Merge remote-tracking branch 'origin/3.0'

# Conflicts:
#	README.md
#	doc/1.安装使用.md
#	hsweb-commons/hsweb-commons-dao/hsweb-commons-dao-mybatis/src/main/java/org/hswebframework/web/dao/mybatis/builder/InsertSqlBuilder.java
#	hsweb-concurrent/hsweb-concurrent-cache/pom.xml
#	hsweb-concurrent/hsweb-concurrent-counter/hsweb-concurrent-counter-api/pom.xml
#	hsweb-concurrent/hsweb-concurrent-lock/hsweb-concurrent-lock-starter/pom.xml
#	hsweb-concurrent/pom.xml
#	hsweb-core/pom.xml
#	hsweb-datasource/hsweb-datasource-jta/pom.xml
#	hsweb-datasource/pom.xml
#	hsweb-examples/pom.xml
#	hsweb-message/hsweb-message-redis/pom.xml
#	hsweb-tests/pom.xml
#	hsweb-web-bean/pom.xml
#	hsweb-web-concurrent/hsweb-web-concurrent-cache/src/main/java/org/hsweb/concureent/cache/monitor/RedisMonitorCache.java
#	hsweb-web-concurrent/hsweb-web-concurrent-lock/src/main/java/org/hsweb/concurrent/lock/support/AnnotationLockAopAdvice.java
#	hsweb-web-controller/pom.xml
#	hsweb-web-controller/src/main/java/org/hsweb/web/controller/ControllerExceptionTranslator.java
#	hsweb-web-controller/src/main/java/org/hsweb/web/controller/script/DynamicScriptController.java
#	hsweb-web-core/src/main/java/org/hsweb/web/core/CoreAutoConfiguration.java
#	hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/AopAuthorizeValidator.java
#	hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/validator/SimpleAuthorizeValidator.java
#	hsweb-web-dao/hsweb-web-dao-api/pom.xml
#	hsweb-web-dao/hsweb-web-dao-api/src/main/java/org/hsweb/web/dao/form/FormMapper.java
#	hsweb-web-dao/hsweb-web-dao-mybatis/README.md
#	hsweb-web-datasource/pom.xml
#	hsweb-web-datasource/src/main/java/org/hsweb/web/datasource/dynamic/DynamicDataSourceAutoConfiguration.java
#	hsweb-web-datasource/src/main/java/org/hsweb/web/datasource/dynamic/DynamicDataSourceServiceImpl.java
#	hsweb-web-oauth2/hsweb-web-oauth2-controller/pom.xml
#	hsweb-web-oauth2/hsweb-web-oauth2-service-simple/pom.xml
#	hsweb-web-oauth2/hsweb-web-oauth2-simple/pom.xml
#	hsweb-web-oauth2/pom.xml
#	hsweb-web-service/hsweb-web-service-api/src/main/java/org/hsweb/web/service/DeleteService.java
#	hsweb-web-service/hsweb-web-service-api/src/main/java/org/hsweb/web/service/config/ConfigService.java
#	hsweb-web-service/hsweb-web-service-simple/pom.xml
#	hsweb-web-service/hsweb-web-service-simple/src/main/java/org/hsweb/web/service/commons/CRUService.java
#	hsweb-web-service/hsweb-web-service-simple/src/main/java/org/hsweb/web/service/commons/SimpleDeleteService.java
#	hsweb-web-service/hsweb-web-service-simple/src/main/java/org/hsweb/web/service/commons/SimpleInsertService.java
#	hsweb-web-service/hsweb-web-service-simple/src/main/java/org/hsweb/web/service/commons/SimpleUpdateService.java
#	hsweb-web-service/hsweb-web-service-simple/src/main/java/org/hsweb/web/service/impl/AbstractServiceImpl.java
#	hsweb-web-service/hsweb-web-service-simple/src/main/java/org/hsweb/web/service/impl/form/FormServiceImpl.java
#	hsweb-web-service/hsweb-web-service-simple/src/main/java/org/hsweb/web/service/impl/form/validator/GroovyDycBeanValidator.java
#	hsweb-web-service/hsweb-web-service-simple/src/main/java/org/hsweb/web/service/impl/module/ModuleMetaServiceImpl.java
#	hsweb-web-service/hsweb-web-service-simple/src/main/java/org/hsweb/web/service/impl/plan/QueryPlanServiceImpl.java
#	hsweb-web-starter/pom.xml
#	hsweb-web-starter/src/main/resources/org/hsweb/start/scripts/install/sql/oracle/install.sql
#	hsweb-web-websocket/pom.xml
#	hsweb-web-workflow/pom.xml
#	pom.xml

.gitignore

@@ -18,4 +18,4 @@
 *.log
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*
-/hsweb-web-service/hsweb-web-service-simple/data/
+**/transaction-logs/

.travis.yml

@@ -1,5 +1,5 @@
 language: java
 jdk: oraclejdk8
 sudo: false
-install: true
-script: mvn install -DskipTests
+install: false
+script: mvn test

