to a bean that handles user approval decisions. Using this strategy servers can
-						selectively skip the approval process depending on decisions in the past or on the type of client.
-					</xs:documentation>
-				</xs:annotation>
-			</xs:attribute>
-
-			<xs:attribute name="user-approval-page" type="xs:string">
-				<xs:annotation>
-					<xs:documentation>
-						The URL of the page that handles the user
-						approval form (if needed, depending on the grant type).
-						The default is "forward:/oauth/confirm_access" which is not handled
-						by the authorization endpoint, so normally you
-						will have to supply a handler
-						for this path.
-					</xs:documentation>
-				</xs:annotation>
-			</xs:attribute>
-
-			<xs:attribute name="error-page" type="xs:string">
-				<xs:annotation>
-					<xs:documentation>
-						The URL of the page that handles errors (default forward:/oauth/error).
-					</xs:documentation>
-				</xs:annotation>
-			</xs:attribute>
-
-			<xs:attribute name="approval-parameter-name" type="xs:string">
-				<xs:annotation>
-					<xs:documentation>
-						The name of the form parameter that is used to
-						indicate user
-						approval of the client
-						authentication
-						request.
-						Default value: "user_oauth_approval".
-					</xs:documentation>
-				</xs:annotation>
-			</xs:attribute>
-
-			<xs:attribute name="redirect-resolver-ref" type="xs:string">
-				<xs:annotation>
-					<xs:documentation>
-						The reference to the bean that defines the
-						redirect resolver, used
-						during the user
-						authorization.
-						Default
-						value is an instance of
-						"org.springframework.security.oauth2.provider.authorization_code.DefaultRedirectResolver".
-					</xs:documentation>
-				</xs:annotation>
-			</xs:attribute>
-
-		</xs:complexType>
-	</xs:element>
-
-	<xs:element name="resource-server">
-		<xs:annotation>
-			<xs:documentation>
-				Specifies that there are oauth 2 protected resources in
-				the application context. This element
-				has an
-				id which is the bean id of the filter created. The filter
-				should be added to the Spring Security filter chain at
-				position before="PRE_AUTH_FILTER"
-			</xs:documentation>
-		</xs:annotation>
-		<xs:complexType>
-			<xs:complexContent>
-				<xs:extension base="beans:identifiedType">
-
-					<xs:attribute name="resource-id" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								The resource id that is protected by this filter
-								if any. If empty or
-								absent then all resource ids
-								are allowed,
-								otherwise
-								only tokens which are granted to a client that contains
-								this reosurce
-								id will be legal.
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-
-					<xs:attribute name="token-services-ref" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								The reference to the bean that defines the token
-								services. Default
-								value is an instance of
-								"org.springframework.security.oauth2.provider.token.DefaultTokenServices".
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-
-					<xs:attribute name="entry-point-ref" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								The reference to the bean that defines the entry point for failed authentications. Defaults to
-								a vanilla
-								org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint.
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-
-					<xs:attribute name="auth-details-source-ref" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								The reference to the bean that defines the AuthenticationDetailsSource.
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-				</xs:extension>
-			</xs:complexContent>
-		</xs:complexType>
-	</xs:element>
-
-	<xs:element name="client-details-service">
-		<xs:annotation>
-			<xs:documentation>
-				Default element that contains the definition of the
-				OAuth clients that are
-				allowed to access this
-				service.
-			</xs:documentation>
-		</xs:annotation>
-
-		<xs:complexType>
-			<xs:complexContent>
-				<xs:extension base="beans:identifiedType">
-					<xs:choice minOccurs="0" maxOccurs="unbounded">
-						<xs:element name="client">
-							<xs:annotation>
-								<xs:documentation>
-									Definition of a client that can act on behalf
-									of a user.
-								</xs:documentation>
-							</xs:annotation>
-
-							<xs:complexType>
-								<xs:attribute name="client-id" type="xs:string" use="required">
-									<xs:annotation>
-										<xs:documentation>
-											The client id.
-										</xs:documentation>
-									</xs:annotation>
-								</xs:attribute>
-								<xs:attribute name="secret" type="xs:string">
-									<xs:annotation>
-										<xs:documentation>
-											The client secret. If the secret is
-											undefined or empty (the
-											default) the client does
-											not
-											require a
-											secret.
-										</xs:documentation>
-									</xs:annotation>
-								</xs:attribute>
-								<xs:attribute name="redirect-uri" type="xs:string">
-									<xs:annotation>
-										<xs:documentation>
-											The re-direct URI(s) established during
-											registration (optional, comma separated).
-										</xs:documentation>
-									</xs:annotation>
-								</xs:attribute>
-								<xs:attribute name="resource-ids" type="xs:string">
-									<xs:annotation>
-										<xs:documentation>
-											The resource ids to which this client can be
-											granted access
-											(comma-separated). If missing or
-											empty all
-											resources are
-											accessible (not recommended by the spec).
-										</xs:documentation>
-									</xs:annotation>
-								</xs:attribute>
-								<xs:attribute name="scope" type="xs:string">
-									<xs:annotation>
-										<xs:documentation>
-											The scopes to which the client is limited
-											(comma-separated). If
-											scope is undefined or empty
-											(the
-											default) the client
-											is not limited by scope, but in that case
-											the authorization
-											service must explicitly
-											accept unlimited
-											access by not
-											specifying any scopes itself.
-										</xs:documentation>
-									</xs:annotation>
-								</xs:attribute>
-								<xs:attribute name="authorized-grant-types" type="xs:string">
-									<xs:annotation>
-										<xs:documentation>
-											Grant types that are authorized for the
-											client to use
-											(comma-separated). Currently defined
-											grant types
-											include
-											"authorization_code", "password", "assertion", and
-											"refresh_token". Default value is
-											"authorization_code,refresh_token".
-										</xs:documentation>
-									</xs:annotation>
-								</xs:attribute>
-								<xs:attribute name="authorities" type="xs:string">
-									<xs:annotation>
-										<xs:documentation>
-											Authorities that are granted to the client
-											(comma-separated). Distinct
-											from the authorities
-											granted to
-											the user on behalf
-											of whom the client is acting.
-										</xs:documentation>
-									</xs:annotation>
-								</xs:attribute>
-								<xs:attribute name="access-token-validity" type="xs:string">
-									<xs:annotation>
-										<xs:documentation>
-											The access token validity period in seconds (optional). If unspecified a global default will
-											be applied by the token services.
-										</xs:documentation>
-									</xs:annotation>
-								</xs:attribute>
-								<xs:attribute name="refresh-token-validity" type="xs:string">
-									<xs:annotation>
-										<xs:documentation>
-											The refresh token validity period in seconds (optional). If unspecified a global default
-											will
-											be applied by the token services.
-										</xs:documentation>
-									</xs:annotation>
-								</xs:attribute>
-							</xs:complexType>
-						</xs:element>
-					</xs:choice>
-				</xs:extension>
-			</xs:complexContent>
-		</xs:complexType>
-	</xs:element>
-
-	<xs:element name="expression-handler">
-		<xs:annotation>
-			<xs:documentation>
-				Element for declaring and configuring an expression
-				handler for oauth
-				security expressions. See
-				http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html
-			</xs:documentation>
-		</xs:annotation>
-		<xs:complexType>
-			<xs:complexContent>
-				<xs:extension base="beans:identifiedType" />
-			</xs:complexContent>
-		</xs:complexType>
-	</xs:element>
-
-	<xs:element name="web-expression-handler">
-		<xs:annotation>
-			<xs:documentation>
-				Element for declaring and configuring an expression
-				handler for oauth
-				security expressions in http
-				intercept urls. See
-				http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html
-			</xs:documentation>
-		</xs:annotation>
-		<xs:complexType>
-			<xs:complexContent>
-				<xs:extension base="beans:identifiedType" />
-			</xs:complexContent>
-		</xs:complexType>
-	</xs:element>
-
-	<xs:element name="client">
-		<xs:annotation>
-			<xs:documentation>
-				Creates the oauth 2 client filter be be added to the
-				application security policy.
-			</xs:documentation>
-		</xs:annotation>
-		<xs:complexType>
-			<xs:complexContent>
-				<xs:extension base="beans:identifiedType">
-					<xs:attribute name="redirect-strategy-ref" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								The reference to the bean that defines the
-								redirect strategy, used when redirecting the user for
-								access authorization. Default value is an instance of
-								"org.springframework.security.web.DefaultRedirectStrategy".
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-				</xs:extension>
-			</xs:complexContent>
-		</xs:complexType>
-	</xs:element>
-
-	<xs:element name="resource">
-		<xs:annotation>
-			<xs:documentation>
-				Definition of a remote resource that is protected via
-				OAuth2 to which this client application wants
-				access.
-			</xs:documentation>
-		</xs:annotation>
-		<xs:complexType>
-			<xs:complexContent>
-				<xs:extension base="beans:identifiedType">
-					<xs:attribute name="type" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								The grant type. Currently defined grant types
-								include
-								"authorization_code", "password", and
-								"assertion".
-								Default value
-								is "authorization_code".
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-					<xs:attribute name="client-id" type="xs:string" use="required">
-						<xs:annotation>
-							<xs:documentation>
-								The client id. This is the id by which the
-								resource server will
-								identify this application.
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-					<xs:attribute name="access-token-uri" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								The uri to where the access token may be
-								obtained.
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-					<xs:attribute name="scope" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								Comma-separted list of string specifying the
-								scope of the access to the
-								resource. By default,
-								no
-								scope will be
-								specified.
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-					<xs:attribute name="client-secret" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								The secret asssociated with the resource. By
-								default, no secret
-								will be supplied for access to
-								the resource.
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-					<xs:attribute name="client-authentication-scheme" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								The scheme that is used to pass the client
-								secret. Suggested
-								values: "header" and "form".
-								Default:
-								"header".
-								See section 2.1 of the OAuth 2 spec.
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-					<xs:attribute name="user-authorization-uri" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								The uri to which the user will be redirected if
-								the user is ever
-								needed to grant an authorization
-								code.
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-					<xs:attribute name="authentication-scheme" default="header" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								The method for bearing the token when accessing
-								the resource.
-								Default value is "header". See
-								AuthenticationScheme enum for possible values.
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-					<xs:attribute name="token-name" type="xs:string" default="access_token">
-						<xs:annotation>
-							<xs:documentation>
-								The name of the bearer token. The default is
-								"access_token", which
-								is according to the spec,
-								but
-								some providers
-								(e.g. Facebook) don't conform to the spec.
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-					<xs:attribute name="pre-established-redirect-uri" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								Some resource servers may require a
-								pre-established URI to which
-								they will redirect users after
-								users
-								authorize an access token.
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-					<xs:attribute name="use-current-uri" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								Boolean flag indicating that the current URI should be used as a redirect (if available) rather
-								than the
-								registered redirect URI. Default is true.
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-					<xs:attribute name="username" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								The username for authentication, required only when type is "password".
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-					<xs:attribute name="password" type="xs:string">
-						<xs:annotation>
-							<xs:documentation>
-								The password for authentication, required only when type is "password".
-							</xs:documentation>
-						</xs:annotation>
-					</xs:attribute>
-				</xs:extension>
-			</xs:complexContent>
-		</xs:complexType>
-	</xs:element>
-
-</xs:schema>
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/authz/approval/controller/OAuth20AccessConfirmationController.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java
similarity index 89%
rename from maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/authz/approval/controller/OAuth20AccessConfirmationController.java
rename to maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java
index 93f0af59..cdfc6bd1 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/authz/approval/controller/OAuth20AccessConfirmationController.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java
@@ -1,4 +1,4 @@
-package org.maxkey.web.authz.approval.controller;
+package org.maxkey.authz.oauth2.provider.approval.controller;
 
 import java.security.Principal;
 import java.util.HashMap;
@@ -36,17 +36,22 @@ public class OAuth20AccessConfirmationController {
 	private ClientDetailsService clientDetailsService;
   
 	@Autowired
-	@Qualifier("approvalStore")
+	@Qualifier("oauth20ApprovalStore")
 	private ApprovalStore approvalStore;
 	
+	@Autowired
+	@Qualifier("oauth20UserApprovalHandler")
+	OAuth20UserApprovalHandler oauth20UserApprovalHandler;
 	
-	@RequestMapping("/oauth/v20/confirm_access")
-	public ModelAndView getAccessConfirmation(@RequestParam  Map<String, Object> model,Principal principal) throws Exception {
+	
+	@RequestMapping("/oauth/v20/approval_confirm")
+	public ModelAndView getAccessConfirmation(@RequestParam  Map<String, Object> model) throws Exception {
 		model.remove("authorizationRequest");
 		Map<String, String> modelRequest=new HashMap<String, String>();
 		for(Object key:model.keySet()){
 			modelRequest.put(key.toString(), model.get(key).toString());
 		}
+		Principal principal=(Principal)WebContext.getAuthentication().getPrincipal();
 		
 		 //Map<String, Object> model
 		AuthorizationRequest clientAuth = (AuthorizationRequest) WebContext.getAttribute("authorizationRequest");
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/authz/approval/controller/OAuth20UserApprovalHandler.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20UserApprovalHandler.java
similarity index 98%
rename from maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/authz/approval/controller/OAuth20UserApprovalHandler.java
rename to maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20UserApprovalHandler.java
index a37c3ac9..cd6dbc17 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/authz/approval/controller/OAuth20UserApprovalHandler.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20UserApprovalHandler.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.maxkey.web.authz.approval.controller;
+package org.maxkey.authz.oauth2.provider.approval.controller;
 
 import java.util.Collection;
 
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AbstractEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AbstractEndpoint.java
index 152ae3a1..e0a26322 100644
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AbstractEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AbstractEndpoint.java
@@ -16,13 +16,26 @@
 package org.maxkey.authz.oauth2.provider.endpoint;
 
 
+import java.util.ArrayList;
+import java.util.List;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.maxkey.authz.oauth2.provider.ClientDetailsService;
+import org.maxkey.authz.oauth2.provider.CompositeTokenGranter;
 import org.maxkey.authz.oauth2.provider.OAuth2RequestFactory;
 import org.maxkey.authz.oauth2.provider.TokenGranter;
+import org.maxkey.authz.oauth2.provider.client.ClientCredentialsTokenGranter;
+import org.maxkey.authz.oauth2.provider.code.AuthorizationCodeServices;
+import org.maxkey.authz.oauth2.provider.code.AuthorizationCodeTokenGranter;
+import org.maxkey.authz.oauth2.provider.code.InMemoryAuthorizationCodeServices;
+import org.maxkey.authz.oauth2.provider.implicit.ImplicitTokenGranter;
+import org.maxkey.authz.oauth2.provider.refresh.RefreshTokenGranter;
 import org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestFactory;
+import org.maxkey.authz.oauth2.provider.token.AuthorizationServerTokenServices;
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.util.Assert;
 
 /**
@@ -34,14 +47,46 @@ public class AbstractEndpoint implements InitializingBean {
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	private TokenGranter tokenGranter;
-
+	
+	@Autowired
+  	@Qualifier("oauth20AuthorizationCodeServices")
+	protected AuthorizationCodeServices authorizationCodeServices = new InMemoryAuthorizationCodeServices();
+	
+	@Autowired
+  	@Qualifier("oauth20TokenServices")
+	AuthorizationServerTokenServices tokenServices ;
+	
+	@Autowired
+  	@Qualifier("oauth20JdbcClientDetailsService")
 	private ClientDetailsService clientDetailsService;
-
+	@Autowired
+  	@Qualifier("oAuth2RequestFactory")
 	private OAuth2RequestFactory oAuth2RequestFactory;
-
+	
+	@Autowired
+  	@Qualifier("oAuth2RequestFactory")
 	private OAuth2RequestFactory defaultOAuth2RequestFactory;
 
 	public void afterPropertiesSet() throws Exception {
+		if (tokenGranter == null) {
+			//ClientDetailsService clientDetails = clientDetailsService();
+			//AuthorizationServerTokenServices tokenServices = tokenServices();
+			//AuthorizationCodeServices authorizationCodeServices = authorizationCodeServices();
+			//OAuth2RequestFactory requestFactory = requestFactory();
+
+			List<TokenGranter> tokenGranters = new ArrayList<TokenGranter>();
+			tokenGranters.add(new AuthorizationCodeTokenGranter(tokenServices, authorizationCodeServices,
+					clientDetailsService, oAuth2RequestFactory));
+			tokenGranters.add(new RefreshTokenGranter(tokenServices, clientDetailsService, oAuth2RequestFactory));
+			ImplicitTokenGranter implicit = new ImplicitTokenGranter(tokenServices, clientDetailsService, oAuth2RequestFactory);
+			tokenGranters.add(implicit);
+			tokenGranters.add(new ClientCredentialsTokenGranter(tokenServices, clientDetailsService, oAuth2RequestFactory));
+			/*if (authenticationManager != null) {
+				tokenGranters.add(new ResourceOwnerPasswordTokenGranter(authenticationManager, tokenServices,
+						clientDetails, requestFactory));
+			}*/
+			tokenGranter = new CompositeTokenGranter(tokenGranters);
+		}
 		Assert.state(tokenGranter != null, "TokenGranter must be provided");
 		Assert.state(clientDetailsService != null, "ClientDetailsService must be provided");
 		defaultOAuth2RequestFactory = new DefaultOAuth2RequestFactory(getClientDetailsService());
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
index 8bbaed8a..b28735bd 100644
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
@@ -42,6 +42,7 @@ import org.maxkey.authz.oauth2.provider.code.InMemoryAuthorizationCodeServices;
 import org.maxkey.authz.oauth2.provider.implicit.ImplicitTokenRequest;
 import org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestValidator;
 import org.maxkey.domain.apps.oauth2.provider.ClientDetails;
+import org.maxkey.web.WebContext;
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -82,7 +83,7 @@ import org.springframework.web.util.UriTemplate;
 @SessionAttributes("authorizationRequest")
 public class AuthorizationEndpoint extends AbstractEndpoint {
 
-	private AuthorizationCodeServices authorizationCodeServices = new InMemoryAuthorizationCodeServices();
+	
 
 	private RedirectResolver redirectResolver = new DefaultRedirectResolver();
 
@@ -92,7 +93,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
 
 	private OAuth2RequestValidator oauth2RequestValidator = new DefaultOAuth2RequestValidator();
 
-	private String userApprovalPage = "forward:/oauth/v20/confirm_access";
+	private String userApprovalPage = "forward:/oauth/v20/approval_confirm";
 
 	private String errorPage = "forward:/oauth/error";
 	
@@ -108,8 +109,8 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
 
 	@RequestMapping(value = "/oauth/v20/authorize", method = RequestMethod.GET)
 	public ModelAndView authorize(Map<String, Object> model, @RequestParam Map<String, String> parameters,
-			SessionStatus sessionStatus, Principal principal) {
-
+			SessionStatus sessionStatus) {
+		 Principal principal=(Principal)WebContext.getAuthentication().getPrincipal();
 		// Pull out the authorization request first, using the OAuth2RequestFactory. All further logic should
 		// query off of the authorization request instead of referring back to the parameters map. The contents of the
 		// parameters map will be stored without change in the AuthorizationRequest object once it is created.
@@ -187,8 +188,8 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
 
 	@RequestMapping(value = "/oauth/v20/authorize", method = RequestMethod.POST, params = OAuth2Utils.USER_OAUTH_APPROVAL)
 	public View approveOrDeny(@RequestParam Map<String, String> approvalParameters, Map<String, ?> model,
-			SessionStatus sessionStatus, Principal principal) {
-
+			SessionStatus sessionStatus) {
+		Principal principal=(Principal)WebContext.getAuthentication().getPrincipal();
 		if (!(principal instanceof Authentication)) {
 			sessionStatus.setComplete();
 			throw new InsufficientAuthenticationException(
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java
index fa0c9c36..fe4f4f2b 100644
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java
@@ -35,6 +35,7 @@ import org.maxkey.authz.oauth2.provider.TokenRequest;
 import org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestValidator;
 import org.maxkey.domain.apps.oauth2.provider.ClientDetails;
 import org.maxkey.util.StringGenerator;
+import org.maxkey.web.WebContext;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
@@ -81,18 +82,21 @@ public class TokenEndpoint extends AbstractEndpoint {
 	 * @throws HttpRequestMethodNotSupportedException
 	 */
 	@RequestMapping(value = "/oauth/v20/token", method=RequestMethod.GET)
-	public ResponseEntity<OAuth2AccessToken> getAccessToken(Principal principal, @RequestParam
+	public ResponseEntity<OAuth2AccessToken> getAccessToken(@RequestParam
 	Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
 		if (!allowedRequestMethods.contains(HttpMethod.GET)) {
 			throw new HttpRequestMethodNotSupportedException("GET");
 		}
-		return postAccessToken(principal, parameters);
+		return postAccessToken(parameters);
 	}
 	
+	
 	@RequestMapping(value = "/oauth/v20/token", method=RequestMethod.POST)
-	public ResponseEntity<OAuth2AccessToken> postAccessToken(Principal principal, @RequestParam
+	public ResponseEntity<OAuth2AccessToken> postAccessToken(@RequestParam
 	Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
-
+		// TokenEndpointAuthenticationFilter
+		Principal principal=(Principal)WebContext.getAuthentication().getPrincipal();
+		
 		if (!(principal instanceof Authentication)) {
 			throw new InsufficientAuthenticationException(
 					"There is no client authentication. Try adding an appropriate authentication filter.");
@@ -161,7 +165,7 @@ public class TokenEndpoint extends AbstractEndpoint {
 		if (!client.isAuthenticated()) {
 			throw new InsufficientAuthenticationException("The client is not authenticated.");
 		}
-		String clientId = client.getName();
+		String clientId = client.getPrincipal().toString();
 		if (client instanceof OAuth2Authentication) {
 			// Might be a client and user combined authentication
 			clientId = ((OAuth2Authentication) client).getOAuth2Request().getClientId();
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java
index f021a902..0b9d6093 100644
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java
@@ -32,11 +32,13 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.maxkey.authn.BasicAuthentication;
 import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
 import org.maxkey.authz.oauth2.provider.AuthorizationRequest;
 import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
 import org.maxkey.authz.oauth2.provider.OAuth2Request;
 import org.maxkey.authz.oauth2.provider.OAuth2RequestFactory;
+import org.maxkey.web.WebContext;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -45,9 +47,11 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.web.HttpRequestMethodNotSupportedException;
 
 /**
  * <p>
@@ -74,11 +78,16 @@ public class TokenEndpointAuthenticationFilter implements Filter {
 	private static final Log logger = LogFactory.getLog(TokenEndpointAuthenticationFilter.class);
 
 	private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
-
-
-	private final AuthenticationManager authenticationManager;
+	boolean allowOnlyPost;
 	
-	private final OAuth2RequestFactory oAuth2RequestFactory;
+	private  AuthenticationManager authenticationManager;
+	
+	private  OAuth2RequestFactory oAuth2RequestFactory;
+
+	public TokenEndpointAuthenticationFilter() {
+
+	}
+
 
 	/**
 	 * @param authenticationManager an AuthenticationManager for the incoming request
@@ -102,49 +111,29 @@ public class TokenEndpointAuthenticationFilter implements Filter {
 
 	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
 			ServletException {
-
+		logger.debug("Authentication TokenEndpoint ");
+		if(authenticationManager==null) {
+			authenticationManager=(AuthenticationManager)WebContext.getBean("oauth20ClientAuthenticationManager");
+		}
+		if(oAuth2RequestFactory==null) {
+			oAuth2RequestFactory=(OAuth2RequestFactory)WebContext.getBean("oAuth2RequestFactory");
+		}
+		
 		final boolean debug = logger.isDebugEnabled();
 		final HttpServletRequest request = (HttpServletRequest) req;
 		final HttpServletResponse response = (HttpServletResponse) res;
 
 		try {
-			Authentication credentials = extractCredentials(request);
-
-			if (credentials != null) {
-
-				if (debug) {
-					logger.debug("Authentication credentials found for '" + credentials.getName() + "'");
-				}
-
-				Authentication authResult = authenticationManager.authenticate(credentials);
-
-				if (debug) {
-					logger.debug("Authentication success: " + authResult.getName());
-				}
-
-				Authentication clientAuth = SecurityContextHolder.getContext().getAuthentication();
-				if (clientAuth == null) {
-					throw new BadCredentialsException(
-							"No client authentication found. Remember to put a filter upstream of the TokenEndpointAuthenticationFilter.");
-				}
-				
-				Map<String, String> map = getSingleValueMap(request);
-				map.put(OAuth2Utils.CLIENT_ID, clientAuth.getName());
-				AuthorizationRequest authorizationRequest = oAuth2RequestFactory.createAuthorizationRequest(map);
-
-				authorizationRequest.setScope(getScope(request));
-				if (clientAuth.isAuthenticated()) {
-					// Ensure the OAuth2Authentication is authenticated
-					authorizationRequest.setApproved(true);
-				}
-
-				OAuth2Request storedOAuth2Request = oAuth2RequestFactory.createOAuth2Request(authorizationRequest);
-				
-				SecurityContextHolder.getContext().setAuthentication(
-						new OAuth2Authentication(storedOAuth2Request, authResult));
-
-				onSuccessfulAuthentication(request, response, authResult);
-
+			String grantType = request.getParameter("grant_type");
+			if (grantType != null && grantType.equals("password")) {
+				usernamepassword(request,response);
+			}else {
+				Authentication authentication=ClientCredentials(request,response);
+				BasicAuthentication auth =new BasicAuthentication();
+				auth.setJ_username(((User)authentication.getPrincipal()).getUsername());
+				 auth.setAuthenticated(true);
+				UsernamePasswordAuthenticationToken simpleUserAuthentication = new UsernamePasswordAuthenticationToken(auth, authentication.getCredentials(), authentication.getAuthorities());
+				WebContext.setAuthentication(simpleUserAuthentication);
 			}
 
 		}
@@ -163,6 +152,86 @@ public class TokenEndpointAuthenticationFilter implements Filter {
 		chain.doFilter(request, response);
 	}
 
+	public void usernamepassword(HttpServletRequest request, HttpServletResponse response) throws IOException,ServletException {
+	logger.debug("Authentication TokenEndpoint ");
+	
+	try {
+		Authentication credentials = extractCredentials(request);
+	
+		if (credentials != null) {
+			logger.debug("Authentication credentials found for '" + credentials.getName() + "'");
+	
+			Authentication authResult = authenticationManager.authenticate(credentials);
+	
+			logger.debug("Authentication success: " + authResult.getName());
+	
+			Authentication clientAuth = SecurityContextHolder.getContext().getAuthentication();
+			if (clientAuth == null) {
+				throw new BadCredentialsException(
+						"No client authentication found. Remember to put a filter upstream of the TokenEndpointAuthenticationFilter.");
+			}
+			
+			Map<String, String> map = getSingleValueMap(request);
+			map.put(OAuth2Utils.CLIENT_ID, clientAuth.getName());
+			AuthorizationRequest authorizationRequest = oAuth2RequestFactory.createAuthorizationRequest(map);
+	
+			authorizationRequest.setScope(getScope(request));
+			if (clientAuth.isAuthenticated()) {
+				// Ensure the OAuth2Authentication is authenticated
+				authorizationRequest.setApproved(true);
+			}
+	
+			OAuth2Request storedOAuth2Request = oAuth2RequestFactory.createOAuth2Request(authorizationRequest);
+			
+			WebContext.setAuthentication(new OAuth2Authentication(storedOAuth2Request, authResult));
+	
+			onSuccessfulAuthentication(request, response, authResult);
+	
+		}
+	
+	}
+		catch (AuthenticationException failed) {
+			SecurityContextHolder.clearContext();
+		
+				logger.debug("Authentication request for failed: " + failed);
+		
+			onUnsuccessfulAuthentication(request, response, failed);
+		
+			return;
+		}
+	}
+	
+	public Authentication ClientCredentials(HttpServletRequest request, HttpServletResponse response)
+				throws AuthenticationException, IOException, ServletException {
+
+			if (allowOnlyPost && !"POST".equalsIgnoreCase(request.getMethod())) {
+				throw new HttpRequestMethodNotSupportedException(request.getMethod(), new String[] { "POST" });
+			}
+
+			String clientId = request.getParameter("client_id");
+			String clientSecret = request.getParameter("client_secret");
+
+			// If the request is already authenticated we can assume that this
+			// filter is not needed
+			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+			if (authentication != null && authentication.isAuthenticated()) {
+				return authentication;
+			}
+
+			if (clientId == null) {
+				throw new BadCredentialsException("No client credentials presented");
+			}
+
+			if (clientSecret == null) {
+				clientSecret = "";
+			}
+
+			clientId = clientId.trim();
+			UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(clientId,clientSecret);
+
+			return this.authenticationManager.authenticate(authRequest);
+		}
+	 
 	private Map<String, String> getSingleValueMap(HttpServletRequest request) {
 		Map<String, String> map = new HashMap<String, String>();
 		Map<String, String[]> parameters = request.getParameterMap();
@@ -209,5 +278,42 @@ public class TokenEndpointAuthenticationFilter implements Filter {
 
 	public void destroy() {
 	}
+	
+	
+	
+	protected static class ClientCredentialsRequestMatcher implements RequestMatcher {
+
+		private String path;
+
+		public ClientCredentialsRequestMatcher(String path) {
+			this.path = path;
+
+		}
+
+		@Override
+		public boolean matches(HttpServletRequest request) {
+			String uri = request.getRequestURI();
+			int pathParamIndex = uri.indexOf(';');
+
+			if (pathParamIndex > 0) {
+				// strip everything after the first semi-colon
+				uri = uri.substring(0, pathParamIndex);
+			}
+
+			String clientId = request.getParameter("client_id");
+
+			if (clientId == null) {
+				// Give basic auth a chance to work instead (it's preferred anyway)
+				return false;
+			}
+
+			if ("".equals(request.getContextPath())) {
+				return uri.endsWith(path);
+			}
+
+			return uri.endsWith(request.getContextPath() + path);
+		}
+
+	}
 
 }
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/oauth/userinfo/controller/OAuthDefaultUserInfoAdapter.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java
similarity index 96%
rename from maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/oauth/userinfo/controller/OAuthDefaultUserInfoAdapter.java
rename to maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java
index 58b6a11b..4ccde7d6 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/oauth/userinfo/controller/OAuthDefaultUserInfoAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java
@@ -1,4 +1,4 @@
-package org.maxkey.web.oauth.userinfo.controller;
+package org.maxkey.authz.oauth2.provider.userinfo.endpoint;
 
 import java.util.HashMap;
 
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java
new file mode 100644
index 00000000..1a069d30
--- /dev/null
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java
@@ -0,0 +1,312 @@
+package org.maxkey.authz.oauth2.provider.userinfo.endpoint;
+
+import java.util.Arrays;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Set;
+import java.util.UUID;
+
+import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
+import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception;
+import org.maxkey.authz.oauth2.provider.ClientDetailsService;
+import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
+import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices;
+import org.maxkey.constants.BOOLEAN;
+import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.jwt.encryption.service.JwtEncryptionAndDecryptionService;
+import org.maxkey.crypto.jwt.encryption.service.impl.RecipientJwtEncryptionAndDecryptionServiceBuilder;
+import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService;
+import org.maxkey.crypto.jwt.signer.service.impl.SymmetricSigningAndValidationServiceBuilder;
+import org.maxkey.dao.service.ApplicationsService;
+import org.maxkey.dao.service.UserInfoService;
+import org.maxkey.domain.UserInfo;
+import org.maxkey.domain.apps.Applications;
+import org.maxkey.domain.apps.oauth2.provider.ClientDetails;
+import org.maxkey.util.Instance;
+import org.maxkey.util.JsonUtils;
+import org.maxkey.util.StringGenerator;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestHeader;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import com.nimbusds.jose.EncryptionMethod;
+import com.nimbusds.jose.JWEAlgorithm;
+import com.nimbusds.jose.JWEHeader;
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jwt.EncryptedJWT;
+import com.nimbusds.jwt.JWT;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.SignedJWT;
+
+@Controller
+@RequestMapping(value = { "/api" })
+public class UserInfoEndpoint {
+	final static Logger _logger = LoggerFactory.getLogger(UserInfoEndpoint.class);	
+	@Autowired
+	@Qualifier("oauth20JdbcClientDetailsService")
+	private ClientDetailsService clientDetailsService;
+	
+	@Autowired
+	@Qualifier("oauth20TokenServices")
+	private DefaultTokenServices oauth20tokenServices;
+	
+	
+	@Autowired
+	@Qualifier("userInfoService")
+	private UserInfoService userInfoService;
+	
+	@Autowired
+	@Qualifier("applicationsService")
+	protected ApplicationsService applicationsService;
+	
+	@Autowired
+	@Qualifier("jwtSignerValidationService")
+	private JwtSigningAndValidationService jwtSignerValidationService;
+	
+	@Autowired
+	@Qualifier("jwtEncryptionService")
+	private JwtEncryptionAndDecryptionService jwtEnDecryptionService; 
+	
+	private SymmetricSigningAndValidationServiceBuilder symmetricJwtSignerServiceBuilder
+					=new SymmetricSigningAndValidationServiceBuilder();
+
+	private RecipientJwtEncryptionAndDecryptionServiceBuilder recipientJwtEnDecryptionServiceBuilder
+					=new RecipientJwtEncryptionAndDecryptionServiceBuilder();
+
+	
+	OAuthDefaultUserInfoAdapter defaultOAuthUserInfoAdapter=new OAuthDefaultUserInfoAdapter();
+	
+	@RequestMapping(value="/oauth/v20/me",produces="text/plain;charset=UTF-8") 
+	@ResponseBody
+	public String apiV20UserInfo(
+			@RequestParam(value = "access_token", required = true) String access_token) {
+			String principal="";
+			if (!StringGenerator.uuidMatches(access_token)) {
+				return accessTokenFormatError(access_token);
+			}
+			OAuth2Authentication oAuth2Authentication =null;
+			try{
+				 oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
+				 
+				 principal=oAuth2Authentication.getPrincipal().toString();
+				 
+				 String client_id= oAuth2Authentication.getOAuth2Request().getClientId();
+				 UserInfo userInfo=queryUserInfo(principal);
+				 Applications app=applicationsService.get(client_id);
+				 
+				 String userJson="";
+				 
+				 AbstractAuthorizeAdapter adapter;
+				 if(BOOLEAN.isTrue(app.getIsAdapter())){
+					adapter =(AbstractAuthorizeAdapter)Instance.newInstance(app.getAdapter());
+				 }else{
+					adapter =(AbstractAuthorizeAdapter)defaultOAuthUserInfoAdapter;
+				 }
+
+				 String jsonData=adapter.generateInfo(userInfo, null);
+				 userJson=adapter.sign(jsonData, app);
+				 
+				 return userJson;
+				 
+			}catch(OAuth2Exception e){
+				HashMap<String,Object>authzException=new HashMap<String,Object>();
+				authzException.put(OAuth2Exception.ERROR, e.getOAuth2ErrorCode());
+				authzException.put(OAuth2Exception.DESCRIPTION,e.getMessage());
+				return JsonUtils.object2Json(authzException);
+			}
+	}
+	
+	
+	@RequestMapping(value="/connect/v10/userinfo",produces="text/plain;charset=UTF-8")
+	@ResponseBody
+	public String apiConnect10aUserInfo(
+			@RequestHeader(value = "Authorization", required = true) String access_token) {
+		String principal="";
+		if (!StringGenerator.uuidMatches(access_token)) {
+			return accessTokenFormatError(access_token);
+		}
+		OAuth2Authentication oAuth2Authentication =null;
+		try{
+			 oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
+			 
+			 principal=oAuth2Authentication.getPrincipal().toString();
+			 
+			 Set<String >scopes=oAuth2Authentication.getOAuth2Request().getScope();
+			 ClientDetails clientDetails = clientDetailsService.loadClientByClientId(oAuth2Authentication.getOAuth2Request().getClientId());
+			 
+			 UserInfo userInfo=queryUserInfo(principal);
+			 String userJson="";
+			 HashMap<String, Object> claimsFields = new HashMap<String, Object>();
+			 
+		 	claimsFields.put("sub", userInfo.getId());
+		 	
+		 	if(scopes.contains("profile")){
+				claimsFields.put("name", userInfo.getUsername());
+				claimsFields.put("preferred_username", userInfo.getDisplayName());
+				claimsFields.put("given_name", userInfo.getGivenName());
+				claimsFields.put("family_name", userInfo.getFamilyName());
+				claimsFields.put("middle_name", userInfo.getMiddleName());
+				claimsFields.put("nickname", userInfo.getNickName());
+				claimsFields.put("profile", "profile");
+				claimsFields.put("picture", "picture");
+				claimsFields.put("website", userInfo.getWebSite());
+				
+				String gender;
+				 switch(userInfo.getGender()){
+				 	case UserInfo.GENDER.MALE  :
+				 		gender="male";break;
+				 	case UserInfo.GENDER.FEMALE  :
+				 		gender="female";break;
+				 	default:
+				 		gender="unknown";
+				 }
+				claimsFields.put("gender", gender);
+				claimsFields.put("zoneinfo", userInfo.getTimeZone());
+				claimsFields.put("locale", userInfo.getLocale());
+				claimsFields.put("updated_time", userInfo.getModifiedDate());
+				claimsFields.put("birthdate", userInfo.getBirthDate());
+		 	}
+		 	
+		 	if(scopes.contains("email")){
+		 		claimsFields.put("email", userInfo.getWorkEmail());
+		 		claimsFields.put("email_verified", false);
+		 	}
+		 	
+			if(scopes.contains("phone")){
+				claimsFields.put("phone_number", userInfo.getWorkPhoneNumber());
+				claimsFields.put("phone_number_verified", false);
+			}
+			
+			if(scopes.contains("address")){
+				HashMap<String, String> addressFields = new HashMap<String, String>();
+				addressFields.put("country", userInfo.getWorkCountry());
+				addressFields.put("region", userInfo.getWorkRegion());
+				addressFields.put("locality", userInfo.getWorkLocality());
+				addressFields.put("street_address", userInfo.getWorkStreetAddress());
+				addressFields.put("formatted", userInfo.getWorkAddressFormatted());
+				addressFields.put("postal_code", userInfo.getWorkPostalCode());
+				
+				claimsFields.put("address", addressFields);
+			}
+			
+			JWTClaimsSet userInfoJWTClaims = new JWTClaimsSet.Builder()
+					.jwtID(UUID.randomUUID().toString())// set a random NONCE in the middle of it
+					.audience(Arrays.asList(clientDetails.getClientId()))
+					.issueTime(new Date())
+					.expirationTime(new Date(new Date().getTime()+clientDetails.getAccessTokenValiditySeconds()*1000))
+					.claim(claimsFields)
+					.build();
+	
+			
+			JWT userInfoJWT=null;
+			JWSAlgorithm signingAlg = jwtSignerValidationService.getDefaultSigningAlgorithm();
+			if (clientDetails.getUserInfoEncryptedAlgorithm() != null && !clientDetails.getUserInfoEncryptedAlgorithm().equals("none")
+					&& clientDetails.getUserInfoEncryptionMethod() != null && !clientDetails.getUserInfoEncryptionMethod().equals("none")
+					&&clientDetails.getJwksUri()!=null&&clientDetails.getJwksUri().length()>4
+					) {
+				JwtEncryptionAndDecryptionService recipientJwtEnDecryptionService =
+						recipientJwtEnDecryptionServiceBuilder.serviceBuilder(clientDetails.getJwksUri());
+				
+				if (recipientJwtEnDecryptionService != null) {
+					JWEAlgorithm jweAlgorithm=new JWEAlgorithm(clientDetails.getUserInfoEncryptedAlgorithm());
+					EncryptionMethod encryptionMethod=new EncryptionMethod(clientDetails.getUserInfoEncryptionMethod());
+					EncryptedJWT encryptedJWT = new EncryptedJWT(new JWEHeader(jweAlgorithm, encryptionMethod), userInfoJWTClaims);
+					recipientJwtEnDecryptionService.encryptJwt(encryptedJWT);
+					userJson=encryptedJWT.serialize();
+				}else{
+					_logger.error("Couldn't find encrypter for client: " + clientDetails.getClientId());
+					HashMap<String,Object>authzException=new HashMap<String,Object>();
+					authzException.put(OAuth2Exception.ERROR, "error");
+					authzException.put(OAuth2Exception.DESCRIPTION,"Couldn't find encrypter for client: " + clientDetails.getClientId());
+					return JsonUtils.gson2Json(authzException);
+				}	
+			} else {
+				if (clientDetails.getUserInfoSigningAlgorithm()==null||clientDetails.getUserInfoSigningAlgorithm().equals("none")) {
+					// unsigned ID token
+					//userInfoJWT = new PlainJWT(userInfoJWTClaims);
+					userJson=JsonUtils.gson2Json(claimsFields);
+				} else {
+					// signed ID token
+					if (signingAlg.equals(JWSAlgorithm.HS256)
+							|| signingAlg.equals(JWSAlgorithm.HS384)
+							|| signingAlg.equals(JWSAlgorithm.HS512)) {
+						// sign it with the client's secret
+						String client_secret=ReciprocalUtils.decoder(clientDetails.getClientSecret());
+						
+						JwtSigningAndValidationService symmetricJwtSignerService =symmetricJwtSignerServiceBuilder.serviceBuilder(client_secret);
+						if(symmetricJwtSignerService!=null){
+							userInfoJWTClaims = new JWTClaimsSet.Builder(userInfoJWTClaims).claim("kid", "SYMMETRIC-KEY").build();
+							userInfoJWT = new SignedJWT(new JWSHeader(signingAlg), userInfoJWTClaims);
+							symmetricJwtSignerService.signJwt((SignedJWT) userInfoJWT);
+						}else{
+							_logger.error("Couldn't create symmetric validator for client " + clientDetails.getClientId() + " without a client secret");
+						}
+					} else {
+						userInfoJWTClaims = new JWTClaimsSet.Builder(userInfoJWTClaims).claim("kid", jwtSignerValidationService.getDefaultSignerKeyId()).build();
+						userInfoJWT = new SignedJWT(new JWSHeader(signingAlg), userInfoJWTClaims);
+						// sign it with the server's key
+						jwtSignerValidationService.signJwt((SignedJWT) userInfoJWT);
+					}
+					userJson=userInfoJWT.serialize();
+				}
+			}
+			 
+			 return userJson;
+			 
+		}catch(OAuth2Exception e){
+			HashMap<String,Object>authzException=new HashMap<String,Object>();
+			authzException.put(OAuth2Exception.ERROR, e.getOAuth2ErrorCode());
+			authzException.put(OAuth2Exception.DESCRIPTION,e.getMessage());
+			return JsonUtils.object2Json(authzException);
+		}
+	}
+
+
+	public String accessTokenFormatError(String access_token){
+		HashMap<String,Object>atfe=new HashMap<String,Object>();
+		atfe.put(OAuth2Exception.ERROR, "token Format Invalid");
+		atfe.put(OAuth2Exception.DESCRIPTION, "access Token Format Invalid , access_token : "+access_token);
+		
+		return JsonUtils.object2Json(atfe);
+	}
+
+	
+	public  UserInfo queryUserInfo(String uid){
+		_logger.debug("uid : "+uid);
+		UserInfo queryUserInfo=new UserInfo();
+		queryUserInfo.setUsername(uid);
+		UserInfo userInfo = (UserInfo) userInfoService.load(queryUserInfo);
+		return userInfo;
+	}
+
+
+	public void setOauth20tokenServices(DefaultTokenServices oauth20tokenServices) {
+		this.oauth20tokenServices = oauth20tokenServices;
+	}
+	
+
+
+	public void setUserInfoService(UserInfoService userInfoService) {
+		this.userInfoService = userInfoService;
+	}
+
+//
+//
+//	public void setJwtSignerValidationService(
+//			JwtSigningAndValidationService jwtSignerValidationService) {
+//		this.jwtSignerValidationService = jwtSignerValidationService;
+//	}
+//
+//	public void setJwtEnDecryptionService(
+//			JwtEncryptionAndDecryptionService jwtEnDecryptionService) {
+//		this.jwtEnDecryptionService = jwtEnDecryptionService;
+//	}
+}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/package-info.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/package-info.java
new file mode 100644
index 00000000..b40a94d4
--- /dev/null
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/package-info.java
@@ -0,0 +1,8 @@
+/**
+ * 
+ */
+/**
+ * @author Crystal.Sea
+ *
+ */
+package org.maxkey.authz.oauth2.provider.userinfo.endpoint;
\ No newline at end of file
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/bin/main/org/maxkey/authz/oidc/idtoken/OIDCIdTokenEnhancer.java.backup.20190420 b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oidc/idtoken/OIDCIdTokenEnhancer.java
similarity index 73%
rename from maxkey-protocols/maxkey-protocol-oauth-2.0/bin/main/org/maxkey/authz/oidc/idtoken/OIDCIdTokenEnhancer.java.backup.20190420
rename to maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oidc/idtoken/OIDCIdTokenEnhancer.java
index 79ba1b52..4dc0f1b6 100644
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/bin/main/org/maxkey/authz/oidc/idtoken/OIDCIdTokenEnhancer.java.backup.20190420
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oidc/idtoken/OIDCIdTokenEnhancer.java
@@ -1,7 +1,7 @@
 /**
  * 
  */
-package com.connsec.authz.oidc.idtoken;
+package org.maxkey.authz.oidc.idtoken;
 