README.md

@@ -1,79 +1,18 @@
-## hsweb后台管理基础框架
-
-[![Build Status](https://travis-ci.org/hs-web/hsweb-framework.svg?branch=master)](https://travis-ci.org/hs-web/hsweb-framework)
-[![License](https://img.shields.io/badge/license-Apache%202-4EB1BA.svg?style=flat-square)](https://www.apache.org/licenses/LICENSE-2.0.html)
-
-### 3.0
-[全新的架构,开发中...](https://github.com/hs-web/hsweb-framework/tree/3.0)
-
-### 业务功能
-现在:
-
-1. 权限管理: 权限资源-角色-用户.
-2. 配置管理: kv结构,自定义配置.可通过此功能配置数据字典.
-3. 脚本管理: 动态脚本,支持javascript,groovy,java动态编译执行.
-4. 表单管理: 动态表单,可视化设计表单,自动生成数据库以及系统权限.无需重启直接生效.
-5. 模块设置: 配合动态表单实现表格页,查询条件自定义.
-6. 数据库维护: 在线维护数据库,修改表结构,执行sql.
-7. 数据源管理: 配置多数据源.
-8. 代码生成器: 在线生成代码,打包下载.可自定义模板.
-9. 定时任务: 配置定时任务,使用动态脚本编写任务内容.
-10. 系统监控: 监控系统资源使用情况.
-11. 缓存监控: 监控缓存情况.
-12. 访问日志: 记录用户每次操作情况
-
-未来
-
-1. 组织架构管理: 地区-机构-部门-职务-人员.
-2. 工作流管理: activiti工作流,在线配置流程,配合动态表单实现自定义流程.
-3. 邮件代收: 代收指定邮箱的邮件
-
-
-### 框架功能
-0. 全局restful+json,前后分离.
-1. 通用dao,service,controller类，增删改查直接继承即可.
-2. 通用mybatis配置文件,支持多种条件查询自动生成,支持自动生成insert,update,delete语句,支持和查询相同的各种条件.
-3. 实现用户,权限管理;基于aop,注解,精确到按钮的权限控制.
-4. 动态表单功能,可在前端设计表单,动态生成数据库表,提供统一的增删改查接口.
-5. 在线代码生成器,可自定义模板.
-6. 动态多数据源,支持数据源热加载,热切换,支持分布式事务.
-7. 数据库支持 mysql,oracle,h2.
-8. websocket支持.
-9. 定时调度支持,可在页面配置定时任务,编写任务脚本执行。
-10. **强大的dsl查询方式,复杂条件一句生成**
-
-### 演示
-1. 示例:[demo.hsweb.me](http://demo.hsweb.me)
-2. 测试用户:test (test2,test3,test4....) 密码:123456 
-3. 演示项目源码:[hsweb-platform](https://github.com/hs-web/hsweb-platform)
-
-### 文档
-1. [安装使用](doc/1.安装使用.md)
-2. [API](doc/2.API.md)
-
-### 此版本待完善功能
-1. 单元测试编写
-2. 项目文档编写
-3. ~~增加定时调度,支持集群,任务采用脚本方式编写.~~
-4. 完善数据库持续集成,版本更新时自动更新数据库结构.
-5. 完善动态表单发布,表单发生变化后,自动重新发布(解决集群下,表单配置不一致).
-
-### 技术选型
-第三方:
-
-1. MVC:[spring-boot](https://github.com/spring-projects/spring-boot). 开箱即用,学习成本低,部署方便(main方法运行).
-2. ORM:[mybatis](https://github.com/mybatis/mybatis-3). 配置灵活,简单方便.
-3. JTA:[atomikos](https://www.atomikos.com/). 分布式事务,多数据源事务全靠他.
-4. Cache:[spring-cache](https://github.com/spring-projects/spring-framework/tree/master/spring-context/src/main/java/org/springframework/cache). 统一接口,注解使用,simple,redis... 自动切换.
-5. Scheduler:[quartz](https://github.com/quartz-scheduler/quartz). 开源稳定,支持集群.
-
-自家:
-
-0. [hsweb-commons](https://github.com/hs-web/hsweb-commons) :通用工具类
-1. [hsweb-easy-orm](https://github.com/hs-web/hsweb-easy-orm) :为动态表单设计的orm框架
-2. [hsweb-expands-compress](https://github.com/hs-web/hsweb-expands/tree/master/hsweb-expands-compress) :文件压缩，解压操作
-3. [hsweb-expands-office](https://github.com/hs-web/hsweb-expands/tree/master/hsweb-expands-office) :office文档操作( excel读写，模板导出，word模板导出)
-4. [hsweb-expands-request](https://github.com/hs-web/hsweb-expands/tree/master/hsweb-expands-request): 请求模拟(http,ftp)
-5. [hsweb-expands-script](https://github.com/hs-web/hsweb-expands/tree/master/hsweb-expands-script):动态脚本,动态编译执行java,groovy,javascript,spel,ognl....
-6. [hsweb-expands-shell](https://github.com/hs-web/hsweb-expands/tree/master/hsweb-expands-shell):shell执行
-7. [hsweb-expands-template](https://github.com/hs-web/hsweb-expands/tree/master/hsweb-expands-template):各种模板引擎
+## hsweb-framework 3.0
+
+## 模块简介
+
+| 模块       | 说明          |   进度 |
+| ------------- |:-------------:| ----|
+|[hsweb-authorization](hsweb-authorization)|权限控制| 80%|
+|[hsweb-commons](hsweb-commons) |基础通用功能| 90%|
+|[hsweb-concurrent](hsweb-concurrent)|并发包,缓存,锁,计数器等| 80%|
+|[hsweb-core](hsweb-core)|框架核心| 90%|
+|[hsweb-datasource](hsweb-datasource)|数据源| 0%|
+|[hsweb-examples](hsweb-examples)|例子,演示| 10%|
+|[hsweb-i18n](hsweb-i18n)|国际化| 0%|
+|[hsweb-logging](hsweb-logging)| 日志|  10%|
+|[hsweb-message](hsweb-message)|mq,websocket...| 80%|
+|[hsweb-starter](hsweb-starter)|模块启动器| 80%|
+|[hsweb-system](hsweb-system)|**系统功能**| 20%|
+|[hsweb-tests](hsweb-tests)|测试| 80%|

doc/1.安装使用.md

@@ -1,43 +0,0 @@
-# 使用hsweb
-项目java8开发,使用maven进行管理.
-
-## 1.配置maven pom.xml
-引入私服
-```xml
- <!--统一依赖管理-->
- <dependencyManagement>
-        <dependencies>
-            <dependency>
-                <groupId>org.hsweb</groupId>
-                <artifactId>hsweb-framework</artifactId>
-                <version>${hsweb.version}</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
-  <!--引入私服-->
-  <repositories>
-        <repository>
-            <id>hsweb-nexus</id>
-            <name>Nexus Release Repository</name>
-            <url>http://nexus.hsweb.me/content/groups/public/</url>
-            <snapshots>
-                <enabled>true</enabled>
-            </snapshots>
-        </repository>
-    </repositories>
-```
-
-引入依赖
-```xml
-<!--设置了dependencyManagement,可以不指定版本号-->
-<dependency>
-        <groupId>org.hsweb</groupId>
-        <artifactId>hsweb-web-starter</artifactId>
-</dependency>
-```
-
-完整配置,可参照 [demo](https://github.com/hs-web/hsweb-demo/blob/master/pom.xml)
-
-[查看api](2.API.md)

doc/2.API.md

@@ -1,17 +0,0 @@
-## 开发
-1. [创建通用crud](./create-crud.md)
-2. [使用通用crud](./use-crud.md)
-
-## 使用
-1. [权限管理](): 权限资源-角色-用户.
-2. [配置管理](): kv结构,自定义配置.可通过此功能配置数据字典.
-3. [脚本管理](): 动态脚本,支持javascript,groovy,java动态编译执行.
-4. [表单管理](): 动态表单,可视化设计表单,自动生成数据库以及系统权限.无需重启直接生效.
-5. [模块设置](): 配合动态表单实现表格页,查询条件自定义.
-6. [数据库维护](): 在线维护数据库,修改表结构,执行sql.
-7. [数据源管理](): 配置多数据源.
-8. [代码生成器](): 在线生成代码,打包下载.可自定义模板.
-9. [定时任务](): 配置定时任务,使用动态脚本编写任务内容.
-10. [系统监控](): 监控系统资源使用情况.
-11. [缓存监控](): 监控缓存情况.
-12. [访问日志](): 记录用户每次操作情况

doc/README.md

@@ -1,4 +0,0 @@
-# hsweb-framework
-
-1. [安装使用](1.安装使用.md)
-2. [API](2.API.md)

doc/create-crud.md

@@ -1,160 +0,0 @@
-# 创建通用增删改查功能
-
-## 1. 实体
-目前hsweb只有一种实体:PO。统一继承 `GenericPo`
-
-新建实体`org.hsweb.demo.bean.test.MyTest`如下:
-```java
-    public class MyTest extends GenericPo{
-        private String name;
-        
-        private int age;
-        
-        //由于查询使用动态参数,使用此方式定义属性名。方便统一维护
-        public interface Property extends GenericPo.Property{
-            String name = "name";
-            String age  = "age";
-        }
-    }
-```
-
-建立数据库表(hsweb暂未使用jpa等方式自动建表):
-
-方式1: 编辑`resources/scripts/initialize.groovy` (此脚本在项目首次运行时执行) 并加入
-```groovy
-database.createOrAlter("s_test")
-        .addColumn().name("u_id").alias("id").comment("ID").jdbcType(JDBCType.VARCHAR).length(32).primaryKey().commit()
-        .addColumn().name("age").alias("age").comment("年龄").jdbcType(JDBCType.DECIMAL).length(16,0).commit()
-        .addColumn().name("name").alias("name").comment("姓名").jdbcType(JDBCType.VARCHAR).length(128).commit()
-        .comment("测试").commit();
-```
-
-方式2: 如果系统已经初始化,则需要手动建立表结构,或者使用更新版本的方式进行初始化:
-假设当前版本为 1.0.0, 升级为 1.0.1,则新建文件 ``resources/scripts/upgrade/1.0.1.groovy`` 并加入方式1中的脚本内容.
-在启动后,更新版本时会自动执行此脚本.
-
-## 2. dao 接口 
-
-定义接口 ``org.hsweb.demo.dao.test.MyTestMapper``
-
-(增删改查 继承GenericMapper即可)
-```java
-    public interface MyTestMapper extends GenericMapper<MyTest, String> {
-    }
-```
-## 3.mybatis dao实现
-mybatis 采用配置文件(xml)的方式
-
-新建xml配置`resources/org/hsweb/demo/mappers/test/MyTestMapper`如下:
-```xml
-<?xml version="1.0" encoding="UTF-8" ?>
-    <!DOCTYPE mapper
-            PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
-            "http://www.mybatis.org/dtd/mybatis-3-mapper.dtd">
-    <mapper namespace="org.hsweb.demo.dao.test.MyTestMapper">
-        <resultMap id="TestResultMap" type="org.hsweb.demo.bean.test.MyTest">
-            <id property="id" column="u_id" javaType="string" jdbcType="VARCHAR"/>
-            <result property="name" column="name" javaType="String" jdbcType="VARCHAR"/>
-            <result property="age" column="age" javaType="int" jdbcType="INTEGER"/>
-        </resultMap>
-    
-        <!--用于动态生成sql所需的配置-->
-        <sql id="config">
-            <!--动态sql使用resultMapId对应的配置，来生成sql-->
-            <bind name="resultMapId" value="'TestResultMap'"/>
-            <bind name="tableName" value="'s_test'"/>
-        </sql>
-        <insert id="insert" parameterType="org.hsweb.web.bean.common.InsertParam">
-            <include refid="config"/>
-            <include refid="BasicMapper.buildInsertSql"/>
-        </insert>
-    
-        <delete id="delete" parameterType="org.hsweb.web.bean.common.DeleteParam">
-            <include refid="config"/>
-            <include refid="BasicMapper.buildDeleteSql"/>
-        </delete>
-    
-        <update id="update" parameterType="org.hsweb.web.bean.common.UpdateParam">
-            <include refid="config"/>
-            <include refid="BasicMapper.buildUpdateSql"/>
-        </update>
-    
-        <select id="selectByPk" parameterType="string" resultMap="TestResultMap">
-            select * from s_test where u_id=#{id}
-        </select>
-    
-        <select id="select" parameterType="org.hsweb.web.bean.common.QueryParam" resultMap="TestResultMap">
-            <include refid="config"/>
-            <include refid="BasicMapper.buildSelectSql"/>
-        </select>
-    
-        <select id="total" parameterType="org.hsweb.web.bean.common.QueryParam" resultType="int">
-            <include refid="config"/>
-            <include refid="BasicMapper.buildTotalSql"/>
-        </select>
-    </mapper>
-```
-
-## 4. service 接口
-
-定义service接口 ``org.hsweb.demo.service.test.MyTestService``
-
-(增删改查 GenericService)
-```java
-public interface MyTestService extends GenericService<MyTest, String> {
-}
-```
-
-## 5. service 实现
-
-定义service实现类 ``org.hsweb.demo.service.test.impl.SimpleMyTestService``
-
-继承 AbstractServiceImpl
-```java
-@Service("testService")
-public class SimpleMyTestService extends AbstractServiceImpl<MyTest, String> implements MyTestService {
-    @Autowired
-    private MyTestMapper myTestMapper;
-    
-    //AbstractServiceImpl 使用GenericMapper的实现类进行CRUD操作
-    @Override
-    protected MyTestMapper getMapper() {
-        return myTestMapper;
-    }
-}
-```
-
-## 6. controller
-
-定义Controller ``org.hsweb.demo.controller.test.MyTestController``
-
-```java
-@RestController
-@RequestMapping("/myTest")
-@Authorize(module = "myTest") //权限验证
-@AccessLogger("测试模块")   //访问日志描述
-public class MyTestController extends GenericController<MyTest, String> {
-
-    @Autowired
-    MyTestService myTestService;
-    
-    @Override
-    protected MyTestService getService() {
-        return myTestService;
-    }
-}
-```
-
-## 7. 添加权限
-
-1、启动并登录系统,进入系统管理-权限管理模块加入对应的权限,重新登录即可使用了。
-2、或者参照初始化表的方式,以脚本的方式进行初始化,如:
-
-```groovy
-def module= [u_id: 'myTest', name: '测试', uri: 'admin/myTest/list.html', icon: '', parent_id: '-1', remark: '', status: 1, optional: '[{"id":"M","text":"菜单可见","checked":true},{"id":"import","text":"导入excel","checked":true},{"id":"export","text":"导出excel","checked":true},{"id":"R","text":"查询","checked":true},{"id":"C","text":"新增","checked":true},{"id":"U","text":"修改","checked":true},{"id":"D","text":"删除","checked":false}]', sort_index: 1];
-database.getTable("s_modules").createInsert().value(module).exec();
-```
-
-## 8. 感觉太麻烦?
-
-**使用在线代码生成器,一键生成全部代码!**