 import java.util.Arrays;
 import java.util.Date;
@@ -10,25 +10,25 @@ import java.util.UUID;
 
 import org.joda.time.DateTime;
 import org.joda.time.format.DateTimeFormat;
+import org.maxkey.authz.oauth2.common.DefaultOAuth2AccessToken;
+import org.maxkey.authz.oauth2.common.OAuth2AccessToken;
+import org.maxkey.authz.oauth2.provider.ClientDetailsService;
+import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
+import org.maxkey.authz.oauth2.provider.OAuth2Request;
+import org.maxkey.authz.oauth2.provider.token.TokenEnhancer;
+import org.maxkey.config.oidc.OIDCProviderMetadata;
+import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.jwt.encryption.service.JwtEncryptionAndDecryptionService;
+import org.maxkey.crypto.jwt.encryption.service.impl.RecipientJwtEncryptionAndDecryptionServiceBuilder;
+import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService;
+import org.maxkey.crypto.jwt.signer.service.impl.SymmetricSigningAndValidationServiceBuilder;
+import org.maxkey.domain.apps.oauth2.provider.ClientDetails;
+import org.maxkey.web.WebContext;
 
 import com.nimbusds.jose.util.Base64URL;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.connsec.authz.oauth2.common.DefaultOAuth2AccessToken;
-import com.connsec.authz.oauth2.common.OAuth2AccessToken;
-import com.connsec.authz.oauth2.provider.ClientDetailsService;
-import com.connsec.authz.oauth2.provider.OAuth2Authentication;
-import com.connsec.authz.oauth2.provider.OAuth2Request;
-import com.connsec.authz.oauth2.provider.token.TokenEnhancer;
-import com.connsec.config.oidc.OIDCProviderMetadata;
-import com.connsec.crypto.ReciprocalUtils;
-import com.connsec.crypto.jwt.encryption.service.JwtEncryptionAndDecryptionService;
-import com.connsec.crypto.jwt.encryption.service.impl.RecipientJwtEncryptionAndDecryptionServiceBuilder;
-import com.connsec.crypto.jwt.signer.service.JwtSigningAndValidationService;
-import com.connsec.crypto.jwt.signer.service.impl.SymmetricSigningAndValidationServiceBuilder;
-import com.connsec.domain.apps.oauth2.provider.ClientDetails;
-import com.connsec.web.WebContext;
 import com.google.common.base.Strings;
 import com.nimbusds.jose.EncryptionMethod;
 import com.nimbusds.jose.JWEAlgorithm;
@@ -87,22 +87,22 @@ public class OIDCIdTokenEnhancer implements TokenEnhancer {
 		if (request.getScope().contains(ID_TOKEN_SCOPE)) {//Enhance for OpenID Connect
 			ClientDetails clientDetails = clientDetailsService.loadClientByClientId(authentication.getOAuth2Request().getClientId());
 			
+			JWTClaimsSet.Builder builder=new JWTClaimsSet.Builder();
+			builder.subject(authentication.getName())
+		      .expirationTime(accessToken.getExpiration())
+		      .claim(providerMetadata.getIssuer(), true)
+		      .issueTime(new Date())
+		      .audience(Arrays.asList(authentication.getOAuth2Request().getClientId()))
+		      .jwtID(UUID.randomUUID().toString());
 			
-			JWTClaimsSet idClaims = new JWTClaimsSet.Builder()
-				      .subject(authentication.getName())
-				      .expirationTime(accessToken.getExpiration())
-				      .claim(providerMetadata.getIssuer(), true)
-				      .issueTime(new Date())
-				      .audience(Arrays.asList(authentication.getOAuth2Request().getClientId()))
-				      .jwtID(UUID.randomUUID().toString())
-				      .build();
 			/**
 			 * https://self-issued.me
 			 * @see http://openid.net/specs/openid-connect-core-1_0.html#SelfIssuedDiscovery
 			 *     7.  Self-Issued OpenID Provider
 			 */
+			
 			if(providerMetadata.getIssuer().equalsIgnoreCase("https://self-issued.me")){
-				idClaims.setCustomClaim("sub_jwk", jwtSignerService.getAllPublicKeys().get(jwtSignerService.getDefaultSignerKeyId()));
+				builder.claim("sub_jwk", jwtSignerService.getAllPublicKeys().get(jwtSignerService.getDefaultSignerKeyId()));
 			}
 			
 			// if the auth time claim was explicitly requested OR if the client always wants the auth time, put it in
@@ -110,24 +110,24 @@ public class OIDCIdTokenEnhancer implements TokenEnhancer {
 					|| (request.getExtensions().containsKey("idtoken")) // TODO: parse the ID Token claims (#473) -- for now assume it could be in there
 					) {
 				DateTime loginDate=DateTime.parse(WebContext.getUserInfo().getLastLoginTime(), DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss"));
-				idClaims.setClaim("auth_time",  loginDate.getMillis()/ 1000);
+				builder.claim("auth_time",  loginDate.getMillis()/ 1000);
 			}
 			
 			String nonce = (String)request.getExtensions().get("nonce");
 			if (!Strings.isNullOrEmpty(nonce)) {
-				idClaims.setCustomClaim("nonce", nonce);
+				builder.claim("nonce", nonce);
 			}
 			
 			JWSAlgorithm signingAlg = jwtSignerService.getDefaultSigningAlgorithm();
-			SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), idClaims);
+			SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), builder.build());
 			Set<String> responseTypes = request.getResponseTypes();
 
 			if (responseTypes.contains("token")) {
 				// calculate the token hash
 				Base64URL at_hash = IdTokenHashUtils.getAccessTokenHash(signingAlg, signed);
-				idClaims.setClaim("at_hash", at_hash);
+				builder.claim("at_hash", at_hash);
 			}
-			logger.debug("idClaims "+idClaims);
+			logger.debug("idClaims "+builder.build());
 			
 			JWT idToken=null;
 			if (clientDetails.getIdTokenEncryptedAlgorithm() != null && !clientDetails.getIdTokenEncryptedAlgorithm().equals("none")
@@ -140,7 +140,7 @@ public class OIDCIdTokenEnhancer implements TokenEnhancer {
 				if (recipientJwtEnDecryptionService != null) {
 					JWEAlgorithm jweAlgorithm=new JWEAlgorithm(clientDetails.getIdTokenEncryptedAlgorithm());
 					EncryptionMethod encryptionMethod=new EncryptionMethod(clientDetails.getIdTokenEncryptionMethod());
-					EncryptedJWT encryptedJWT = new EncryptedJWT(new JWEHeader(jweAlgorithm, encryptionMethod), idClaims);
+					EncryptedJWT encryptedJWT = new EncryptedJWT(new JWEHeader(jweAlgorithm, encryptionMethod), builder.build());
 					recipientJwtEnDecryptionService.encryptJwt(encryptedJWT);
 					idToken=encryptedJWT;
 				}else{
@@ -149,7 +149,7 @@ public class OIDCIdTokenEnhancer implements TokenEnhancer {
 			} else {
 				if (signingAlg==null||signingAlg.equals("none")) {
 					// unsigned ID token
-					idToken = new PlainJWT(idClaims);
+					idToken = new PlainJWT(builder.build());
 				} else {
 					// signed ID token
 					if (signingAlg.equals(JWSAlgorithm.HS256)
@@ -160,15 +160,15 @@ public class OIDCIdTokenEnhancer implements TokenEnhancer {
 						