doc/use-crud.md

@@ -1,48 +0,0 @@
-
-# 1.查询：
-```java
-    
-    import static MyBean.Property.*; //属性名
-    myService.createQuery()
-        .where(name,"admin")
-        .or(name,"root")
-        .list(); //list(), list(0,10), single(),total();
-    //or
-    myService.createQuery().fromBean(myBean)
-        .where(name)
-        .or(name)
-        .list(); 
-    
-    // 复杂查询条件
-    // 等同sql  where name is not null and (name like '李%' or name like '周%') and age >0
-    // 参数全部预编译,不用担心注入
-     myService.createQuery()
-        .where().notNull(name)
-        .nest().or().like$(name,"李").or().like$(name,"周").end()
-        .and().gt(age,10).list();
-     
-    //自定义sql条件
-    myService.createQuery()
-        .where()
-        .and().sql("name !=''")
-        .or().sql("age < #{age}",{age:10})// 使用预编译方式
-        .or().sql("age = #{[0]}",Arrays.asList(20))//获取集合参数
-        .or().sql("age > ? and (age <?)",60,100)//使用参数列表方式
-        .list(); 
-```
-
-# 2.修改,支持和query一致的条件
-```java
-    import static MyBean.Property.*;
-    myService.createUpdate()
-        .set(status,1)
-        .where(id,"data-id").exec();
-    // or
-    myService.createUpdate(myBean).fromBean().where(id).exec();
-```
-
-# 3.删除,支持和query一致的条件
-```java
-    import static MyBean.Property.*;
-    myService.createDelete().where(id,"data-id").exec();
-```

hsweb-authorization/README.md

@@ -0,0 +1,7 @@
+# 授权认证模块
+用于整个系统的授权认证管理
+
+# 目录介绍
+1. [hsweb-authorization-api](hsweb-authorization-api):权限控制API
+1. [hsweb-authorization-oauth2](hsweb-authorization-oauth2):oauth2支持
+1. [hsweb-authorization-shiro](hsweb-authorization-shiro):权限控制的shiro实现

hsweb-authorization/hsweb-authorization-api/README.md

@@ -0,0 +1,54 @@
+# 权限控制API
+用于权限控制的API接口,支持RBAC权限控制,支持数据级（控制到行,列）权限控制.
+
+# 介绍
+
+以下讲到的类都是基于包:org.hswebframework.web.authorization
+
+### 常用注解:
+_点击名称,查看源代码注释获得使用说明_
+
+| 注解名称       | 说明          | 
+| ------------- |:-------------:| 
+| [`@Authorize`](src/main/java/org/hswebframework/web/authorization/annotation/Authorize.java)    | RBAC方式权限控制注解 | 
+| [`@RequiresExpression`](src/main/java/org/hswebframework/web/authorization/annotation/RequiresExpression.java)      | 表达式方式验证      | 
+| [`@RequiresDataAccess`](src/main/java/org/hswebframework/web/authorization/annotation/RequiresDataAccess.java)      | 行级权限控制      | 
+| [`@RequiresFieldAccess`](src/main/java/org/hswebframework/web/authorization/annotation/RequiresFieldAccess.java)      | 列级权限控制      | 
+
+### 常用类
+_点击名称,查看源代码注释获得使用说明_
+
+
+| 类名       | 说明          | 
+| ------------- |:-------------:| 
+| [`Authentication`](src/main/java/org/hswebframework/web/authorization/Authentication.java)    | 用户的认证信息 | 
+| [`AuthenticationHolder`](src/main/java/org/hswebframework/web/authorization/AuthenticationHolder.java)      | 用于获取当前登录用户的认证信息      | 
+
+
+### Listener
+api提供[AuthorizationListener](src/main/java/org/hswebframework/web/authorization/listener/AuthorizationListener.java)
+来进行授权逻辑拓展，在授权前后执行可自定义的操作.如rsa解密帐号密码,验证码判断等。
+
+默认事件列表():
+
+| 类名       | 说明          | 
+| ------------- |:-------------:| 
+| [`AuthorizationDecodeEvent`](src/main/java/org/hswebframework/web/authorization/listener/event/AuthorizationDecodeEvent.java)    | 接收到请求参数时 | 
+| [`AuthorizationBeforeEvent`](src/main/java/org/hswebframework/web/authorization/listener/event/AuthorizationBeforeEvent.java)      | 验证密码前触发      | 
+| [`AuthorizationFailedEvent`](src/main/java/org/hswebframework/web/authorization/listener/event/AuthorizationFailedEvent.java)      | 授权验证失败时触发      | 
+| [`AuthorizationSuccessEvent`](src/main/java/org/hswebframework/web/authorization/listener/event/AuthorizationSuccessEvent.java)      | 授权成功时触发      | 
+| [`AuthorizationExitEvent`](src/main/java/org/hswebframework/web/authorization/listener/event/AuthorizationExitEvent.java)      | 用户注销时触发      | 
+
+例子:
+
+```java
+@Component
+public class CustomAuthorizationSuccessListener implements AuthorizationListener<AuthorizationSuccessEvent>{
+        @Override
+        public void on(AuthorizationSuccessEvent event) {
+            Authentication authentication=event.getAuthentication();
+            //....
+            System.out.println(authentication.getUser().getName()+"登录啦");
+        }
+}
+```

hsweb-authorization/hsweb-authorization-api/pom.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>hsweb-authorization</artifactId>
+        <groupId>org.hswebframework.web</groupId>
+        <version>3.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>hsweb-authorization-api</artifactId>
+    <dependencies>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-boost-aop</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.5</version>
+            <optional>true</optional>
+        </dependency>
+    </dependencies>
+</project>