 						JwtSigningAndValidationService symmetricJwtSignerService =symmetricJwtSignerServiceBuilder.serviceBuilder(client_secret);
 						if(symmetricJwtSignerService!=null){
-							idClaims.setCustomClaim("kid", "SYMMETRIC-KEY");
-							idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims);
+							builder.claim("kid", "SYMMETRIC-KEY");
+							idToken = new SignedJWT(new JWSHeader(signingAlg), builder.build());
 							symmetricJwtSignerService.signJwt((SignedJWT) idToken);
 						}else {
 							logger.error("Couldn't create symmetric validator for client " + clientDetails.getClientId() + " without a client secret");
 						}
 					} else {
-						idClaims.setCustomClaim("kid", jwtSignerService.getDefaultSignerKeyId());
-						idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims);
+						builder.claim("kid", jwtSignerService.getDefaultSignerKeyId());
+						idToken = new SignedJWT(new JWSHeader(signingAlg), builder.build());
 						// sign it with the server's key
 						jwtSignerService.signJwt((SignedJWT) idToken);
 					}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oidc/idtoken/OIDCIdTokenEnhancer.java.backup.20190420 b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oidc/idtoken/OIDCIdTokenEnhancer.java.backup.20190420
deleted file mode 100644
index 79ba1b52..00000000
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oidc/idtoken/OIDCIdTokenEnhancer.java.backup.20190420
+++ /dev/null
@@ -1,187 +0,0 @@
-/**
- * 
- */
-package com.connsec.authz.oidc.idtoken;
-
-import java.util.Arrays;
-import java.util.Date;
-import java.util.Set;
-import java.util.UUID;
-
-import org.joda.time.DateTime;
-import org.joda.time.format.DateTimeFormat;
-
-import com.nimbusds.jose.util.Base64URL;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.connsec.authz.oauth2.common.DefaultOAuth2AccessToken;
-import com.connsec.authz.oauth2.common.OAuth2AccessToken;
-import com.connsec.authz.oauth2.provider.ClientDetailsService;
-import com.connsec.authz.oauth2.provider.OAuth2Authentication;
-import com.connsec.authz.oauth2.provider.OAuth2Request;
-import com.connsec.authz.oauth2.provider.token.TokenEnhancer;
-import com.connsec.config.oidc.OIDCProviderMetadata;
-import com.connsec.crypto.ReciprocalUtils;
-import com.connsec.crypto.jwt.encryption.service.JwtEncryptionAndDecryptionService;
-import com.connsec.crypto.jwt.encryption.service.impl.RecipientJwtEncryptionAndDecryptionServiceBuilder;
-import com.connsec.crypto.jwt.signer.service.JwtSigningAndValidationService;
-import com.connsec.crypto.jwt.signer.service.impl.SymmetricSigningAndValidationServiceBuilder;
-import com.connsec.domain.apps.oauth2.provider.ClientDetails;
-import com.connsec.web.WebContext;
-import com.google.common.base.Strings;
-import com.nimbusds.jose.EncryptionMethod;
-import com.nimbusds.jose.JWEAlgorithm;
-import com.nimbusds.jose.JWEHeader;
-import com.nimbusds.jose.JWSAlgorithm;
-import com.nimbusds.jose.JWSHeader;
-import com.nimbusds.jwt.EncryptedJWT;
-import com.nimbusds.jwt.JWT;
-import com.nimbusds.jwt.JWTClaimsSet;
-import com.nimbusds.jwt.PlainJWT;
-import com.nimbusds.jwt.SignedJWT;
-
-/**
- * @author Crystal.Sea
- *
- */
-public class OIDCIdTokenEnhancer implements TokenEnhancer {
-	private final static Logger logger = LoggerFactory.getLogger(OIDCIdTokenEnhancer.class);
-	
-	public  final static String ID_TOKEN_SCOPE="openid";
-
-	private OIDCProviderMetadata providerMetadata;
-	
-	private JwtSigningAndValidationService jwtSignerService;
-	
-	private JwtEncryptionAndDecryptionService jwtEnDecryptionService; 
-
-	private ClientDetailsService clientDetailsService;
-	
-	private SymmetricSigningAndValidationServiceBuilder symmetricJwtSignerServiceBuilder
-								=new SymmetricSigningAndValidationServiceBuilder();
-	
-	private RecipientJwtEncryptionAndDecryptionServiceBuilder recipientJwtEnDecryptionServiceBuilder
-					=new RecipientJwtEncryptionAndDecryptionServiceBuilder();
-	
-	public void setProviderMetadata(OIDCProviderMetadata providerMetadata) {
-		this.providerMetadata = providerMetadata;
-	}
-
-	public void setJwtSignerService(JwtSigningAndValidationService jwtSignerService) {
-		this.jwtSignerService = jwtSignerService;
-	}
-
-	public void setJwtEnDecryptionService(
-			JwtEncryptionAndDecryptionService jwtEnDecryptionService) {
-		this.jwtEnDecryptionService = jwtEnDecryptionService;
-	}
-
-	public void setClientDetailsService(ClientDetailsService clientDetailsService) {
-		this.clientDetailsService = clientDetailsService;
-	}
-
-	@Override
-	public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
-		OAuth2Request  request=authentication.getOAuth2Request();
-		if (request.getScope().contains(ID_TOKEN_SCOPE)) {//Enhance for OpenID Connect
-			ClientDetails clientDetails = clientDetailsService.loadClientByClientId(authentication.getOAuth2Request().getClientId());
-			
-			
-			JWTClaimsSet idClaims = new JWTClaimsSet.Builder()
-				      .subject(authentication.getName())
-				      .expirationTime(accessToken.getExpiration())
-				      .claim(providerMetadata.getIssuer(), true)
-				      .issueTime(new Date())
-				      .audience(Arrays.asList(authentication.getOAuth2Request().getClientId()))
-				      .jwtID(UUID.randomUUID().toString())
-				      .build();
-			/**
-			 * https://self-issued.me
-			 * @see http://openid.net/specs/openid-connect-core-1_0.html#SelfIssuedDiscovery
-			 *     7.  Self-Issued OpenID Provider
-			 */
-			if(providerMetadata.getIssuer().equalsIgnoreCase("https://self-issued.me")){
-				idClaims.setCustomClaim("sub_jwk", jwtSignerService.getAllPublicKeys().get(jwtSignerService.getDefaultSignerKeyId()));
-			}
-			
-			// if the auth time claim was explicitly requested OR if the client always wants the auth time, put it in
-			if (request.getExtensions().containsKey("max_age")
-					|| (request.getExtensions().containsKey("idtoken")) // TODO: parse the ID Token claims (#473) -- for now assume it could be in there
-					) {
-				DateTime loginDate=DateTime.parse(WebContext.getUserInfo().getLastLoginTime(), DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss"));
-				idClaims.setClaim("auth_time",  loginDate.getMillis()/ 1000);
-			}
-			
-			String nonce = (String)request.getExtensions().get("nonce");
-			if (!Strings.isNullOrEmpty(nonce)) {
-				idClaims.setCustomClaim("nonce", nonce);
-			}
-			
-			JWSAlgorithm signingAlg = jwtSignerService.getDefaultSigningAlgorithm();
-			SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), idClaims);
-			Set<String> responseTypes = request.getResponseTypes();
-
-			if (responseTypes.contains("token")) {
-				// calculate the token hash
-				Base64URL at_hash = IdTokenHashUtils.getAccessTokenHash(signingAlg, signed);
-				idClaims.setClaim("at_hash", at_hash);
-			}
-			logger.debug("idClaims "+idClaims);
-			
-			JWT idToken=null;
-			if (clientDetails.getIdTokenEncryptedAlgorithm() != null && !clientDetails.getIdTokenEncryptedAlgorithm().equals("none")
-					&& clientDetails.getIdTokenEncryptionMethod() != null && !clientDetails.getIdTokenEncryptionMethod().equals("none")
-					&&clientDetails.getJwksUri()!=null&&clientDetails.getJwksUri().length()>4) {
-
-				JwtEncryptionAndDecryptionService recipientJwtEnDecryptionService =
-						recipientJwtEnDecryptionServiceBuilder.serviceBuilder(clientDetails.getJwksUri());
-				
-				if (recipientJwtEnDecryptionService != null) {
-					JWEAlgorithm jweAlgorithm=new JWEAlgorithm(clientDetails.getIdTokenEncryptedAlgorithm());
-					EncryptionMethod encryptionMethod=new EncryptionMethod(clientDetails.getIdTokenEncryptionMethod());
-					EncryptedJWT encryptedJWT = new EncryptedJWT(new JWEHeader(jweAlgorithm, encryptionMethod), idClaims);
-					recipientJwtEnDecryptionService.encryptJwt(encryptedJWT);
-					idToken=encryptedJWT;
-				}else{
-					logger.error("Couldn't create Jwt Encryption Service");
-				}
-			} else {
-				if (signingAlg==null||signingAlg.equals("none")) {
-					// unsigned ID token
-					idToken = new PlainJWT(idClaims);
-				} else {
-					// signed ID token
-					if (signingAlg.equals(JWSAlgorithm.HS256)
-							|| signingAlg.equals(JWSAlgorithm.HS384)
-							|| signingAlg.equals(JWSAlgorithm.HS512)) {
-						// sign it with the client's secret
-						String client_secret=ReciprocalUtils.decoder(clientDetails.getClientSecret());
-						
-						JwtSigningAndValidationService symmetricJwtSignerService =symmetricJwtSignerServiceBuilder.serviceBuilder(client_secret);
-						if(symmetricJwtSignerService!=null){
-							idClaims.setCustomClaim("kid", "SYMMETRIC-KEY");
-							idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims);
-							symmetricJwtSignerService.signJwt((SignedJWT) idToken);
-						}else {
-							logger.error("Couldn't create symmetric validator for client " + clientDetails.getClientId() + " without a client secret");
-						}
-					} else {
-						idClaims.setCustomClaim("kid", jwtSignerService.getDefaultSignerKeyId());
-						idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims);
-						// sign it with the server's key
-						jwtSignerService.signJwt((SignedJWT) idToken);
-					}
-				}
-			}
-			logger.debug("idToken "+idToken);
-			
-			accessToken = new DefaultOAuth2AccessToken(accessToken);
-			if(idToken!=null){
-				accessToken.getAdditionalInformation().put("id_token", idToken.serialize());
-			}
-		}
-		return accessToken;
-	}
-
-}
diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java
index 2122aeaf..f712304a 100644
--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java
@@ -23,7 +23,6 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.servlet.ModelAndView;
@@ -62,12 +61,12 @@ public class AssertionEndpoint {
 		ArrayList<GrantedAuthority> grantedAuthority = new ArrayList<GrantedAuthority>();
 		grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER"));
 
-		UsernamePasswordAuthenticationToken authToken = (UsernamePasswordAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
+		UsernamePasswordAuthenticationToken authToken = (UsernamePasswordAuthenticationToken)WebContext.getAuthentication();
 
 		for(GrantedAuthority anthGrantedAuthority: authToken.getAuthorities()){
 			grantedAuthority.add(anthGrantedAuthority);
 		}
-		
+		//TODO:
 		String userName =authToken.getPrincipal().toString();
 		DateTime authnInstant = new DateTime(request.getSession().getCreationTime());
 
diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/SpringResourceLoader.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/SpringResourceLoader.java
new file mode 100644
index 00000000..17ea2e58
--- /dev/null
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/SpringResourceLoader.java
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2002-2012 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.ui.velocity;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Arrays;
+
+import org.apache.commons.collections.ExtendedProperties;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.velocity.exception.ResourceNotFoundException;
+import org.apache.velocity.runtime.resource.Resource;
+import org.apache.velocity.runtime.resource.loader.ResourceLoader;
+
+import org.springframework.util.StringUtils;
+
+/**
+ * Velocity ResourceLoader adapter that loads via a Spring ResourceLoader.
+ * Used by VelocityEngineFactory for any resource loader path that cannot
+ * be resolved to a {@code java.io.File}.
+ *
+ * <p>Note that this loader does not allow for modification detection:
+ * Use Velocity's default FileResourceLoader for {@code java.io.File}
+ * resources.
+ *
+ * <p>Expects "spring.resource.loader" and "spring.resource.loader.path"
+ * application attributes in the Velocity runtime: the former of type
+ * {@code org.springframework.core.io.ResourceLoader}, the latter a String.
+ *
+ * @author Juergen Hoeller
+ * @since 14.03.2004
+ * @see VelocityEngineFactory#setResourceLoaderPath
+ * @see org.springframework.core.io.ResourceLoader
+ * @see org.apache.velocity.runtime.resource.loader.FileResourceLoader
+ */
+public class SpringResourceLoader extends ResourceLoader {
+
+	public static final String NAME = "spring";
+
+	public static final String SPRING_RESOURCE_LOADER_CLASS = "spring.resource.loader.class";
+
+	public static final String SPRING_RESOURCE_LOADER_CACHE = "spring.resource.loader.cache";
+
+	public static final String SPRING_RESOURCE_LOADER = "spring.resource.loader";
+
+	public static final String SPRING_RESOURCE_LOADER_PATH = "spring.resource.loader.path";
+
+
+	protected final Log logger = LogFactory.getLog(getClass());
+
+	private org.springframework.core.io.ResourceLoader resourceLoader;
+
+	private String[] resourceLoaderPaths;
+
+
+	@Override
+	public void init(ExtendedProperties configuration) {
+		this.resourceLoader = (org.springframework.core.io.ResourceLoader)
+				this.rsvc.getApplicationAttribute(SPRING_RESOURCE_LOADER);
+		String resourceLoaderPath = (String) this.rsvc.getApplicationAttribute(SPRING_RESOURCE_LOADER_PATH);
+		if (this.resourceLoader == null) {
+			throw new IllegalArgumentException(
+					"'resourceLoader' application attribute must be present for SpringResourceLoader");
+		}
+		if (resourceLoaderPath == null) {
+			throw new IllegalArgumentException(
+					"'resourceLoaderPath' application attribute must be present for SpringResourceLoader");
+		}
+		this.resourceLoaderPaths = StringUtils.commaDelimitedListToStringArray(resourceLoaderPath);
+		for (int i = 0; i < this.resourceLoaderPaths.length; i++) {
+			String path = this.resourceLoaderPaths[i];
+			if (!path.endsWith("/")) {
+				this.resourceLoaderPaths[i] = path + "/";
+			}
+		}
+		if (logger.isInfoEnabled()) {
+			logger.info("SpringResourceLoader for Velocity: using resource loader [" + this.resourceLoader +
+					"] and resource loader paths " + Arrays.asList(this.resourceLoaderPaths));
+		}
+	}
+
+	@Override
+	public InputStream getResourceStream(String source) throws ResourceNotFoundException {
+		if (logger.isDebugEnabled()) {
+			logger.debug("Looking for Velocity resource with name [" + source + "]");
+		}
+		for (String resourceLoaderPath : this.resourceLoaderPaths) {
+			org.springframework.core.io.Resource resource =
+					this.resourceLoader.getResource(resourceLoaderPath + source);
+			try {
+				return resource.getInputStream();
+			}
+			catch (IOException ex) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("Could not find Velocity resource: " + resource);
+				}
+			}
+		}
+		throw new ResourceNotFoundException(
+				"Could not find resource [" + source + "] in Spring resource loader path");
+	}
+
+	@Override
+	public boolean isSourceModified(Resource resource) {
+		return false;
+	}
+
+	@Override
+	public long getLastModified(Resource resource) {
+		return 0;
+	}
+
+}
\ No newline at end of file
diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/VelocityEngineFactory.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/VelocityEngineFactory.java
new file mode 100644
index 00000000..eab9b641
--- /dev/null
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/VelocityEngineFactory.java
@@ -0,0 +1,357 @@
+/*
+ * Copyright 2002-2013 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.ui.velocity;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.exception.VelocityException;
+import org.apache.velocity.runtime.RuntimeConstants;
+import org.apache.velocity.runtime.log.CommonsLogLogChute;
+
+import org.springframework.core.io.DefaultResourceLoader;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.core.io.support.PropertiesLoaderUtils;
+import org.springframework.util.CollectionUtils;
+import org.springframework.util.StringUtils;
+
+/**
+ * Factory that configures a VelocityEngine. Can be used standalone,
+ * but typically you will either use {@link VelocityEngineFactoryBean}
+ * for preparing a VelocityEngine as bean reference, or
+ * {@link org.springframework.web.servlet.view.velocity.VelocityConfigurer}
+ * for web views.
+ *
+ * <p>The optional "configLocation" property sets the location of the Velocity
+ * properties file, within the current application. Velocity properties can be
+ * overridden via "velocityProperties", or even completely specified locally,
+ * avoiding the need for an external properties file.
+ *
+ * <p>The "resourceLoaderPath" property can be used to specify the Velocity
+ * resource loader path via Spring's Resource abstraction, possibly relative
+ * to the Spring application context.
+ *
+ * <p>If "overrideLogging" is true (the default), the VelocityEngine will be
+ * configured to log via Commons Logging, that is, using
+ * {@link CommonsLogLogChute} as log system.
+ *
+ * <p>The simplest way to use this class is to specify a
+ * {@link #setResourceLoaderPath(String) "resourceLoaderPath"}; the
+ * VelocityEngine typically then does not need any further configuration.
+ *
+ * @author Juergen Hoeller
+ * @see #setConfigLocation
+ * @see #setVelocityProperties
+ * @see #setResourceLoaderPath
+ * @see #setOverrideLogging
+ * @see #createVelocityEngine
+ * @see VelocityEngineFactoryBean
+ * @see org.springframework.web.servlet.view.velocity.VelocityConfigurer
+ * @see org.apache.velocity.app.VelocityEngine
+ * @deprecated as of Spring 4.3, in favor of FreeMarker
+ */
+@Deprecated
+public class VelocityEngineFactory {
+
+	protected final Log logger = LogFactory.getLog(getClass());
+
+	private Resource configLocation;
+
+	private final Map<String, Object> velocityProperties = new HashMap<String, Object>();
+
+	private String resourceLoaderPath;
+
+	private ResourceLoader resourceLoader = new DefaultResourceLoader();
+
+	private boolean preferFileSystemAccess = true;
+
+	private boolean overrideLogging = true;
+
+
+	/**
+	 * Set the location of the Velocity config file.
+	 * Alternatively, you can specify all properties locally.
+	 * @see #setVelocityProperties
+	 * @see #setResourceLoaderPath
+	 */
+	public void setConfigLocation(Resource configLocation) {
+		this.configLocation = configLocation;
+	}
+
+	/**
+	 * Set Velocity properties, like "file.resource.loader.path".
+	 * Can be used to override values in a Velocity config file,
+	 * or to specify all necessary properties locally.
+	 * <p>Note that the Velocity resource loader path also be set to any
+	 * Spring resource location via the "resourceLoaderPath" property.
+	 * Setting it here is just necessary when using a non-file-based
+	 * resource loader.
+	 * @see #setVelocityPropertiesMap
+	 * @see #setConfigLocation
+	 * @see #setResourceLoaderPath
+	 */
+	public void setVelocityProperties(Properties velocityProperties) {
+		CollectionUtils.mergePropertiesIntoMap(velocityProperties, this.velocityProperties);
+	}
+
+	/**
+	 * Set Velocity properties as Map, to allow for non-String values
+	 * like "ds.resource.loader.instance".
+	 * @see #setVelocityProperties
+	 */
+	public void setVelocityPropertiesMap(Map<String, Object> velocityPropertiesMap) {
+		if (velocityPropertiesMap != null) {
+			this.velocityProperties.putAll(velocityPropertiesMap);
+		}
+	}
+
+	/**
+	 * Set the Velocity resource loader path via a Spring resource location.
+	 * Accepts multiple locations in Velocity's comma-separated path style.
+	 * <p>When populated via a String, standard URLs like "file:" and "classpath:"
+	 * pseudo URLs are supported, as understood by ResourceLoader. Allows for
+	 * relative paths when running in an ApplicationContext.
+	 * <p>Will define a path for the default Velocity resource loader with the name
+	 * "file". If the specified resource cannot be resolved to a {@code java.io.File},
+	 * a generic SpringResourceLoader will be used under the name "spring", without
+	 * modification detection.
+	 * <p>Note that resource caching will be enabled in any case. With the file
+	 * resource loader, the last-modified timestamp will be checked on access to
+	 * detect changes. With SpringResourceLoader, the resource will be cached
+	 * forever (for example for class path resources).
+	 * <p>To specify a modification check interval for files, use Velocity's
+	 * standard "file.resource.loader.modificationCheckInterval" property. By default,
+	 * the file timestamp is checked on every access (which is surprisingly fast).
+	 * Of course, this just applies when loading resources from the file system.
+	 * <p>To enforce the use of SpringResourceLoader, i.e. to not resolve a path
+	 * as file system resource in any case, turn off the "preferFileSystemAccess"
+	 * flag. See the latter's javadoc for details.
+	 * @see #setResourceLoader
+	 * @see #setVelocityProperties
+	 * @see #setPreferFileSystemAccess
+	 * @see SpringResourceLoader
+	 * @see org.apache.velocity.runtime.resource.loader.FileResourceLoader
+	 */
+	public void setResourceLoaderPath(String resourceLoaderPath) {
+		this.resourceLoaderPath = resourceLoaderPath;
+	}
+
+	/**
+	 * Set the Spring ResourceLoader to use for loading Velocity template files.
+	 * The default is DefaultResourceLoader. Will get overridden by the
+	 * ApplicationContext if running in a context.
+	 * @see org.springframework.core.io.DefaultResourceLoader
+	 * @see org.springframework.context.ApplicationContext
+	 */
+	public void setResourceLoader(ResourceLoader resourceLoader) {
+		this.resourceLoader = resourceLoader;
+	}
+
+	/**
+	 * Return the Spring ResourceLoader to use for loading Velocity template files.
+	 */
+	protected ResourceLoader getResourceLoader() {
+		return this.resourceLoader;
+	}
+
+	/**
+	 * Set whether to prefer file system access for template loading.
+	 * File system access enables hot detection of template changes.
+	 * <p>If this is enabled, VelocityEngineFactory will try to resolve the
+	 * specified "resourceLoaderPath" as file system resource (which will work
+	 * for expanded class path resources and ServletContext resources too).
+	 * <p>Default is "true". Turn this off to always load via SpringResourceLoader
+	 * (i.e. as stream, without hot detection of template changes), which might
+	 * be necessary if some of your templates reside in an expanded classes
+	 * directory while others reside in jar files.
+	 * @see #setResourceLoaderPath
+	 */
+	public void setPreferFileSystemAccess(boolean preferFileSystemAccess) {
+		this.preferFileSystemAccess = preferFileSystemAccess;
+	}
+
+	/**
+	 * Return whether to prefer file system access for template loading.
+	 */
+	protected boolean isPreferFileSystemAccess() {
+		return this.preferFileSystemAccess;
+	}
+
+	/**
+	 * Set whether Velocity should log via Commons Logging, i.e. whether Velocity's
+	 * log system should be set to {@link CommonsLogLogChute}. Default is "true".
+	 */
+	public void setOverrideLogging(boolean overrideLogging) {
+		this.overrideLogging = overrideLogging;
+	}
+
+
+	/**
+	 * Prepare the VelocityEngine instance and return it.
+	 * @return the VelocityEngine instance
+	 * @throws IOException if the config file wasn't found
+	 * @throws VelocityException on Velocity initialization failure
+	 */
+	public VelocityEngine createVelocityEngine() throws IOException, VelocityException {
+		VelocityEngine velocityEngine = newVelocityEngine();
+		Map<String, Object> props = new HashMap<String, Object>();
+
+		// Load config file if set.
+		if (this.configLocation != null) {
+			if (logger.isInfoEnabled()) {
+				logger.info("Loading Velocity config from [" + this.configLocation + "]");
+			}
+			CollectionUtils.mergePropertiesIntoMap(PropertiesLoaderUtils.loadProperties(this.configLocation), props);
+		}
+
+		// Merge local properties if set.
+		if (!this.velocityProperties.isEmpty()) {
+			props.putAll(this.velocityProperties);
+		}
+
+		// Set a resource loader path, if required.
+		if (this.resourceLoaderPath != null) {
+			initVelocityResourceLoader(velocityEngine, this.resourceLoaderPath);
+		}
+
+		// Log via Commons Logging?
+		if (this.overrideLogging) {
+			velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM, new CommonsLogLogChute());
+		}
+
+		// Apply properties to VelocityEngine.
+		for (Map.Entry<String, Object> entry : props.entrySet()) {
+			velocityEngine.setProperty(entry.getKey(), entry.getValue());
+		}
+
+		postProcessVelocityEngine(velocityEngine);
+
+		// Perform actual initialization.
+		velocityEngine.init();
+
+		return velocityEngine;
+	}
+
+	/**
+	 * Return a new VelocityEngine. Subclasses can override this for
+	 * custom initialization, or for using a mock object for testing.
+	 * <p>Called by {@code createVelocityEngine()}.
+	 * @return the VelocityEngine instance
+	 * @throws IOException if a config file wasn't found
+	 * @throws VelocityException on Velocity initialization failure
+	 * @see #createVelocityEngine()
+	 */
+	protected VelocityEngine newVelocityEngine() throws IOException, VelocityException {
+		return new VelocityEngine();
+	}
+
+	/**
+	 * Initialize a Velocity resource loader for the given VelocityEngine:
+	 * either a standard Velocity FileResourceLoader or a SpringResourceLoader.
+	 * <p>Called by {@code createVelocityEngine()}.
+	 * @param velocityEngine the VelocityEngine to configure
+	 * @param resourceLoaderPath the path to load Velocity resources from
+	 * @see org.apache.velocity.runtime.resource.loader.FileResourceLoader
+	 * @see SpringResourceLoader
+	 * @see #initSpringResourceLoader
+	 * @see #createVelocityEngine()
+	 */
+	protected void initVelocityResourceLoader(VelocityEngine velocityEngine, String resourceLoaderPath) {
+		if (isPreferFileSystemAccess()) {
+			// Try to load via the file system, fall back to SpringResourceLoader
+			// (for hot detection of template changes, if possible).
+			try {
+				StringBuilder resolvedPath = new StringBuilder();
+				String[] paths = StringUtils.commaDelimitedListToStringArray(resourceLoaderPath);
+				for (int i = 0; i < paths.length; i++) {
+					String path = paths[i];
+					Resource resource = getResourceLoader().getResource(path);
+					File file = resource.getFile();  // will fail if not resolvable in the file system
+					if (logger.isDebugEnabled()) {
+						logger.debug("Resource loader path [" + path + "] resolved to file [" + file.getAbsolutePath() + "]");
+					}
+					resolvedPath.append(file.getAbsolutePath());
+					if (i < paths.length - 1) {
+						resolvedPath.append(',');
+					}
+				}
+				velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file");
+				velocityEngine.setProperty(RuntimeConstants.FILE_RESOURCE_LOADER_CACHE, "true");
+				velocityEngine.setProperty(RuntimeConstants.FILE_RESOURCE_LOADER_PATH, resolvedPath.toString());
+			}
+			catch (IOException ex) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("Cannot resolve resource loader path [" + resourceLoaderPath +
+							"] to [java.io.File]: using SpringResourceLoader", ex);
+				}
+				initSpringResourceLoader(velocityEngine, resourceLoaderPath);
+			}
+		}
+		else {
+			// Always load via SpringResourceLoader
+			// (without hot detection of template changes).
+			if (logger.isDebugEnabled()) {
+				logger.debug("File system access not preferred: using SpringResourceLoader");
+			}
+			initSpringResourceLoader(velocityEngine, resourceLoaderPath);
+		}
+	}
+
+	/**
+	 * Initialize a SpringResourceLoader for the given VelocityEngine.
+	 * <p>Called by {@code initVelocityResourceLoader}.
+	 * @param velocityEngine the VelocityEngine to configure
+	 * @param resourceLoaderPath the path to load Velocity resources from
+	 * @see SpringResourceLoader
+	 * @see #initVelocityResourceLoader
+	 */
+	protected void initSpringResourceLoader(VelocityEngine velocityEngine, String resourceLoaderPath) {
+		velocityEngine.setProperty(
+				RuntimeConstants.RESOURCE_LOADER, SpringResourceLoader.NAME);
+		velocityEngine.setProperty(
+				SpringResourceLoader.SPRING_RESOURCE_LOADER_CLASS, SpringResourceLoader.class.getName());
+		velocityEngine.setProperty(
+				SpringResourceLoader.SPRING_RESOURCE_LOADER_CACHE, "true");
+		velocityEngine.setApplicationAttribute(
+				SpringResourceLoader.SPRING_RESOURCE_LOADER, getResourceLoader());
+		velocityEngine.setApplicationAttribute(
+				SpringResourceLoader.SPRING_RESOURCE_LOADER_PATH, resourceLoaderPath);
+	}
+
+	/**
+	 * To be implemented by subclasses that want to perform custom
+	 * post-processing of the VelocityEngine after this FactoryBean
+	 * performed its default configuration (but before VelocityEngine.init).
+	 * <p>Called by {@code createVelocityEngine()}.
+	 * @param velocityEngine the current VelocityEngine
+	 * @throws IOException if a config file wasn't found
+	 * @throws VelocityException on Velocity initialization failure
+	 * @see #createVelocityEngine()
+	 * @see org.apache.velocity.app.VelocityEngine#init
+	 */
+	protected void postProcessVelocityEngine(VelocityEngine velocityEngine)
+			throws IOException, VelocityException {
+	}
+
+}
\ No newline at end of file
diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/VelocityEngineFactoryBean.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/VelocityEngineFactoryBean.java
new file mode 100644
index 00000000..7164847d
--- /dev/null
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/VelocityEngineFactoryBean.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2002-2012 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.ui.velocity;
+
+import java.io.IOException;
+
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.exception.VelocityException;
+
+import org.springframework.beans.factory.FactoryBean;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.ResourceLoaderAware;
+
+/**
+ * Factory bean that configures a VelocityEngine and provides it as bean
+ * reference. This bean is intended for any kind of usage of Velocity in
+ * application code, e.g. for generating email content. For web views,
+ * VelocityConfigurer is used to set up a VelocityEngine for views.
+ *
+ * <p>The simplest way to use this class is to specify a "resourceLoaderPath";
+ * you do not need any further configuration then. For example, in a web
+ * application context:
+ *
+ * <pre class="code"> &lt;bean id="velocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean"&gt;
+ *   &lt;property name="resourceLoaderPath" value="/WEB-INF/velocity/"/&gt;
+ * &lt;/bean&gt;</pre>
+ *
+ * See the base class VelocityEngineFactory for configuration details.
+ *
+ * @author Juergen Hoeller
+ * @see #setConfigLocation
+ * @see #setVelocityProperties
+ * @see #setResourceLoaderPath
+ * @see org.springframework.web.servlet.view.velocity.VelocityConfigurer
+ * @deprecated as of Spring 4.3, in favor of FreeMarker
+ */
+@Deprecated
+public class VelocityEngineFactoryBean extends VelocityEngineFactory
+		implements FactoryBean<VelocityEngine>, InitializingBean, ResourceLoaderAware {
+
+	private VelocityEngine velocityEngine;
+
+
+	@Override
+	public void afterPropertiesSet() throws IOException, VelocityException {
+		this.velocityEngine = createVelocityEngine();
+	}
+
+
+	@Override
+	public VelocityEngine getObject() {
+		return this.velocityEngine;
+	}
+
+	@Override
+	public Class<? extends VelocityEngine> getObjectType() {
+		return VelocityEngine.class;
+	}
+
+	@Override
+	public boolean isSingleton() {
+		return true;
+	}
+
+}
\ No newline at end of file
diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/VelocityEngineUtils.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/VelocityEngineUtils.java
new file mode 100644
index 00000000..e5b06aae
--- /dev/null
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/VelocityEngineUtils.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2002-2013 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.ui.velocity;
+
+import java.io.StringWriter;
+import java.io.Writer;
+import java.util.Map;
+
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.exception.VelocityException;
+
+/**
+ * Utility class for working with a VelocityEngine.
+ * Provides convenience methods to merge a Velocity template with a model.
+ *
+ * @author Juergen Hoeller
+ * @since 22.01.2004
+ * @deprecated as of Spring 4.3, in favor of FreeMarker
+ */
+@Deprecated
+public abstract class VelocityEngineUtils {
+
+	/**
+	 * Merge the specified Velocity template with the given model and write
+	 * the result to the given Writer.
+	 * @param velocityEngine VelocityEngine to work with
+	 * @param templateLocation the location of template, relative to Velocity's resource loader path
+	 * @param model the Map that contains model names as keys and model objects as values
+	 * @param writer the Writer to write the result to
+	 * @throws VelocityException if the template wasn't found or rendering failed
+	 * @deprecated Use {@link #mergeTemplate(VelocityEngine, String, String, Map, Writer)}
+	 * instead, following Velocity 1.6's corresponding deprecation in its own API.
+	 */
+	@Deprecated
+	public static void mergeTemplate(
+			VelocityEngine velocityEngine, String templateLocation, Map<String, Object> model, Writer writer)
+			throws VelocityException {
+
+		VelocityContext velocityContext = new VelocityContext(model);
+		velocityEngine.mergeTemplate(templateLocation, velocityContext, writer);
+	}
+
+	/**
+	 * Merge the specified Velocity template with the given model and write the result
+	 * to the given Writer.
+	 * @param velocityEngine VelocityEngine to work with
+	 * @param templateLocation the location of template, relative to Velocity's resource loader path
+	 * @param encoding the encoding of the template file
+	 * @param model the Map that contains model names as keys and model objects as values
+	 * @param writer the Writer to write the result to
+	 * @throws VelocityException if the template wasn't found or rendering failed
+	 */
+	public static void mergeTemplate(
+			VelocityEngine velocityEngine, String templateLocation, String encoding,
+			Map<String, Object> model, Writer writer) throws VelocityException {
+
+		VelocityContext velocityContext = new VelocityContext(model);
+		velocityEngine.mergeTemplate(templateLocation, encoding, velocityContext, writer);
+	}
+
+	/**
+	 * Merge the specified Velocity template with the given model into a String.
+	 * <p>When using this method to prepare a text for a mail to be sent with Spring's
+	 * mail support, consider wrapping VelocityException in MailPreparationException.
+	 * @param velocityEngine VelocityEngine to work with
+	 * @param templateLocation the location of template, relative to Velocity's resource loader path
+	 * @param model the Map that contains model names as keys and model objects as values
+	 * @return the result as String
+	 * @throws VelocityException if the template wasn't found or rendering failed
+	 * @see org.springframework.mail.MailPreparationException
+	 * @deprecated Use {@link #mergeTemplateIntoString(VelocityEngine, String, String, Map)}
+	 * instead, following Velocity 1.6's corresponding deprecation in its own API.
+	 */
+	@Deprecated
+	public static String mergeTemplateIntoString(VelocityEngine velocityEngine, String templateLocation,
+			Map<String, Object> model) throws VelocityException {
+
+		StringWriter result = new StringWriter();
+		mergeTemplate(velocityEngine, templateLocation, model, result);
+		return result.toString();
+	}
+
+	/**
+	 * Merge the specified Velocity template with the given model into a String.
+	 * <p>When using this method to prepare a text for a mail to be sent with Spring's
+	 * mail support, consider wrapping VelocityException in MailPreparationException.
+	 * @param velocityEngine VelocityEngine to work with
+	 * @param templateLocation the location of template, relative to Velocity's resource loader path
+	 * @param encoding the encoding of the template file
+	 * @param model the Map that contains model names as keys and model objects as values
+	 * @return the result as String
+	 * @throws VelocityException if the template wasn't found or rendering failed
+	 * @see org.springframework.mail.MailPreparationException
+	 */
+	public static String mergeTemplateIntoString(VelocityEngine velocityEngine, String templateLocation,
+			String encoding, Map<String, Object> model) throws VelocityException {
+
+		StringWriter result = new StringWriter();
+		mergeTemplate(velocityEngine, templateLocation, encoding, model, result);
+		return result.toString();
+	}
+
+}
\ No newline at end of file
diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/package-info.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/package-info.java
new file mode 100644
index 00000000..5ee7fb11
--- /dev/null
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/springframework/ui/velocity/package-info.java
@@ -0,0 +1,8 @@
+/**
+ * 
+ */
+/**
+ * @author Administrator
+ *
+ */
+package org.springframework.ui.velocity;
\ No newline at end of file
diff --git a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/TokenBasedAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/TokenBasedAuthorizeEndpoint.java
index 106f790a..8959023a 100644
--- a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/TokenBasedAuthorizeEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/TokenBasedAuthorizeEndpoint.java
@@ -11,8 +11,8 @@ import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.authz.token.endpoint.adapter.TokenBasedDefaultAdapter;
 import org.maxkey.config.ApplicationConfig;
 import org.maxkey.constants.BOOLEAN;
-import org.maxkey.constants.PROTOCOLS;
 import org.maxkey.dao.service.TokenBasedDetailsService;
+import org.maxkey.domain.apps.Applications;
 import org.maxkey.domain.apps.TokenBasedDetails;
 import org.maxkey.util.Instance;
 import org.maxkey.web.WebContext;
@@ -47,22 +47,15 @@ public class TokenBasedAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 			@PathVariable("id") String id){
 		ModelAndView modelAndView=new ModelAndView();
 		