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/Authentication.java

@@ -0,0 +1,148 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.hswebframework.web.authorization;
+
+import java.io.Serializable;
+import java.util.List;
+import java.util.Map;
+import java.util.NoSuchElementException;
+import java.util.Optional;
+
+/**
+ * 用户授权信息,当前登录用户的权限信息,包括用户的基本信息,角色,权限集合等常用信息<br>
+ * 获取方式:
+ * <ul>
+ * <li>springmvc 入参方式: ResponseMessage myTest(Authorization auth){}</li>
+ * <li>静态方法方式:AuthorizationHolder.get();</li>
+ * </ul>
+ *
+ * @author zhouhao
+ * @see AuthenticationHolder
+ * @see AuthenticationManager
+ * @since 3.0
+ */
+public interface Authentication extends Serializable {
+
+    /**
+     * 获取当前登录的用户权限信息
+     * <pre>
+     *
+     *   Authentication auth= Authentication.current().get();
+     *   //如果权限信息不存在将抛出{@link NoSuchElementException}建议使用下面的方式获取
+     *   Authentication auth=Authentication.current().orElse(null);
+     *   //或者
+     *   Authentication auth=Authentication.current().orElseThrow(AuthorizeException::new);
+     * </pre>
+     *
+     * @return 返回Optional对象进行操作
+     * @see Optional
+     * @see AuthenticationHolder
+     */
+    static Optional<Authentication> current() {
+        return Optional.ofNullable(AuthenticationHolder.get());
+    }
+
+    /**
+     * @return 用户信息
+     */
+    User getUser();
+
+    /**
+     * @return 用户持有的角色集合
+     */
+    List<Role> getRoles();
+
+    /**
+     * @return 用户持有的权限集合
+     */
+    List<Permission> getPermissions();
+
+    /**
+     * 根据id获取角色,角色不存在则返回null
+     *
+     * @param id 角色id
+     * @return 角色信息
+     */
+    default Role getRole(String id) {
+        if (null == id) return null;
+        return getRoles().stream()
+                .filter(role -> role.getId().equals(id))
+                .findAny()
+                .orElse(null);
+    }
+
+    /**
+     * 根据权限id获取权限信息,权限不存在则返回null
+     *
+     * @param id 权限id
+     * @return 权限信息
+     */
+    default Permission getPermission(String id) {
+        if (null == id) return null;
+        return getPermissions().parallelStream()
+                .filter(permission -> permission.getId().equals(id))
+                .findAny()
+                .orElse(null);
+    }
+
+    /**
+     * 根据属性名获取属性值,返回一个{@link Optional}对象。<br>
+     * 此方法可用于获取自定义的属性信息
+     *
+     * @param name 属性名
+     * @param <T>  属性值类型
+     * @return Optional属性值
+     */
+    <T extends Serializable> Optional<T> getAttribute(String name);
+
+    /**
+     * 设置一个属性值,如果属性名称已经存在,则将其覆盖。<br>
+     * 注意:由于权限信息可能会被序列化,属性值必须实现{@link Serializable}接口
+     *
+     * @param name   属性名称
+     * @param object 属性值
+     * @see AuthenticationManager#sync(Authentication)
+     */
+    void setAttribute(String name, Serializable object);
+
+    /**
+     * 设置多个属性值,参数为map类型,key为属性名称,value为属性值
+     *
+     * @param attributes 属性值map
+     * @see AuthenticationManager#sync(Authentication)
+     */
+    void setAttributes(Map<String, Serializable> attributes);
+
+    /**
+     * 删除属性,并返回被删除的值
+     *
+     * @param name 属性名
+     * @param <T>  被删除的值类型
+     * @return 被删除的值
+     * @see AuthenticationManager#sync(Authentication)
+     */
+    <T extends Serializable> T removeAttributes(String name);
+
+    /**
+     * 获取全部属性,此属性为通过{@link this#setAttribute(String, Serializable)}或{@link this#setAttributes(Map)}设置的属性。
+     *
+     * @return 全部属性集合
+     */
+    Map<String, Serializable> getAttributes();
+
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/AuthenticationHolder.java

@@ -0,0 +1,102 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization;
+
+import org.hswebframework.web.ThreadLocalUtils;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+import java.util.concurrent.locks.ReadWriteLock;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+import java.util.function.Function;
+
+/**
+ * 权限获取器,用于静态方式获取当前登录用户的权限信息.
+ * 例如:
+ * <pre>
+ *     &#064;RequestMapping("/example")
+ *     public ResponseMessage example(){
+ *         Authorization auth = AuthorizationHolder.get();
+ *         return ResponseMessage.ok();
+ *     }
+ * </pre>
+ *
+ * @author zhouhao
+ * @see AuthenticationSupplier
+ * @since 3.0
+ */
+public final class AuthenticationHolder {
+    private static final List<AuthenticationSupplier> suppliers = new ArrayList<>();
+
+    private static final String CURRENT_USER_ID_KEY = Authentication.class.getName() + "_current_id";
+
+    private static final ReadWriteLock lock = new ReentrantReadWriteLock();
+
+    private static Authentication get(Function<AuthenticationSupplier, Authentication> function) {
+        lock.readLock().lock();
+        try {
+            return suppliers.stream()
+                    .map(function)
+                    .filter(Objects::nonNull)
+                    .findFirst().orElse(null);
+        } finally {
+            lock.readLock().unlock();
+        }
+    }
+
+    /**
+     * @return 当前登录的用户权限信息
+     */
+    public static Authentication get() {
+        String currentId = ThreadLocalUtils.get(CURRENT_USER_ID_KEY);
+        if (currentId != null) {
+            return get(currentId);
+        }
+        return get(AuthenticationSupplier::get);
+    }
+
+    /**
+     * 获取指定用户的权限信息
+     *
+     * @param userId 用户ID
+     * @return 权限信息
+     */
+    public static Authentication get(String userId) {
+        return get(supplier -> supplier.get(userId));
+    }
+
+    /**
+     * 初始化 {@link AuthenticationSupplier}
+     *
+     * @param supplier
+     */
+    public static void addSupplier(AuthenticationSupplier supplier) {
+        lock.writeLock().lock();
+        try {
+            suppliers.add(supplier);
+        } finally {
+            lock.writeLock().unlock();
+        }
+    }
+
+    public static void setCureentUserId(String id) {
+        ThreadLocalUtils.put(AuthenticationHolder.CURRENT_USER_ID_KEY, id);
+    }
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/AuthenticationInitializeService.java

@@ -0,0 +1,43 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization;
+
+/**
+ * 授权信息初始化服务接口,使用该接口初始化用的权限信息
+ *
+ * @author zhouhao
+ * @since 3.0
+ */
+public interface AuthenticationInitializeService {
+    /**
+     * 根据用户ID初始化权限信息
+     *
+     * @param userId 用户ID
+     * @return 权限信息
+     */
+    Authentication initUserAuthorization(String userId);
+
+    /**
+     * 将指定的用户初始化为超级管理员权限
+     *
+     * @param userId 用户ID
+     * @return 权限信息
+     */
+    Authentication initAdminAuthorization(String userId);
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/AuthenticationManager.java

@@ -0,0 +1,50 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization;
+
+import java.io.Serializable;
+import java.util.Map;
+
+/**
+ * 授权信息管理器,用于获取用户授权和同步授权信息
+ *
+ * @author zhouhao
+ * @see 3.0
+ */
+public interface AuthenticationManager {
+    /**
+     * 根据用户ID获取权限信息
+     *
+     * @param userId 用户ID
+     * @return 权限信息
+     */
+    Authentication getByUserId(String userId);
+
+    /**
+     * 同步授权信息,在调用了{@link Authentication#setAttribute(String, Serializable)}或者
+     * {@link Authentication#setAttributes(Map)} 后,需要调用次方法进行同步.
+     * 因为如果权限信息不是存在于内存中,而是redis或者其他方案.
+     * 在调用了上述方法后,实际的存储值并不会发生改变.
+     * 注意: Authentication的实现类应该实现自动同步功能。
+     *
+     * @param authentication 要同步的权限信息
+     * @return 同步后的权限信息
+     */
+    Authentication sync(Authentication authentication);
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/AuthenticationSupplier.java