-		TokenBasedDetails tokenBasedDetails=null;
-		if(id.equals("manage")){
-			tokenBasedDetails=new TokenBasedDetails();
-			tokenBasedDetails.setId("manage");
-			tokenBasedDetails.setName("Manage App");
-			tokenBasedDetails.setProtocol(PROTOCOLS.TOKENBASED);
-			tokenBasedDetails.setIsAdapter(1);
-			tokenBasedDetails.setAdapter("com.connsec.web.authorize.endpoint.adapter.TokenBasedJWTAdapter");
-			tokenBasedDetails.setRedirectUri(applicationConfig.getManageUri());
-			tokenBasedDetails.setExpires("2");
-		}else{
-			tokenBasedDetails=tokenBasedDetailsService.get(id);
-		}
 		
+		TokenBasedDetails tokenBasedDetails=null;
+		tokenBasedDetails=tokenBasedDetailsService.get(id);
 		_logger.debug(""+tokenBasedDetails);
 		
+		Applications  application= getApplication(id);
+		tokenBasedDetails.setAdapter(application.getAdapter());
+		tokenBasedDetails.setIsAdapter(application.getIsAdapter());
+		
 		AbstractAuthorizeAdapter adapter;
 		if(BOOLEAN.isTrue(tokenBasedDetails.getIsAdapter())){
 			adapter =(AbstractAuthorizeAdapter)Instance.newInstance(tokenBasedDetails.getAdapter());
diff --git a/maxkey-webs/maxkey-web-maxkey/bin/main/config/applicationLogin.properties b/maxkey-webs/maxkey-web-maxkey/bin/main/config/applicationLogin.properties
index cf60612b..e3cb3973 100644
--- a/maxkey-webs/maxkey-web-maxkey/bin/main/config/applicationLogin.properties
+++ b/maxkey-webs/maxkey-web-maxkey/bin/main/config/applicationLogin.properties
@@ -4,7 +4,8 @@
 #                domain name configuration
 config.domain.name=sso.maxkey.org
 config.server.name=http://${config.domain.name}
-config.server.prefix=${config.server.name}/maxkey
+config.server.maxkey.uri=${config.server.name}/maxkey
+
 ############################################################################ 
 #                Login configuration
 #enable captcha
@@ -90,8 +91,8 @@ config.support.wsfederation.logoutUrl=https://adfs.connsec.com/adfs/ls/?wa=wsign
 #############################################################################
 
 #############################################################################
-config.oidc.metadata.issuer=http://login.connsec.com
-config.oidc.metadata.authorizationEndpoint=http://login.connsec.com/maxkey/oauth/v20/authorize
-config.oidc.metadata.tokenEndpoint=http://login.connsec.com/maxkey/oauth/v20/token
-config.oidc.metadata.userinfoEndpoint=http://login.connsec.com/maxkey/api/connect/userinfo
+config.oidc.metadata.issuer=${config.server.maxkey.uri}
+config.oidc.metadata.authorizationEndpoint=${config.server.maxkey.uri}/oauth/v20/authorize
+config.oidc.metadata.tokenEndpoint=${config.server.maxkey.uri}/oauth/v20/token
+config.oidc.metadata.userinfoEndpoint=${config.server.maxkey.uri}/api/connect/userinfo
 #############################################################################
diff --git a/maxkey-webs/maxkey-web-maxkey/bin/main/config/keystore.jwks b/maxkey-webs/maxkey-web-maxkey/bin/main/config/keystore.jwks
index e9f891e4..c06f46ea 100644
--- a/maxkey-webs/maxkey-web-maxkey/bin/main/config/keystore.jwks
+++ b/maxkey-webs/maxkey-web-maxkey/bin/main/config/keystore.jwks
@@ -1,13 +1,13 @@
 {
-	"keys":
-		[
-			{
-			  "d": "envdv35_HU48wXPivE5qTFwILhCibDz6aZflcNYu58M0lfSNdererwsqkBaDB2Ai8Nv4ZCDSeP4wvvVztJy-KtK422i9kLKvQsvt4zdtFnmhT_aSBEp3FyMPEL1OX9nUixkw8_kMc2o-aCWPDTVucfBWlWxEGRdgDR_nH56Ywwk",
-			  "e": "AQAB",
-			  "n": "h5xtDWLssoj5-WLCKPYPUDJlM5pnL4pS8-wMt9sVA57QVRVFdpWHi1dbDCugCApjvmD-giO5yjF5mQSTAF6a14FvktozVw_dDTEzrjG5FgT6WpMzMZd6JpiwQLOtEbV7oBkKYWm1vh1C67-xTlhKgQUNLVNDg4RqRcKFxZd5JPc",
-			  "kty": "RSA",
-			  "alg": "RS256",
-			  "kid": "connsec_rsa"
-			}
-		]
-}
\ No newline at end of file
+  "keys": [
+    {
+      "kty": "RSA",
+      "d": "K2VCm_6enq5uoFLZXUlWkgbCXj5m9X5uUX3_Ol3qcY9X1cP04TN98R8lpw-ASeFDRFRhe0FT-lYCYu_fqZcrNXVhyN3rgi27af5x4HdFMnHLTLMPvE6aEyTGmZjTF1AbiX5VOJAl6POI9FiyTbV1Uqt943ydJv8SH4NfcYhKBmpp8Fi1f58mon-bYwsIy8mzZjssc8KZy-GzpscKrc5ewb7106JY3uRQNprAHrpcGAPZ8uXUvVhrxp_FNn5Nf5KVxl2tm50L83_5nw0OZrbJ8Ceg7sZAw_Z41lbYbS9VDaST6TuKRb7W4XCKimZUn57LoQT2-Gkv6msJHCmqTgK02Q",
+      "e": "AQAB",
+      "use": "sig",
+      "kid": "maxkey_rsa",
+      "alg": "RS256",
+      "n": "vyfZwQuBLNvJDhmziUCFuAfIv-bC6ivodcR6PfanTt8XLd6G63Yx10YChAdsDACjoLz1tEU56WPp_ee_vcTSsEZT3ouWJYghuGI2j4XclXlEj0S7DzdpcBBpI4n5dr8K3iKY-3JUMZR1AMBHI50UaMST9ZTZJAjUPIYxkhRdca5lWBo4wGUh1yj_80-Bq6al0ia9S5NTzNLaJ18jSxFqZ79BAkBm-KjkP248YUk6WBGtYEAV5Fws4dpse4hrqJ3RRHiMZV1o1iTmPHz_l55ZSDP3vpYf6iKqKzoK2RmdjfH5mGpbc4-PclTs4GKfwZ7cWfrny6B7sMnQfzujCH996Q"
+    }
+  ]
+}
diff --git a/maxkey-webs/maxkey-web-maxkey/bin/main/log4j2.xml b/maxkey-webs/maxkey-web-maxkey/bin/main/log4j2.xml
index 397ac9f9..c7a23b2c 100644
--- a/maxkey-webs/maxkey-web-maxkey/bin/main/log4j2.xml
+++ b/maxkey-webs/maxkey-web-maxkey/bin/main/log4j2.xml
@@ -27,10 +27,8 @@
 	 
     <loggers>  
     	<Logger name="org.springframework" level="INFO"></Logger>
-    	<Logger name="org.springframework.web.servlet.tags" level="TRACE"></Logger>
     	<Logger name="org.apache.logging" level="INFO"></Logger>
     	<Logger name="org.maxkey" level="DEBUG"></Logger>
-    	<Logger name="org.apache.mybatis.jpa" level="DEBUG"></Logger>
     	
     	
         <root level="INFO">  
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java
index 728835ce..fcd657a8 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java
@@ -74,7 +74,7 @@ public class AppListController{
 		UserApplications userApplications=new UserApplications();
 		userApplications.setUsername(WebContext.getUserInfo().getUsername());
 		
-		List<UserApplications> appList=myAppsListService.query(userApplications);
+		List<UserApplications> appList=myAppsListService.queryMyApps(userApplications);
 		for (UserApplications app : appList){
 			WebContext.setAttribute(app.getId(), app.getIcon());
 		}
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PreLoginAppAdapter.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PreLoginAppAdapter.java
index 2547f4c8..b26f0f10 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PreLoginAppAdapter.java
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PreLoginAppAdapter.java
@@ -23,19 +23,19 @@ public class PreLoginAppAdapter extends HandlerInterceptorAdapter {
 		 UserInfo userInfo=WebContext.getUserInfo();
 		 String redirect_uri=request.getRequestURL().toString();
 		 String appId=getAppIdFromRequestURI(request);
-		 
+		 _logger.debug("preHandle app Id "+appId);
 		 Object singlesignon_uri=WebContext.getAttribute(WebConstants.CURRENT_SINGLESIGNON_URI);
 		 if(singlesignon_uri!=null&&singlesignon_uri.equals(redirect_uri)){
 			 return true;
 		 }
-		 if(userInfo.getProtectedAppsMap().get(appId)!=null){
+		 /*if(userInfo.getProtectedAppsMap().get(appId)!=null){
 			
 			 request.setAttribute("redirect_uri",redirect_uri);
 			 _logger.debug(""+redirect_uri);
 			 RequestDispatcher dispatcher = request.getRequestDispatcher("/authorize/protected/forward");
 			 dispatcher.forward(request, response);
 			 return false;
-		 }
+		 }*/
 		
 		 return true;
 	}
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/oauth/userinfo/controller/UserInfoEndpoint.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/oauth/userinfo/controller/UserInfoEndpoint.java
deleted file mode 100644
index b96893b6..00000000
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/oauth/userinfo/controller/UserInfoEndpoint.java
+++ /dev/null
@@ -1,311 +0,0 @@
-//package org.maxkey.web.oauth.userinfo.controller;
-//
-//import java.util.Arrays;
-//import java.util.Date;
-//import java.util.HashMap;
-//import java.util.Set;
-//import java.util.UUID;
-//
-//import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
-//import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception;
-//import org.maxkey.authz.oauth2.provider.ClientDetailsService;
-//import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
-//import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices;
-//import org.maxkey.constants.BOOLEAN;
-//import org.maxkey.crypto.ReciprocalUtils;
-//import org.maxkey.crypto.jwt.encryption.service.JwtEncryptionAndDecryptionService;
-//import org.maxkey.crypto.jwt.encryption.service.impl.RecipientJwtEncryptionAndDecryptionServiceBuilder;
-//import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService;
-//import org.maxkey.crypto.jwt.signer.service.impl.SymmetricSigningAndValidationServiceBuilder;
-//import org.maxkey.dao.service.ApplicationsService;
-//import org.maxkey.dao.service.UserInfoService;
-//import org.maxkey.domain.UserInfo;
-//import org.maxkey.domain.apps.Applications;
-//import org.maxkey.domain.apps.oauth2.provider.ClientDetails;
-//import org.maxkey.util.Instance;
-//import org.maxkey.util.JsonUtils;
-//import org.maxkey.util.StringGenerator;
-//import org.slf4j.Logger;
-//import org.slf4j.LoggerFactory;
-//import org.springframework.beans.factory.annotation.Autowired;
-//import org.springframework.beans.factory.annotation.Qualifier;
-//import org.springframework.stereotype.Controller;
-//import org.springframework.web.bind.annotation.RequestHeader;
-//import org.springframework.web.bind.annotation.RequestMapping;
-//import org.springframework.web.bind.annotation.RequestParam;
-//import org.springframework.web.bind.annotation.ResponseBody;
-//
-//import com.nimbusds.jose.EncryptionMethod;
-//import com.nimbusds.jose.JWEAlgorithm;
-//import com.nimbusds.jose.JWEHeader;
-//import com.nimbusds.jose.JWSAlgorithm;
-//import com.nimbusds.jose.JWSHeader;
-//import com.nimbusds.jwt.EncryptedJWT;
-//import com.nimbusds.jwt.JWT;
-//import com.nimbusds.jwt.JWTClaimsSet;
-//import com.nimbusds.jwt.SignedJWT;
-//
-//@Controller
-//@RequestMapping(value = { "/api" })
-//public class UserInfoEndpoint {
-//	final static Logger _logger = LoggerFactory.getLogger(UserInfoEndpoint.class);	
-//	@Autowired
-//	@Qualifier("oauth20JdbcClientDetailsService")
-//	private ClientDetailsService clientDetailsService;
-//	
-//	@Autowired
-//	@Qualifier("oauth20TokenServices")
-//	private DefaultTokenServices oauth20tokenServices;
-//	
-//	
-//	@Autowired
-//	@Qualifier("userInfoService")
-//	private UserInfoService userInfoService;
-//	
-//	@Autowired
-//	@Qualifier("applicationsService")
-//	protected ApplicationsService applicationsService;
-//	
-//	@Autowired
-//	@Qualifier("jwtSignerValidationService")
-//	private JwtSigningAndValidationService jwtSignerValidationService;
-//	
-//	@Autowired
-//	@Qualifier("jwtEncryptionService")
-//	private JwtEncryptionAndDecryptionService jwtEnDecryptionService; 
-//	
-//	private SymmetricSigningAndValidationServiceBuilder symmetricJwtSignerServiceBuilder
-//					=new SymmetricSigningAndValidationServiceBuilder();
-//
-//	private RecipientJwtEncryptionAndDecryptionServiceBuilder recipientJwtEnDecryptionServiceBuilder
-//					=new RecipientJwtEncryptionAndDecryptionServiceBuilder();
-//
-//	
-//	OAuthDefaultUserInfoAdapter defaultOAuthUserInfoAdapter=new OAuthDefaultUserInfoAdapter();
-//	
-//	@RequestMapping(value="/oauth/v20/me",produces="text/plain;charset=UTF-8") 
-//	@ResponseBody
-//	public String apiV20UserInfo(
-//			@RequestParam(value = "access_token", required = true) String access_token) {
-//			String principal="";
-//			if (!StringGenerator.uuidMatches(access_token)) {
-//				return accessTokenFormatError(access_token);
-//			}
-//			OAuth2Authentication oAuth2Authentication =null;
-//			try{
-//				 oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
-//				 
-//				 principal=oAuth2Authentication.getPrincipal().toString();
-//				 
-//				 String client_id= oAuth2Authentication.getOAuth2Request().getClientId();
-//				 UserInfo userInfo=queryUserInfo(principal);
-//				 Applications app=applicationsService.get(client_id);
-//				 
-//				 String userJson="";
-//				 
-//				 AbstractAuthorizeAdapter adapter;
-//				 if(BOOLEAN.isTrue(app.getIsAdapter())){
-//					adapter =(AbstractAuthorizeAdapter)Instance.newInstance(app.getAdapter());
-//				 }else{
-//					adapter =(AbstractAuthorizeAdapter)defaultOAuthUserInfoAdapter;
-//				 }
-//
-//				 String jsonData=adapter.generateInfo(userInfo, null);
-//				 userJson=adapter.sign(jsonData, app);
-//				 
-//				 return userJson;
-//				 
-//			}catch(OAuth2Exception e){
-//				HashMap<String,Object>authzException=new HashMap<String,Object>();
-//				authzException.put(OAuth2Exception.ERROR, e.getOAuth2ErrorCode());
-//				authzException.put(OAuth2Exception.DESCRIPTION,e.getMessage());
-//				return JsonUtils.object2Json(authzException);
-//			}
-//	}
-//	
-//	
-//	@RequestMapping(value="/connect/v10/userinfo",produces="text/plain;charset=UTF-8")
-//	@ResponseBody
-//	public String apiConnect10aUserInfo(
-//			@RequestHeader(value = "Authorization", required = true) String access_token) {
-//		String principal="";
-//		if (!StringGenerator.uuidMatches(access_token)) {
-//			return accessTokenFormatError(access_token);
-//		}
-//		OAuth2Authentication oAuth2Authentication =null;
-//		try{
-//			 oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
-//			 
-//			 principal=oAuth2Authentication.getPrincipal().toString();
-//			 
-//			 Set<String >scopes=oAuth2Authentication.getOAuth2Request().getScope();
-//			 ClientDetails clientDetails = clientDetailsService.loadClientByClientId(oAuth2Authentication.getOAuth2Request().getClientId());
-//			 
-//			 UserInfo userInfo=queryUserInfo(principal);
-//			 String userJson="";
-//			 HashMap<String, Object> claimsFields = new HashMap<String, Object>();
-//			 
-//		 	claimsFields.put("sub", userInfo.getId());
-//		 	
-//		 	if(scopes.contains("profile")){
-//				claimsFields.put("name", userInfo.getUsername());
-//				claimsFields.put("preferred_username", userInfo.getDisplayName());
-//				claimsFields.put("given_name", userInfo.getGivenName());
-//				claimsFields.put("family_name", userInfo.getFamilyName());
-//				claimsFields.put("middle_name", userInfo.getMiddleName());
-//				claimsFields.put("nickname", userInfo.getNickName());
-//				claimsFields.put("profile", "profile");
-//				claimsFields.put("picture", "picture");
-//				claimsFields.put("website", userInfo.getWebSite());
-//				
-//				String gender;
-//				 switch(userInfo.getGender()){
-//				 	case UserInfo.GENDER.MALE  :
-//				 		gender="male";break;
-//				 	case UserInfo.GENDER.FEMALE  :
-//				 		gender="female";break;
-//				 	default:
-//				 		gender="unknown";
-//				 }
-//				claimsFields.put("gender", gender);
-//				claimsFields.put("zoneinfo", userInfo.getTimeZone());
-//				claimsFields.put("locale", userInfo.getLocale());
-//				claimsFields.put("updated_time", userInfo.getModifiedDate());
-//				claimsFields.put("birthdate", userInfo.getBirthDate());
-//		 	}
-//		 	
-//		 	if(scopes.contains("email")){
-//		 		claimsFields.put("email", userInfo.getWorkEmail());
-//		 		claimsFields.put("email_verified", false);
-//		 	}
-//		 	
-//			if(scopes.contains("phone")){
-//				claimsFields.put("phone_number", userInfo.getWorkPhoneNumber());
-//				claimsFields.put("phone_number_verified", false);
-//			}
-//			
-//			if(scopes.contains("address")){
-//				HashMap<String, String> addressFields = new HashMap<String, String>();
-//				addressFields.put("country", userInfo.getWorkCountry());
-//				addressFields.put("region", userInfo.getWorkRegion());
-//				addressFields.put("locality", userInfo.getWorkLocality());
-//				addressFields.put("street_address", userInfo.getWorkStreetAddress());
-//				addressFields.put("formatted", userInfo.getWorkAddressFormatted());
-//				addressFields.put("postal_code", userInfo.getWorkPostalCode());
-//				
-//				claimsFields.put("address", addressFields);
-//			}
-//			
-//			JWTClaimsSet userInfoJWTClaims = new JWTClaimsSet.Builder()
-//					.jwtID(UUID.randomUUID().toString())// set a random NONCE in the middle of it
-//					.audience(Arrays.asList(clientDetails.getClientId()))
-//					.issueTime(new Date())
-//					.expirationTime(new Date(new Date().getTime()+clientDetails.getAccessTokenValiditySeconds()*1000))
-//					.claim(claimsFields)
-//					.build();
-//	
-//			
-//			JWT userInfoJWT=null;
-//			JWSAlgorithm signingAlg = jwtSignerValidationService.getDefaultSigningAlgorithm();
-//			if (clientDetails.getUserInfoEncryptedAlgorithm() != null && !clientDetails.getUserInfoEncryptedAlgorithm().equals("none")
-//					&& clientDetails.getUserInfoEncryptionMethod() != null && !clientDetails.getUserInfoEncryptionMethod().equals("none")
-//					&&clientDetails.getJwksUri()!=null&&clientDetails.getJwksUri().length()>4
-//					) {
-//				JwtEncryptionAndDecryptionService recipientJwtEnDecryptionService =
-//						recipientJwtEnDecryptionServiceBuilder.serviceBuilder(clientDetails.getJwksUri());
-//				
-//				if (recipientJwtEnDecryptionService != null) {
-//					JWEAlgorithm jweAlgorithm=new JWEAlgorithm(clientDetails.getUserInfoEncryptedAlgorithm());
-//					EncryptionMethod encryptionMethod=new EncryptionMethod(clientDetails.getUserInfoEncryptionMethod());
-//					EncryptedJWT encryptedJWT = new EncryptedJWT(new JWEHeader(jweAlgorithm, encryptionMethod), userInfoJWTClaims);
-//					recipientJwtEnDecryptionService.encryptJwt(encryptedJWT);
-//					userJson=encryptedJWT.serialize();
-//				}else{
-//					_logger.error("Couldn't find encrypter for client: " + clientDetails.getClientId());
-//					HashMap<String,Object>authzException=new HashMap<String,Object>();
-//					authzException.put(OAuth2Exception.ERROR, "error");
-//					authzException.put(OAuth2Exception.DESCRIPTION,"Couldn't find encrypter for client: " + clientDetails.getClientId());
-//					return JsonUtils.gson2Json(authzException);
-//				}	
-//			} else {
-//				if (clientDetails.getUserInfoSigningAlgorithm()==null||clientDetails.getUserInfoSigningAlgorithm().equals("none")) {
-//					// unsigned ID token
-//					//userInfoJWT = new PlainJWT(userInfoJWTClaims);
-//					userJson=JsonUtils.gson2Json(claimsFields);
-//				} else {
-//					// signed ID token
-//					if (signingAlg.equals(JWSAlgorithm.HS256)
-//							|| signingAlg.equals(JWSAlgorithm.HS384)
-//							|| signingAlg.equals(JWSAlgorithm.HS512)) {
-//						// sign it with the client's secret
-//						String client_secret=ReciprocalUtils.decoder(clientDetails.getClientSecret());
-//						
-//						JwtSigningAndValidationService symmetricJwtSignerService =symmetricJwtSignerServiceBuilder.serviceBuilder(client_secret);
-//						if(symmetricJwtSignerService!=null){
-//							userInfoJWTClaims = new JWTClaimsSet.Builder(userInfoJWTClaims).claim("kid", "SYMMETRIC-KEY").build();
-//							userInfoJWT = new SignedJWT(new JWSHeader(signingAlg), userInfoJWTClaims);
-//							symmetricJwtSignerService.signJwt((SignedJWT) userInfoJWT);
-//						}else{
-//							_logger.error("Couldn't create symmetric validator for client " + clientDetails.getClientId() + " without a client secret");
-//						}
-//					} else {
-//						userInfoJWTClaims = new JWTClaimsSet.Builder(userInfoJWTClaims).claim("kid", jwtSignerValidationService.getDefaultSignerKeyId()).build();
-//						userInfoJWT = new SignedJWT(new JWSHeader(signingAlg), userInfoJWTClaims);
-//						// sign it with the server's key
-//						jwtSignerValidationService.signJwt((SignedJWT) userInfoJWT);
-//					}
-//					userJson=userInfoJWT.serialize();
-//				}
-//			}
-//			 
-//			 return userJson;
-//			 
-//		}catch(OAuth2Exception e){
-//			HashMap<String,Object>authzException=new HashMap<String,Object>();
-//			authzException.put(OAuth2Exception.ERROR, e.getOAuth2ErrorCode());
-//			authzException.put(OAuth2Exception.DESCRIPTION,e.getMessage());
-//			return JsonUtils.object2Json(authzException);
-//		}
-//	}
-//
-//
-//	public String accessTokenFormatError(String access_token){
-//		HashMap<String,Object>atfe=new HashMap<String,Object>();
-//		atfe.put(OAuth2Exception.ERROR, "token Format Invalid");
-//		atfe.put(OAuth2Exception.DESCRIPTION, "access Token Format Invalid , access_token : "+access_token);
-//		
-//		return JsonUtils.object2Json(atfe);
-//	}
-//
-//	
-//	public  UserInfo queryUserInfo(String uid){
-//		_logger.debug("uid : "+uid);
-//		UserInfo queryUserInfo=new UserInfo();
-//		queryUserInfo.setUsername(uid);
-//		UserInfo userInfo = (UserInfo) userInfoService.load(queryUserInfo);
-//		return userInfo;
-//	}
-//
-//
-//	public void setOauth20tokenServices(DefaultTokenServices oauth20tokenServices) {
-//		this.oauth20tokenServices = oauth20tokenServices;
-//	}
-//	
-//
-//
-//	public void setUserInfoService(UserInfoService userInfoService) {
-//		this.userInfoService = userInfoService;
-//	}
-//
-//
-//
-//	public void setJwtSignerValidationService(
-//			JwtSigningAndValidationService jwtSignerValidationService) {
-//		this.jwtSignerValidationService = jwtSignerValidationService;
-//	}
-//
-//	public void setJwtEnDecryptionService(
-//			JwtEncryptionAndDecryptionService jwtEnDecryptionService) {
-//		this.jwtEnDecryptionService = jwtEnDecryptionService;
-//	}
-//}
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/oauth/userinfo/controller/package-info.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/oauth/userinfo/controller/package-info.java
deleted file mode 100644
index fe3eafff..00000000
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/oauth/userinfo/controller/package-info.java
+++ /dev/null
@@ -1,8 +0,0 @@
-/**
- * 
- */
-/**
- * @author Crystal.Sea
- *
- */
-package org.maxkey.web.oauth.userinfo.controller;
\ No newline at end of file
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/config/applicationLogin.properties b/maxkey-webs/maxkey-web-maxkey/src/main/resources/config/applicationLogin.properties
index cf60612b..e3cb3973 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/config/applicationLogin.properties
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/config/applicationLogin.properties
@@ -4,7 +4,8 @@
 #                domain name configuration
 config.domain.name=sso.maxkey.org
 config.server.name=http://${config.domain.name}
-config.server.prefix=${config.server.name}/maxkey
+config.server.maxkey.uri=${config.server.name}/maxkey
+
 ############################################################################ 
 #                Login configuration
 #enable captcha
@@ -90,8 +91,8 @@ config.support.wsfederation.logoutUrl=https://adfs.connsec.com/adfs/ls/?wa=wsign
 #############################################################################
 