@@ -0,0 +1,30 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.hswebframework.web.authorization;
+
+import java.util.function.Supplier;
+
+/**
+ * @author zhouhao
+ * @see Supplier
+ * @see Authentication
+ * @see AuthenticationHolder
+ */
+public interface AuthenticationSupplier extends Supplier<Authentication> {
+    Authentication get(String userId);
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/MultiAuthentication.java

@@ -0,0 +1,49 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization;
+
+import java.util.Set;
+
+/**
+ * 多用户权限,可同时登录多个用户,调用{@link Authentication}的方法为获取当前激活用户的权限
+ *
+ * @since 3.0
+ */
+public interface MultiAuthentication extends Authentication {
+
+    /**
+     * @return 所有权限信息
+     */
+    Set<Authentication> getAuthentications();
+
+    /**
+     * 激活指定的用户
+     *
+     * @param userId 用户ID
+     * @return 被激活的用户, 如果用户未登录, 则返回null
+     */
+    Authentication activate(String userId);
+
+    /**
+     * 添加一个授权
+     *
+     * @param authentication 授权信息
+     */
+    void addAuthentication(Authentication authentication);
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/Permission.java

@@ -0,0 +1,95 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.hswebframework.web.authorization;
+
+import org.hswebframework.web.authorization.access.DataAccessConfig;
+import org.hswebframework.web.authorization.access.FieldAccessConfig;
+
+import java.io.Serializable;
+import java.util.Set;
+
+/**
+ * 用户持有的权限信息,包含了权限基本信息、可操作范围(action)、行,列级权限控制规则。
+ * 是用户权限的重要接口。
+ *
+ * @author zhouhao
+ * @see Authentication
+ * @since 3.0
+ */
+public interface Permission extends Serializable {
+    /**
+     * 查询
+     */
+    String ACTION_QUERY  = "query";
+    /**
+     * 获取明细
+     */
+    String ACTION_GET    = "get";
+    /**
+     * 新增
+     */
+    String ACTION_ADD    = "add";
+    /**
+     * 更新
+     */
+    String ACTION_UPDATE = "update";
+    /**
+     * 删除
+     */
+    String ACTION_DELETE = "delete";
+    /**
+     * 导入
+     */
+    String ACTION_IMPORT = "import";
+    /**
+     * 导出
+     */
+    String ACTION_EXPORT = "export";
+
+    /**
+     * 禁用
+     */
+    String ACTION_DISABLE = "disable";
+
+    /**
+     * 启用
+     */
+    String ACTION_ENABLE = "enable";
+
+    /**
+     * @return 权限ID，权限的唯一标识
+     */
+    String getId();
+
+    /**
+     * @return 用户对此权限的可操作事件(按钮)
+     */
+    Set<String> getActions();
+
+    /**
+     * @return 用户对此权限持有的字段权限信息, 用于字段级别的控制
+     * @see FieldAccessConfig
+     */
+    Set<FieldAccessConfig> getFieldAccesses();
+
+    /**
+     * @return 用户对此权限持有的数据权限信息, 用于数据级别的控制
+     * @see DataAccessConfig
+     */
+    Set<DataAccessConfig> getDataAccessConfigs();
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/Role.java

@@ -0,0 +1,39 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.hswebframework.web.authorization;
+
+import java.io.Serializable;
+
+/**
+ * 角色信息
+ *
+ * @author zhouhao
+ * @since 3.0
+ */
+public interface Role extends Serializable {
+
+    /**
+     * @return 角色ID
+     */
+    String getId();
+
+    /**
+     * @return 角色名
+     */
+    String getName();
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/User.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.hswebframework.web.authorization;
+
+import java.io.Serializable;
+
+/**
+ * 用户信息
+ *
+ * @author zhouhao
+ * @since 3.0
+ */
+public interface User extends Serializable {
+    /**
+     * @return 用户ID
+     */
+    String getId();
+
+    /**
+     * @return 用户名
+     */
+    String getUsername();
+
+    /**
+     * @return 姓名
+     */
+    String getName();
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/CustomDataAccess.java

@@ -0,0 +1,19 @@
+package org.hswebframework.web.authorization.access;
+
+/**
+ * 自定义控制器的数据级权限控制器
+ *
+ * @author zhouhao
+ * @see DefaultType#CUSTOM
+ */
+public interface CustomDataAccess extends DataAccessConfig {
+
+    /**
+     * @return 自定义的控制器
+     */
+    DataAccessController getController();
+
+    default String getType() {
+        return DefaultType.CUSTOM;
+    }
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/DataAccessConfig.java

@@ -0,0 +1,68 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.access;
+
+
+import org.hswebframework.web.authorization.Permission;
+
+import java.io.Serializable;
+
+/**
+ * 数据级的权限控制,此接口为控制方式配置
+ * 具体的控制逻辑由控制器{@link DataAccessController}实现
+ *
+ * @author zhouhao
+ * @see org.hswebframework.web.authorization.access.CustomDataAccess
+ * @see OwnCreatedDataAccessConfig
+ * @see ScriptDataAccessConfig
+ */
+public interface DataAccessConfig extends Serializable {
+
+    /**
+     * 对数据的操作事件
+     *
+     * @return 操作时间
+     * @see Permission#ACTION_ADD
+     * @see Permission#ACTION_DELETE
+     * @see Permission#ACTION_GET
+     * @see Permission#ACTION_QUERY
+     * @see Permission#ACTION_UPDATE
+     */
+    String getAction();
+
+    /**
+     * 控制方式标识
+     *
+     * @return 控制方式
+     * @see DefaultType
+     */
+    String getType();
+
+    /**
+     * 内置3中控制方式
+     */
+    interface DefaultType {
+        //自己创建的数据
+        String OWN_CREATED = "OWN_CREATED";
+        //脚本
+        String SCRIPT      = "SCRIPT";
+        //自定义控制器
+        String CUSTOM      = "CUSTOM";
+    }
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/DataAccessController.java

@@ -0,0 +1,20 @@
+package org.hswebframework.web.authorization.access;
+
+import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
+
+/**
+ * 数据级别权限控制器,通过此控制器对当前登录用户进行的操作进行数据级别的权限控制。
+ * 如：A用户只能查询自己创建的B数据,A用户只能修改自己创建的B数据
+ *
+ * @author zhouhao
+ * @since  3.0
+ */
+public interface DataAccessController {
+    /**
+     * 执行权限控制
+     * @param access 控制方式以及配置
+     * @param params 当前操作的方法的参数上下文
+     * @return 授权是否通过
+     */
+    boolean doAccess(DataAccessConfig access, MethodInterceptorParamContext params);
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/DataAccessHandler.java

@@ -0,0 +1,28 @@
+package org.hswebframework.web.authorization.access;
+
+import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
+
+/**
+ * 数据级别权限控制处理器接口,负责处理支持的权限控制配置
+ *
+ * @author zhouhao
+ */
+public interface DataAccessHandler {
+
+    /**
+     * 是否支持处理此配置
+     *
+     * @param access 控制配置
+     * @return 是否支持
+     */
+    boolean isSupport(DataAccessConfig access);
+
+    /**
+     * 执行处理,返回处理结果
+     *
+     * @param access  控制配置
+     * @param context 参数上下文
+     * @return 处理结果
+     */
+    boolean handle(DataAccessConfig access, MethodInterceptorParamContext context);
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/FieldAccessConfig.java

@@ -0,0 +1,34 @@
+package org.hswebframework.web.authorization.access;
+
+import java.io.Serializable;
+import java.util.Set;
+
+/**
+ * 字段级别权限控制配置,表示此用户不能对字段{@link this#getField()} 执行 {@link this#getActions()}操作
+ *
+ * @author zhouhao
+ * @see FieldAccessController
+ */
+public interface FieldAccessConfig extends Serializable {
+
+    /**
+     * @return 要控制的字段名称, 字段名称支持嵌套如: user.info.name
+     */
+    String getField();
+
+    /**
+     * @return 对此字段的操作权限
+     * @see org.hswebframework.web.authorization.Permission#ACTION_QUERY
+     * @see org.hswebframework.web.authorization.Permission#ACTION_UPDATE
+     */
+    Set<String> getActions();
+
+    default Type getType() {
+        return Type.DENY;
+    }
+
+    enum Type {
+        //目前之支持 deny
+        DENY
+    }
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/FieldAccessController.java

@@ -0,0 +1,24 @@
+package org.hswebframework.web.authorization.access;
+
+import org.hswebframework.web.authorization.Permission;
+import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
+
+import java.util.Set;
+
+/**
+ * 字段级权限控制器,用于控制对字段的操作权限。如:不同角色,可操作的字段不同等
+ *
+ * @author zhouhao
+ */
+public interface FieldAccessController {
+
+    /**
+     * 执行权限验证。根据当前被拦截的操作类型,以及此类型可操作的字段集合进行权限验证
+     *
+     * @param action   当前操作的类型 {@link Permission#getActions()}
+     * @param accesses 不可操作的字段
+     * @param params   参数上下文
+     * @return 验证是否通过
+     */
+    boolean doAccess(String action, Set<FieldAccessConfig> accesses, MethodInterceptorParamContext params);
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/OwnCreatedDataAccessConfig.java

@@ -0,0 +1,12 @@
+package org.hswebframework.web.authorization.access;
+
+/**
+ * 只能操作由自己创建的数据
+ *
+ * @author zhouhao
+ */
+public interface OwnCreatedDataAccessConfig extends DataAccessConfig {
+    default String getType() {
+        return DefaultType.OWN_CREATED;
+    }
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/ScriptDataAccessConfig.java

@@ -0,0 +1,27 @@
+package org.hswebframework.web.authorization.access;
+
+/**
+ * 通过脚本来控制数据操作权限.脚本可以在前端设置角色的时候进行编辑
+ *
+ * @author zhouhao
+ */
+public interface ScriptDataAccessConfig extends DataAccessConfig {
+    default String getType() {
+        return DefaultType.SCRIPT;
+    }
+
+    /**
+     * 脚本语言: javascript(js),groovy
+     *
+     * @return 语言
+     */
+    String getScriptLanguage();
+
+    /**
+     * 脚本内容,在进行验证的时候会执行脚本
+     *
+     * @return 脚本
+     */
+    String getScript();
+
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/Authorize.java

@@ -0,0 +1,92 @@
+/*
+ *
+ *  * Copyright 2016 http://www.hswebframework.org
+ *  *
+ *  * Licensed under the Apache License, Version 2.0 (the "License");
+ *  * you may not use this file except in compliance with the License.
+ *  * You may obtain a copy of the License at
+ *  *
+ *  *     http://www.apache.org/licenses/LICENSE-2.0
+ *  *
+ *  * Unless required by applicable law or agreed to in writing, software
+ *  * distributed under the License is distributed on an "AS IS" BASIS,
+ *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  * See the License for the specific language governing permissions and
+ *  * limitations under the License.
+ *
+ */
+
+package org.hswebframework.web.authorization.annotation;
+
+import org.hswebframework.web.authorization.Permission;
+import org.hswebframework.web.authorization.Role;
+import org.hswebframework.web.authorization.User;
+
+import java.lang.annotation.*;
+
+/**
+ * 基础权限控制注解,提供基本的控制配置
+ *
+ * @author zhouhao
+ * @since 3.0
+ */
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Retention(RetentionPolicy.RUNTIME)
+@Inherited
+@Documented
+public @interface Authorize {
+
+    /**
+     * 对角色授权,当使用按角色授权时，对模块以及操作级别授权方式失效
+     *
+     * @return 进 role id array
+     * @see Role#getId()
+     */
+    String[] role() default {};
+
+    /**
+     * 对模块授权
+     *
+     * @return permission id array
+     * @see Permission#getId()
+     */
+    String[] permission() default {};
+
+    /**
+     * 如增删改查等
+     *
+     * @return action array
+     * @see Permission#getActions()
+     */
+    String[] action() default {};
+
+    /**
+     * 验证是否为指定user
+     *
+     * @return username array
+     * @see User#getUsername()
+     */
+    String[] user() default {};
+
+    /**
+     * 验证失败时返回的消息
+     *
+     * @return 验证失败提示的消息
+     */
+    String message() default "{unauthorized}";
+
+    /**
+     * 是否合并类上的注解
+     *
+     * @return 是否合并类上的注解
+     */
+    boolean merge() default true;
+
+    /**
+     * 验证模式，在使用多个验证条件时有效
+     *
+     * @return logical
+     */
+    Logical logical() default Logical.DEFAULT;
+
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/Logical.java

@@ -0,0 +1,22 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.hswebframework.web.authorization.annotation;
+
+public enum Logical {
+    AND, OR, DEFAULT
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/RequiresDataAccess.java