 #############################################################################
-config.oidc.metadata.issuer=http://login.connsec.com
-config.oidc.metadata.authorizationEndpoint=http://login.connsec.com/maxkey/oauth/v20/authorize
-config.oidc.metadata.tokenEndpoint=http://login.connsec.com/maxkey/oauth/v20/token
-config.oidc.metadata.userinfoEndpoint=http://login.connsec.com/maxkey/api/connect/userinfo
+config.oidc.metadata.issuer=${config.server.maxkey.uri}
+config.oidc.metadata.authorizationEndpoint=${config.server.maxkey.uri}/oauth/v20/authorize
+config.oidc.metadata.tokenEndpoint=${config.server.maxkey.uri}/oauth/v20/token
+config.oidc.metadata.userinfoEndpoint=${config.server.maxkey.uri}/api/connect/userinfo
 #############################################################################
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/config/keystore.jwks b/maxkey-webs/maxkey-web-maxkey/src/main/resources/config/keystore.jwks
index e9f891e4..c06f46ea 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/config/keystore.jwks
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/config/keystore.jwks
@@ -1,13 +1,13 @@
 {
-	"keys":
-		[
-			{
-			  "d": "envdv35_HU48wXPivE5qTFwILhCibDz6aZflcNYu58M0lfSNdererwsqkBaDB2Ai8Nv4ZCDSeP4wvvVztJy-KtK422i9kLKvQsvt4zdtFnmhT_aSBEp3FyMPEL1OX9nUixkw8_kMc2o-aCWPDTVucfBWlWxEGRdgDR_nH56Ywwk",
-			  "e": "AQAB",
-			  "n": "h5xtDWLssoj5-WLCKPYPUDJlM5pnL4pS8-wMt9sVA57QVRVFdpWHi1dbDCugCApjvmD-giO5yjF5mQSTAF6a14FvktozVw_dDTEzrjG5FgT6WpMzMZd6JpiwQLOtEbV7oBkKYWm1vh1C67-xTlhKgQUNLVNDg4RqRcKFxZd5JPc",
-			  "kty": "RSA",
-			  "alg": "RS256",
-			  "kid": "connsec_rsa"
-			}
-		]
-}
\ No newline at end of file
+  "keys": [
+    {
+      "kty": "RSA",
+      "d": "K2VCm_6enq5uoFLZXUlWkgbCXj5m9X5uUX3_Ol3qcY9X1cP04TN98R8lpw-ASeFDRFRhe0FT-lYCYu_fqZcrNXVhyN3rgi27af5x4HdFMnHLTLMPvE6aEyTGmZjTF1AbiX5VOJAl6POI9FiyTbV1Uqt943ydJv8SH4NfcYhKBmpp8Fi1f58mon-bYwsIy8mzZjssc8KZy-GzpscKrc5ewb7106JY3uRQNprAHrpcGAPZ8uXUvVhrxp_FNn5Nf5KVxl2tm50L83_5nw0OZrbJ8Ceg7sZAw_Z41lbYbS9VDaST6TuKRb7W4XCKimZUn57LoQT2-Gkv6msJHCmqTgK02Q",
+      "e": "AQAB",
+      "use": "sig",
+      "kid": "maxkey_rsa",
+      "alg": "RS256",
+      "n": "vyfZwQuBLNvJDhmziUCFuAfIv-bC6ivodcR6PfanTt8XLd6G63Yx10YChAdsDACjoLz1tEU56WPp_ee_vcTSsEZT3ouWJYghuGI2j4XclXlEj0S7DzdpcBBpI4n5dr8K3iKY-3JUMZR1AMBHI50UaMST9ZTZJAjUPIYxkhRdca5lWBo4wGUh1yj_80-Bq6al0ia9S5NTzNLaJ18jSxFqZ79BAkBm-KjkP248YUk6WBGtYEAV5Fws4dpse4hrqJ3RRHiMZV1o1iTmPHz_l55ZSDP3vpYf6iKqKzoK2RmdjfH5mGpbc4-PclTs4GKfwZ7cWfrny6B7sMnQfzujCH996Q"
+    }
+  ]
+}
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/log4j2.xml b/maxkey-webs/maxkey-web-maxkey/src/main/resources/log4j2.xml
index 397ac9f9..c7a23b2c 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/log4j2.xml
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/log4j2.xml
@@ -27,10 +27,8 @@
 	 
     <loggers>  
     	<Logger name="org.springframework" level="INFO"></Logger>
-    	<Logger name="org.springframework.web.servlet.tags" level="TRACE"></Logger>
     	<Logger name="org.apache.logging" level="INFO"></Logger>
     	<Logger name="org.maxkey" level="DEBUG"></Logger>
-    	<Logger name="org.apache.mybatis.jpa" level="DEBUG"></Logger>
     	
     	
         <root level="INFO">  
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-protocol-cas.xml b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-protocol-cas.xml
index b72cea7d..e322e219 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-protocol-cas.xml
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-protocol-cas.xml
@@ -15,12 +15,13 @@
 	        http://www.springframework.org/schema/mvc 
 			http://www.springframework.org/schema/mvc/spring-mvc.xsd">
  
-		<!-- 
+		<context:component-scan base-package="org.maxkey.authz.cas.endpoint" />
+			
 		<bean id="casTicketServices" class="org.maxkey.authz.cas.endpoint.ticket.service.InMemoryTicketServices" />
-		 -->
-		 
+		
+		 <!-- 
 		<bean id="casTicketServices" class="org.maxkey.authz.cas.endpoint.ticket.service.RedisTicketServices" >
 			<property name="connectionFactory" ref="redisConnectionFactory"/>
 		</bean>
-		
+		 -->
 </beans>
\ No newline at end of file
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-protocol-oauth2.0.xml b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-protocol-oauth2.0.xml
index 6a031ad7..33f95aa3 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-protocol-oauth2.0.xml
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-protocol-oauth2.0.xml
@@ -2,17 +2,10 @@
 <beans 	xmlns="http://www.springframework.org/schema/beans"
 		xmlns:context="http://www.springframework.org/schema/context"
 		xmlns:mvc="http://www.springframework.org/schema/mvc"
-		xmlns:sec="http://www.springframework.org/schema/security"
 		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 		xmlns:p="http://www.springframework.org/schema/p"
 		xmlns:util="http://www.springframework.org/schema/util"
-		xmlns:oauth20="http://www.springframework.org/schema/security/oauth2"
-		xmlns:oauth10a="http://www.springframework.org/schema/security/oauth"
 		xsi:schemaLocation="
-			http://www.springframework.org/schema/security/oauth2
-			http://www.springframework.org/schema/security/spring-security-oauth2.xsd
-			http://www.springframework.org/schema/security/oauth 
-			http://www.springframework.org/schema/security/spring-security-oauth.xsd
 	        http://www.springframework.org/schema/beans 
 			http://www.springframework.org/schema/beans/spring-beans.xsd
 			http://www.springframework.org/schema/context 
@@ -20,14 +13,14 @@
 	        http://www.springframework.org/schema/util     
 	        http://www.springframework.org/schema/util/spring-util.xsd
 	        http://www.springframework.org/schema/mvc 
-			http://www.springframework.org/schema/mvc/spring-mvc.xsd
-			http://www.springframework.org/schema/security 
-			http://www.springframework.org/schema/security/spring-security.xsd">
+			http://www.springframework.org/schema/mvc/spring-mvc.xsd">
 
 	<!-- oauth.provider-->
-	<context:component-scan base-package="org.maxkey.web.oauth.approval.controller" /> 
+	<context:component-scan base-package="org.maxkey.authz.oauth2.provider.endpoint" />
 	<!-- oauth.provider userinfo-->
-	<context:component-scan base-package="org.maxkey.web.oauth.userinfo.controller" />
+	<context:component-scan base-package="org.maxkey.authz.oauth2.provider.userinfo.endpoint" />
+	
+	<context:component-scan base-package="org.maxkey.authz.oauth2.provider.approval.controller" /> 
 	
 	<!-- OpenID Connect 1.0  -->
 	<!-- 
@@ -35,159 +28,107 @@
 	 *
 	 * http://openid.net/specs/openid-connect-core-1_0.html#SelfIssued 
 	 * -->
-	<bean id="oidcProviderMetadata" class="com.connsec.config.oidc.OIDCProviderMetadataDetails">
+	<bean id="oidcProviderMetadata" class="org.maxkey.config.oidc.OIDCProviderMetadataDetails">
 		<property name="issuer" value="${config.oidc.metadata.issuer}" />
 		<property name="authorizationEndpoint" value="${config.oidc.metadata.authorizationEndpoint}" />
 		<property name="tokenEndpoint" value="${config.oidc.metadata.tokenEndpoint}" />
 		<property name="userinfoEndpoint" value="${config.oidc.metadata.userinfoEndpoint}" />
 	</bean>
 	
-	<bean id="tokenEnhancer" class="com.connsec.oidc.idtoken.OIDCIdTokenEnhancer">
+	<bean id="tokenEnhancer" class="org.maxkey.authz.oidc.idtoken.OIDCIdTokenEnhancer">
 		<property name="providerMetadata" ref="oidcProviderMetadata" />
 		<property name="jwtSignerService" ref="jwtSignerValidationService" />
 		<property name="jwtEnDecryptionService" ref="jwtEncryptionService" />
 		<property name="clientDetailsService" ref="oauth20JdbcClientDetailsService" />
 	</bean>
 	
-	<bean id="jwkSetKeyStore" class="com.connsec.crypto.jose.keystore.JWKSetKeyStore">
+	<bean id="jwkSetKeyStore" class="org.maxkey.crypto.jose.keystore.JWKSetKeyStore">
 		<property name="location" value="classpath:config/keystore.jwks" />
 	</bean>
 	
-	<bean id="jwtSignerValidationService" class="com.connsec.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService">
+	<bean id="jwtSignerValidationService" class="org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService">
 		<constructor-arg name="keyStore" ref="jwkSetKeyStore" />
-		<property name="defaultSignerKeyId" value="connsec_rsa" />
+		<property name="defaultSignerKeyId" value="maxkey_rsa" />
  		<property name="defaultSigningAlgorithmName" value="RS256" />
 	</bean>
 
-	<bean id="jwtEncryptionService" class="com.connsec.crypto.jwt.encryption.service.impl.DefaultJwtEncryptionAndDecryptionService">
+	<bean id="jwtEncryptionService" class="org.maxkey.crypto.jwt.encryption.service.impl.DefaultJwtEncryptionAndDecryptionService">
 		<constructor-arg name="keyStore" ref="jwkSetKeyStore" />
 		<property name="defaultAlgorithm" value="RSA1_5" />
-		<property name="defaultDecryptionKeyId" value="connsec_rsa" />
-		<property name="defaultEncryptionKeyId" value="connsec_rsa" />
+		<property name="defaultDecryptionKeyId" value="maxkey_rsa" />
+		<property name="defaultEncryptionKeyId" value="maxkey_rsa" />
 	</bean>
-
+	<!--
 	<bean id="jwtLoginService" class="com.connsec.web.authentication.support.jwt.JwtLoginService">
 		<property name="jwtSignerValidationService" ref="jwtSignerValidationService" />
  		<property name="jwtProviderMetadata"  ref="oidcProviderMetadata" />
 	</bean>
-		
+	-->
 	<!-- OpenID Connect 1.0  End -->
 	
-   <!--  Follow is  just for Spring security OAuth 2.0 configration -->
-	<authentication-manager id="oauth20ClientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
-		<authentication-provider user-service-ref="oauth20ClientDetailsUserService" />
-	</authentication-manager>
-	
-	<bean id="oauth20OauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
-		<property name="realmName" value="connsec" />
-	</bean>
-
-	<bean id="oauth20ClientAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
-		<property name="realmName" value="connsec/client" />
-		<property name="typeName" value="Basic" />
+	<!--  In Memory -->
+	<bean id="oauth20AuthorizationCodeServices" class="org.maxkey.authz.oauth2.provider.code.InMemoryAuthorizationCodeServices">
 	</bean>
 	
-	<bean id="oauth20OauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
-
-	<bean id="oauth20ClientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
-		<property name="authenticationManager" ref="oauth20ClientAuthenticationManager" />
+	<bean id="oauth20TokenStore" class="org.maxkey.authz.oauth2.provider.token.store.InMemoryTokenStore" >
 	</bean>
 	
-	<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans">
-		<constructor-arg>
-			<list>
-				<bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
-				<bean class="org.springframework.security.access.vote.RoleVoter" />
-				<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
-			</list>
-		</constructor-arg>
-	</bean>
-	
-	<bean id="oauth20ClientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
-		<constructor-arg ref="oauth20JdbcClientDetailsService" />
-		<property name="passwordEncoder" ref="passwordReciprocal"></property>
-	</bean>
-	<!--  
-	<bean id="oauth20AuthorizationCodeServices" class="org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices">
-		<constructor-arg ref="dataSource" /> 
-	</bean>
-	
-	<bean id="oauth20TokenStore" class="org.springframework.security.oauth2.provider.token.store.JdbcTokenStore" >
-		<constructor-arg ref="dataSource" />
-	</bean>
-	 -->
-	<bean id="oauth20AuthorizationCodeServices" class="org.springframework.security.oauth2.provider.code.RedisAuthorizationCodeServices">
+	 <!--  Redis 
+	<bean id="oauth20AuthorizationCodeServices" class="org.maxkey.authz.oauth2.provider.code.RedisAuthorizationCodeServices">
 		<constructor-arg ref="redisConnectionFactory" /> 
 	</bean>
 	
-	<bean id="oauth20TokenStore" class="org.springframework.security.oauth2.provider.token.store.RedisTokenStore" >
+	<bean id="oauth20TokenStore" class="org.maxkey.authz.oauth2.provider.token.store.RedisTokenStore" >
 		<constructor-arg ref="redisConnectionFactory" />
 	</bean>
+	-->
 	
-	<bean id="oauth20TokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
-		<property name="tokenStore"  ref="oauth20TokenStore"/>
-		<property name="supportRefreshToken" value="true" />
-		<property name="tokenEnhancer" ref="tokenEnhancer" />
-		<property name="clientDetailsService" ref="oauth20JdbcClientDetailsService" />
+	
+	<bean id="converter" class="org.maxkey.authz.oauth2.provider.token.store.JwtAccessTokenConverter">
 	</bean>
 	
-	<bean id="approvalStore" class="org.springframework.security.oauth2.provider.approval.TokenApprovalStore">
-		<property name="tokenStore" ref="oauth20TokenStore" />
-	</bean>
-	
-	<bean id="requestFactory" class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
-		<constructor-arg name="clientDetailsService" ref="oauth20JdbcClientDetailsService" />
-	</bean>
-	
-	<bean id="oauth20UserApprovalHandler" class="com.connsec.web.oauth.approval.controller.OAuth20UserApprovalHandler">
-		<property name="approvalStore" ref="approvalStore" />
-		<property name="clientDetailsService" ref="oauth20JdbcClientDetailsService"/>
-		<property name="requestFactory" ref="requestFactory" />
-	</bean>
-	
-	<oauth20:authorization-server client-details-service-ref="oauth20JdbcClientDetailsService" token-services-ref="oauth20TokenServices"
-		user-approval-handler-ref="oauth20UserApprovalHandler">
-		<oauth20:authorization-code authorization-code-services-ref="oauth20AuthorizationCodeServices"></oauth20:authorization-code>
-		<oauth20:implicit />
-		<oauth20:refresh-token />
-		<oauth20:client-credentials />
-		<oauth20:password/>
-	</oauth20:authorization-server> 
-
-	<oauth20:resource-server id="oauth20ResourceServerFilter" resource-id="connsec" token-services-ref="oauth20TokenServices" />
-
-	<bean id="oauth20JdbcClientDetailsService" class="org.springframework.security.oauth2.provider.client.JdbcClientDetailsService">
+	<bean id="oauth20JdbcClientDetailsService" class="org.maxkey.authz.oauth2.provider.client.JdbcClientDetailsService">
 		<constructor-arg ref="dataSource" /> 
 		<property name="passwordEncoder" ref="passwordReciprocal"></property>
 	</bean>
 	
-   	<!-- OAuth 2  Token-->
-	<http pattern="/oauth/v20/token" create-session="stateless" authentication-manager-ref="oauth20ClientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
-		<!-- <csrf disabled="true"/>-->
-		<intercept-url pattern="/oauth/v20/token" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<anonymous enabled="false" />
-		<http-basic entry-point-ref="oauth20ClientAuthenticationEntryPoint" />
-		
-		<!-- include this only if you need to authenticate clients via request parameters -->
-		<custom-filter ref="oauth20ClientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER"/>
-		<access-denied-handler ref="oauth20OauthAccessDeniedHandler"/>
-	</http>
+	<bean id="oauth20ClientDetailsUserService" class="org.maxkey.authz.oauth2.provider.client.ClientDetailsUserDetailsService">
+		<constructor-arg ref="oauth20JdbcClientDetailsService" />
+		<property name="passwordEncoder" ref="passwordReciprocal"></property>
+	</bean>
 	
-	<!-- OAuth 2  Authorize-->
-	<http pattern="/oauth/v20/**" use-expressions="false"  disable-url-rewriting="false"  authentication-manager-ref="oauth20ClientAuthenticationManager"  xmlns="http://www.springframework.org/schema/security">
-		<access-denied-handler error-page="/login"/>
-		<intercept-url pattern="/oauth/v20/authz" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER"/>
-		<form-login authentication-failure-url="/login" 
-						default-target-url="/index" 
-						login-page="/login" 
-						login-processing-url="/login.do" 
-						authentication-success-handler-ref="savedRequestSuccessHandler"/>
-		<!-- self define filter for  spring-security!-->
-		<!-- <custom-filter before="FORM_LOGIN_FILTER" ref="oauthFilter"/> -->
-	</http>
 	
-	<oauth20:expression-handler id="oauthExpressionHandler" />
-
-	<oauth20:web-expression-handler id="oauthWebExpressionHandler" />
+	<bean id="oauth20TokenServices" class="org.maxkey.authz.oauth2.provider.token.DefaultTokenServices">
+		<property name="tokenStore"  ref="oauth20TokenStore"/>
+		<property name="supportRefreshToken" value="true" />
+		<property name="tokenEnhancer" ref="tokenEnhancer" /> 
+		<property name="clientDetailsService" ref="oauth20JdbcClientDetailsService" />
+	</bean>
 	
+	<bean id="oauth20ApprovalStore" class="org.maxkey.authz.oauth2.provider.approval.TokenApprovalStore">
+		<property name="tokenStore" ref="oauth20TokenStore" />
+	</bean>
+	
+	<bean id="oAuth2RequestFactory" class="org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestFactory">
+		<constructor-arg name="clientDetailsService" ref="oauth20JdbcClientDetailsService" />
+	</bean>
+	
+	<bean id="oauth20UserApprovalHandler" class="org.maxkey.authz.oauth2.provider.approval.controller.OAuth20UserApprovalHandler">
+		<property name="approvalStore" ref="oauth20ApprovalStore" />
+		<property name="clientDetailsService" ref="oauth20JdbcClientDetailsService"/>
+		<property name="requestFactory" ref="oAuth2RequestFactory" />
+	</bean>
+	
+	<bean id="oauth20ClientAuthenticationManager" class="org.springframework.security.authentication.ProviderManager">  
+        <constructor-arg>
+            <list>  
+                <bean class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> 
+                	<property name="passwordEncoder">
+                		<bean class="org.springframework.security.crypto.password.NoOpPasswordEncoder "/>
+                	</property> 
+        			<property name="userDetailsService" ref="oauth20ClientDetailsUserService"></property>  
+    			</bean>
+            </list>  
+       </constructor-arg>
+    </bean>  
 </beans>
\ No newline at end of file
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-protocol-saml.xml b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-protocol-saml.xml
index 88fbb9c3..1da2f3d8 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-protocol-saml.xml
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-protocol-saml.xml
@@ -18,9 +18,9 @@
 						http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 
 	<!-- SAML V2.0 EndPoint -->
-	<context:component-scan base-package="org.maxkey.saml20.provider.endpoint" />
+	<context:component-scan base-package="org.maxkey.authz.saml20.provider.endpoint" />
 	<!-- MetaData V2.0 EndPoint -->
-	<context:component-scan base-package="org.maxkey.saml20.metadata.endpoint" />
+	<context:component-scan base-package="org.maxkey.authz.saml20.metadata.endpoint" />
 	
 	<bean id="samlBootstrapInitializer" class="org.opensaml.DefaultBootstrap" init-method="bootstrap"/>
 	
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-protocol.xml b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-protocol.xml
index f1a02449..278cec82 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-protocol.xml
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-protocol.xml
@@ -17,7 +17,6 @@
  
 	<!-- Single Sign On for application -->
 	<context:component-scan base-package="org.maxkey.authz.endpoint" />
- 	<context:component-scan base-package="org.maxkey.authz.cas.endpoint" />
  	<context:component-scan base-package="org.maxkey.authz.desktop.endpoint" />
  	<context:component-scan base-package="org.maxkey.authz.exapi.endpoint" />
  	<context:component-scan base-package="org.maxkey.authz.formbased.endpoint" />
@@ -25,10 +24,10 @@
  	<context:component-scan base-package="org.maxkey.authz.token.endpoint" />
 
  	<import resource="maxkey-protocol-cas.xml"/>
- 	<!--
+ 	
  	<import resource="maxkey-protocol-saml.xml"/>
  	
  	<import resource="maxkey-protocol-oauth2.0.xml"/>
-	-->
+	
 		
 </beans>
\ No newline at end of file
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-security.xml b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-security.xml
index 5aa70f3f..c11e71c7 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-security.xml
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-security.xml
@@ -114,9 +114,6 @@
 		<constructor-arg ref="jdbcTemplate"/>
 		<property name="validity" value="${config.login.remeberme.validity}"/>
 	</bean>
-
-	<!-- Authentication Password Encoder Config -->
-	<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></bean>   
 	
 	<bean id="timeBasedKeyUriFormat" class="org.maxkey.crypto.password.opt.algorithm.KeyUriFormat">
 		<property name="type" value="totp" />
@@ -148,6 +145,9 @@
 		<constructor-arg ref="jdbcTemplate" /> 
 	</bean>
 	
+	<!-- Authentication Password Encoder Config -->
+	<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></bean>   
+	
 	<bean id="passwordReciprocal" class="org.maxkey.crypto.password.PasswordReciprocal"></bean>
 	
 	
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-web.xml b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-web.xml
new file mode 100644
index 00000000..a4a3d5b9
--- /dev/null
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey-web.xml
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans 	xmlns="http://www.springframework.org/schema/beans"
+		xmlns:context="http://www.springframework.org/schema/context"
+		xmlns:mvc="http://www.springframework.org/schema/mvc"
+		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		xmlns:p="http://www.springframework.org/schema/p"
+		xmlns:tx="http://www.springframework.org/schema/tx"
+		xmlns:util="http://www.springframework.org/schema/util"
+		xsi:schemaLocation="
+	        http://www.springframework.org/schema/beans     
+	        http://www.springframework.org/schema/beans/spring-beans.xsd
+	        http://www.springframework.org/schema/context 
+	        http://www.springframework.org/schema/context/spring-context.xsd
+	        http://www.springframework.org/schema/tx 
+	        http://www.springframework.org/schema/tx/spring-tx.xsd
+	        http://www.springframework.org/schema/util     
+	        http://www.springframework.org/schema/util/spring-util.xsd
+	        http://www.springframework.org/schema/mvc 
+	        http://www.springframework.org/schema/mvc/spring-mvc.xsd">
+
+	<!-- Static resources -->
+	<!-- js images css -->
+	<mvc:resources mapping="/jquery/**" location="/jquery/" />
+	<mvc:resources mapping="/images/**" location="/images/" />
+	<mvc:resources mapping="/css/**" location="/css/" />
+	<mvc:resources mapping="/js/**" location="/js/" />
+	
+	<!-- LocaleResolver -->
+	<bean id="localeResolver" class="org.springframework.web.servlet.i18n.CookieLocaleResolver">
+		<property name="cookieDomain" value="#{applicationConfig.subDomainName}"/>
+		<property name="cookieName" value="single_sign_on_lang"/>
+		<property name="cookieMaxAge" value="604800" />
+		<!-- auto select language by brower remove -->
+		<!--<property name="defaultLocale" value="en" />  -->
+	</bean>
+	
+	<!-- 消息处理，可以直接使用properties的key值，返回的是对应的value值 -->
+    <bean id="messageSource"
+          class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
+        <property name="basenames">
+            <list>
+            	<value>classpath:messages/message</value>
+            </list>
+        </property>
+        <!-- 必须设置成false，否则hibernate原有的校验信息无法返回value值-->
+        <property name="useCodeAsDefaultMessage" value="false"/>
+    </bean>
+
+	<!-- Locale Change Interceptor and Resolver definition -->
+	<bean id="localeChangeInterceptor" class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
+		<property name="paramName" value="language" />
+	</bean>
+	
+	<!-- XML bean Marshaller define  -->
+	<bean id="Jaxb2Marshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
+		<property name="classesToBeBound">
+			<list>
+				<value>org.maxkey.domain.xml.UserInfoXML</value>
+			</list>
+		</property>
+	</bean>
+	
+	<!-- MarshallingHttpMessageConverter -->
+	<bean id="marshallingHttpMessageConverter" class="org.springframework.http.converter.xml.MarshallingHttpMessageConverter">
+		<property name="marshaller" ref="Jaxb2Marshaller" />
+		<property name="unmarshaller" ref="Jaxb2Marshaller" />
+		<property name="supportedMediaTypes">
+			<list>
+				<value>application/xml;charset=UTF-8</value>
+			</list>
+		</property>
+	</bean>
+	
+	<!--MappingJacksonHttpMessageConverter  -->
+	<bean id="mappingJacksonHttpMessageConverter" class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
+		<property name="supportedMediaTypes">
+			<list>
+				<value>application/json;charset=UTF-8</value>
+			</list>
+		</property>
+	</bean>
+
+	<!-- REST Client -->
+	<bean id="restTemplate" class="org.springframework.web.client.RestTemplate">
+		<property name="messageConverters">
+			<list>
+				<ref bean="marshallingHttpMessageConverter" />
+				<ref bean="mappingJacksonHttpMessageConverter" />
+			</list>
+		</property>
+	</bean>
+	
+	<!-- AnnotationMethodHandlerAdapter -->
+	<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter">
+		<property name="messageConverters">
+			<util:list id="beanList">
+				<ref bean="marshallingHttpMessageConverter" />
+				<ref bean="mappingJacksonHttpMessageConverter" />
+			</util:list>
+		</property>
+	</bean>
+	
+	<bean id="handlerMapping" class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping">
+		<property name="interceptors">
+			<list>
+				<ref bean="localeChangeInterceptor" />
+			</list>
+		</property>
+	</bean>
+
+	<!-- View Resolver -->
+	<bean id="viewResolver"  class="org.springframework.web.servlet.view.InternalResourceViewResolver" p:prefix="/WEB-INF/views/" p:suffix=".jsp" p:order="2" />
+	
+	<!-- upload file support -->
+    <bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
+    	<property name="maxUploadSize" value="4194304" />  
+    </bean> 
+</beans>
\ No newline at end of file
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey.xml b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey.xml
index 65645b18..02463a10 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey.xml
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/spring/maxkey.xml
@@ -76,7 +76,7 @@
 	    <property name="emailConfig" ref="emailConfig"/> 
 	    <property name="loginConfig" ref="loginConfig"/>
 	    <property name="domainName" value="${config.domain.name}"/>
-	    <property name="serverPrefix" value="${config.server.prefix}"/>
+	    <property name="serverPrefix" value="${config.server.maxkey.uri}"/>
 	    <property name="manageUri" value="${config.manage.uri}"/> 
 	    <property name="whiteList" value="${config.ipaddress.whitelist}"/> 
   		<property name="anonymousAccessUrls">
@@ -86,19 +86,6 @@
 		</property>
 	</bean> 	
 	
- 	<!-- Datastore configuration  -->
- 	<import resource="maxkey-persistence.xml"/>
-
- 	<import resource="maxkey-support.xml"/>
- 	
- 	<import resource="maxkey-protocol.xml"/>
- 	
- 	<!-- Scheduler task  -->
- 	<import resource="maxkey-task.xml"/>
-
-	<!-- Basic Authn  -->
- 	<import resource="maxkey-security.xml"/>
- 	
 	<!-- Scans the classpath for annotated components that will be auto-registered as Spring beans.
  	 @Controller and @Service. Make sure to set the correct base-package-->
  
@@ -106,109 +93,24 @@
  	<context:component-scan base-package="org.maxkey.domain" />
  	<context:component-scan base-package="org.maxkey.domain.apps" />
  	<context:component-scan base-package="org.maxkey.domain.userinfo" />
- 	
-	<context:component-scan base-package="org.maxkey.web.authorize.endpoint" />
-	<context:component-scan base-package="org.maxkey.web.endpoint" />
 	<!-- REST API interface -->
 	<context:component-scan base-package="org.maxkey.api.v1.contorller" />
+	
 	<!-- Business  Contorller -->
+	<context:component-scan base-package="org.maxkey.web.endpoint" />
 	<context:component-scan base-package="org.maxkey.web.contorller" />
-
-	<!-- Static resources -->
-	<!-- js images css -->
-	<mvc:resources mapping="/jquery/**" location="/jquery/" />
-	<mvc:resources mapping="/images/**" location="/images/" />
-	<mvc:resources mapping="/css/**" location="/css/" />
-	<mvc:resources mapping="/js/**" location="/js/" />
 	
-	<!-- LocaleResolver -->
-	<bean id="localeResolver" class="org.springframework.web.servlet.i18n.CookieLocaleResolver">
-		<property name="cookieDomain" value="#{applicationConfig.subDomainName}"/>
-		<property name="cookieName" value="single_sign_on_lang"/>
-		<property name="cookieMaxAge" value="604800" />
-		<!-- auto select language by brower remove -->
-		<!--<property name="defaultLocale" value="en" />  -->
-	</bean>
-	
-	<!-- 消息处理，可以直接使用properties的key值，返回的是对应的value值 -->
-    <bean id="messageSource"
-          class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
-        <property name="basenames">
-            <list>
-            	<value>classpath:messages/message</value>
-            </list>
-        </property>
-        <!-- 必须设置成false，否则hibernate原有的校验信息无法返回value值-->
-        <property name="useCodeAsDefaultMessage" value="false"/>
-    </bean>
-
-	<!-- Locale Change Interceptor and Resolver definition -->
-	<bean id="localeChangeInterceptor" class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
-		<property name="paramName" value="language" />
-	</bean>
-	
-	<!-- XML bean Marshaller define  -->
-	<bean id="Jaxb2Marshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
-		<property name="classesToBeBound">
-			<list>
-				<value>org.maxkey.domain.xml.UserInfoXML</value>
-			</list>
-		</property>
-	</bean>
-	
-	<!-- MarshallingHttpMessageConverter -->
-	<bean id="marshallingHttpMessageConverter" class="org.springframework.http.converter.xml.MarshallingHttpMessageConverter">
-		<property name="marshaller" ref="Jaxb2Marshaller" />
-		<property name="unmarshaller" ref="Jaxb2Marshaller" />
-		<property name="supportedMediaTypes">
-			<list>
-				<value>application/xml;charset=UTF-8</value>
-			</list>
-		</property>
-	</bean>
-	
-	<!--MappingJacksonHttpMessageConverter  -->
-	<bean id="mappingJacksonHttpMessageConverter" class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
-		<property name="supportedMediaTypes">
-			<list>
-				<value>application/json;charset=UTF-8</value>
-			</list>
-		</property>
-	</bean>
-
-	<!-- REST Client -->
-	<bean id="restTemplate" class="org.springframework.web.client.RestTemplate">
-		<property name="messageConverters">
-			<list>
-				<ref bean="marshallingHttpMessageConverter" />
-				<ref bean="mappingJacksonHttpMessageConverter" />
-			</list>
-		</property>
-	</bean>
-	
-	<!-- AnnotationMethodHandlerAdapter -->
-	<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter">
-		<property name="messageConverters">
-			<util:list id="beanList">
-				<ref bean="marshallingHttpMessageConverter" />
-				<ref bean="mappingJacksonHttpMessageConverter" />
-			</util:list>
-		</property>
-	</bean>
-	
-	<bean id="handlerMapping" class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping">
-		<property name="interceptors">
-			<list>
-				<ref bean="localeChangeInterceptor" />
-			</list>
-		</property>
-	</bean>
-
-	<!-- View Resolver -->
-	<bean id="viewResolver"  class="org.springframework.web.servlet.view.InternalResourceViewResolver" p:prefix="/WEB-INF/views/" p:suffix=".jsp" p:order="2" />
-	
-	<!-- upload file support -->
-    <bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
-    	<property name="maxUploadSize" value="4194304" />  
-    </bean> 
+ 	<!-- persistence configuration  -->
+ 	<import resource="maxkey-persistence.xml"/>
+	<!-- authn support -->
+ 	<import resource="maxkey-support.xml"/>
+ 	<!-- single sign on protocol -->
+ 	<import resource="maxkey-protocol.xml"/>
+ 	<!-- Scheduler task  -->
+ 	<import resource="maxkey-task.xml"/>
+	<!-- Basic Authn  for user login -->
+ 	<import resource="maxkey-security.xml"/>
+ 	<!-- web mvc  configuration -->
+ 	<import resource="maxkey-web.xml"/>
+ 	
 </beans>
\ No newline at end of file
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/views/authorize/oauth_access_confirmation.jsp b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/views/authorize/oauth_access_confirmation.jsp
index c4ac2349..21a39ac7 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/views/authorize/oauth_access_confirmation.jsp
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/views/authorize/oauth_access_confirmation.jsp
@@ -7,51 +7,16 @@
 <%@ taglib  prefix="s"  uri="http://www.connsec.com/tags" %>
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
-  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
-  <title>Access Confirmation</title>
-  <link rel="shortcut icon" type="image/x-icon" href="<s:Base />/images/favicon.ico"/>
-  <link type="text/css" rel="stylesheet" href="<s:Base />/css/base.css"/>
+<jsp:include page="../layout/header.jsp"></jsp:include>
+<jsp:include page="../layout/common.css.jsp"></jsp:include>
+<jsp:include page="../layout/common.js.jsp"></jsp:include>
 </head>
 
 <body>
-	<h1>Access Confirmation ${'oauth 1.0a'==model.oauth_version}</h1>
-  		<div id="content">
-	
-		 <c:if test="${'oauth 1.0a'==model.oauth_version}">
-		 	<!-- oauth 1.0a -->
-		    <c:if test="${!empty sessionScope.SPRING_SECURITY_LAST_EXCEPTION}">
-		      <div class="error">
-		        <h2>Woops!</h2>
-		
-		        <p>Access could not be granted. (<%= ((AuthenticationException) session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).getMessage() %>)</p>
-		      </div>
-		    </c:if>
-		    <c:remove scope="session" var="SPRING_SECURITY_LAST_EXCEPTION"/>
-		    <authz:authorize ifAllGranted="ROLE_USER">
-		      <h2>Please Confirm OAuth 1.0a</h2>
-		
-		      <p>You hereby authorize "${consumer.consumerName}" to access the following resource:</p>
-		
-		      <ul>
-		          <li>${consumer.resourceName} &mdash; ${consumer.resourceDescription}</li>
-		      </ul>
-		      
-		      <form id="oauth_v10a_form" name="oauth_v10a_form" action="<c:url value="/oauth/v10a/authenticate_token"/>" method="post">
-		        <input name="requestToken" value="${model.oauth_token}" type="hidden"/>
-		        <c:if test="${!empty model.oauth_callback}">
-		        <input name="callbackURL" value="${model.oauth_callback}" type="hidden"/>
-		        </c:if>
-		        <label><input name="authorize" value="Authorize" type="submit"/></label>
-		      </form>
-		       <c:if test="${!empty model.approval_prompt&&'auto'== model.approval_prompt}">
-		       		<script type="text/javascript">
-		       			document.getElementById("oauth_v10a_form").submit();
-		       		</script>
-			  </c:if>
-		    </authz:authorize>
-		  
-		</c:if>
-		
+	<div id="top">
+		<jsp:include page="../layout/nologintop.jsp"></jsp:include>
+	</div>
+	<div class="container">	
 		<c:if test="${'oauth 2.0'==model.oauth_version}">
 			<!-- oauth 2.0 -->
 		    <% if (session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) != null && !(session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) instanceof UnapprovedClientAuthenticationException)) { %>
@@ -63,11 +28,10 @@
 		    <% } %>
 		    <c:remove scope="session" var="SPRING_SECURITY_LAST_EXCEPTION"/>
 		    
-		       <authz:authorize ifAllGranted="ROLE_USER">
 		      <h2>Please Confirm OAuth 2.0</h2>
 		
 		      <p>You hereby authorize "${client.clientId}" to access your protected resources.</p>
-		      <form id="confirmationForm" name="confirmationForm" action="<%=request.getContextPath()%>/oauth/v20/authz" method="post">
+		      <form id="confirmationForm" name="confirmationForm" action="<%=request.getContextPath()%>/oauth/v20/authorize" method="post">
 		        <input name="user_oauth_approval" value="true" type="hidden"/>
 		        	
 			        <ul>
@@ -87,8 +51,10 @@
 		       		 </ul>
 		        <label><input name="authorize" value="Authorize" type="submit"/></label>
 		      </form>
-		    </authz:authorize>
 	    </c:if>
     </div>
+    <div id="footer">
+		<jsp:include page="../layout/footer.jsp"></jsp:include>
+	</div>
 </body>
 </html>
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/web.xml b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/web.xml
index a5611615..fd12bb16 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/web.xml
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/webapp/WEB-INF/web.xml
@@ -108,6 +108,16 @@
 	<filter-mapping>  
 	    <filter-name>ipAddressFilter</filter-name>  
 	    <url-pattern>/*</url-pattern>  
+	</filter-mapping> 
+	
+	
+	<filter>  
+		<filter-name>OAuth20TokenEndpointAuthenticationFilter</filter-name>  
+    	<filter-class>org.maxkey.authz.oauth2.provider.endpoint.TokenEndpointAuthenticationFilter</filter-class>   
+	</filter>  
+	<filter-mapping>  
+	    <filter-name>OAuth20TokenEndpointAuthenticationFilter</filter-name>  
+	    <url-pattern>/oauth/v20/token</url-pattern>  
 	</filter-mapping>  
 		
     <!-- DispatcherServlet Spring MVC -->