@@ -0,0 +1,72 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.hswebframework.web.authorization.annotation;
+
+import org.hswebframework.web.authorization.access.DataAccessConfig;
+import org.hswebframework.web.authorization.access.DataAccessController;
+import org.hswebframework.web.authorization.Permission;
+
+import java.lang.annotation.*;
+
+/**
+ * 数据级权限控制注解,用于进行需要数据级别权限控制的声明.
+ * <p>
+ * 此注解仅用于声明此方法需要进行数据级权限控制,具体权限控制方式由控制器实{@link DataAccessController}现
+ * </p>
+ *
+ * @author zhouhao
+ * @see DataAccessController
+ * @since 3.0
+ */
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface RequiresDataAccess {
+
+    /**
+     * @return permission id
+     * @see Permission#getId()
+     */
+    String permission();
+
+    /**
+     * @return action array
+     * @see DataAccessConfig#getAction()
+     */
+    String[] action() default {};
+
+    /**
+     * @return logical
+     */
+    Logical logical() default Logical.OR;
+
+    /**
+     * @return 自定义控制器bean名称
+     */
+    String controllerBeanName() default "";
+
+    /**
+     * @return 自定义控制器类型
+     */
+    Class<DataAccessController> controllerClass() default DataAccessController.class;
+
+    /**
+     * @return id参数名称
+     */
+    String idParamName() default "id";
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/RequiresExpression.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.hswebframework.web.authorization.annotation;
+
+import java.lang.annotation.*;
+
+/**
+ * 使用表达式进行验证,默认支持spel,ognl表达式。
+ *
+ * @author zhouhao
+ * @since 3.0
+ */
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface RequiresExpression {
+
+    /**
+     * 表达式内容,表达式可以调用方法的参数值以及当前的用户信息和spring管理的bean
+     * 例如:
+     * <pre>
+     * &#064;RequestMapping
+     * &#064;RequiresExpression("#param!=null")
+     * public ResponseMessage requestHandle(String param){
+     *  return ok();
+     * }
+     * </pre>
+     *
+     * @return 表达式
+     */
+    String value();
+
+    /**
+     * @return 表达式语言 ，支持spel,ognl,groovy,javascript
+     */
+    String language() default "spel";
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/RequiresFieldAccess.java

@@ -0,0 +1,56 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.hswebframework.web.authorization.annotation;
+
+import org.hswebframework.web.authorization.Permission;
+import org.hswebframework.web.authorization.access.FieldAccessConfig;
+
+import java.lang.annotation.*;
+
+/**
+ * 字段级权限控制注解,用于进行需要字段级别权限控制的声明.
+ * <p>
+ * 此注解仅用于声明此方法需要进行字段级权限控制,具体权限控制方式由控制器实{@link org.hswebframework.web.authorization.access.FieldAccessController}现
+ * </p>
+ *
+ * @author zhouhao
+ * @see org.hswebframework.web.authorization.access.FieldAccessController
+ * @since 3.0
+ */
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface RequiresFieldAccess {
+
+    /**
+     * @return permission id
+     * @see Permission#getId()
+     */
+    String permission();
+
+    /**
+     * @return action
+     * @see FieldAccessConfig#getActions()
+     */
+    String action();
+
+    Logical logical() default Logical.OR;
+
+    String paramName() default "";
+
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/container/AuthenticationContainer.java

@@ -0,0 +1,71 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.container;
+
+import org.hswebframework.web.authorization.Authentication;
+
+import javax.servlet.http.HttpSession;
+import java.util.List;
+
+/**
+ * 授权容器,用来操作所有已经授权的用户
+ *
+ * @author zhouhao
+ * @since 3.0
+ */
+public interface AuthenticationContainer {
+
+    /**
+     * 根据sessionId获取权限信息
+     *
+     * @param sessionId
+     * @return 权限信息, 未授权时返回null
+     */
+    Authentication getAuthenticationBySessionId(String sessionId);
+
+    /**
+     * @param userId 用户ID
+     * @return 用户是否已经授权
+     */
+    boolean userIsAuthorized(String userId);
+
+    /**
+     * @return 已经授权的总人数
+     */
+    int totalAuthorizedUser();
+
+    /**
+     * @return 所有被授权的用户
+     */
+    List<Authentication> allAuthorizedUser();
+
+    /**
+     * 删除用户授权信息
+     *
+     * @param userId 用户ID
+     * @return 被删除的权限信息
+     */
+    Authentication removeAuthentication(String userId);
+
+    /**
+     * @param authentication
+     * @return 添加后被覆盖的权限信息 ,如果没有则返回null
+     */
+    Authentication addAuthentication(Authentication authentication, String sessionId);
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/listener/AuthorizationListener.java

@@ -0,0 +1,16 @@
+
+package org.hswebframework.web.authorization.listener;
+
+
+import org.hswebframework.web.authorization.listener.event.AuthorizationEvent;
+
+/**
+ * 授权监听器,用于监听授权过程,以及自定义授权逻辑
+ *
+ * @author zhouhao
+ * @see AuthorizationEvent
+ * @since 3.0
+ */
+public interface AuthorizationListener<E extends AuthorizationEvent> {
+    void on(E event);
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/listener/AuthorizationListenerDispatcher.java

@@ -0,0 +1,49 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.listener;
+
+import org.hswebframework.web.authorization.listener.event.AuthorizationEvent;
+
+import java.util.*;
+
+/**
+ * @author zhouhao
+ */
+public class AuthorizationListenerDispatcher {
+
+    private Map<Class<? extends AuthorizationEvent>, List<AuthorizationListener>> listenerStore = new HashMap<>();
+
+    public <E extends AuthorizationEvent> void addListener(Class<E> eventClass, AuthorizationListener<E> listener) {
+        listenerStore.computeIfAbsent(eventClass, (k) -> new LinkedList<>())
+                .add(listener);
+    }
+
+    @SuppressWarnings("unchecked")
+    public <E extends AuthorizationEvent> void doEvent(Class<E> eventType, E event) {
+        List<AuthorizationListener<E>> store = (List) listenerStore.get(eventType);
+        if (null != store) {
+            store.forEach(listener -> listener.on(event));
+        }
+    }
+
+    @SuppressWarnings("unchecked")
+    public <E extends AuthorizationEvent> void doEvent(E event) {
+        doEvent((Class<E>) event.getClass(), event);
+    }
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/listener/event/AbstractAuthorizationEvent.java

@@ -0,0 +1,64 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.listener.event;
+
+
+import java.util.Optional;
+import java.util.function.Function;
+
+/**
+ * 抽象授权事件,保存事件常用的数据
+ *
+ * @author zhouhao
+ * @since 3.0
+ */
+public abstract class AbstractAuthorizationEvent implements AuthorizationEvent {
+    protected String username;
+
+    protected String password;
+
+    private Function<String, Object> parameterGetter;
+
+    /**
+     * 带参构造方法,所有参数不能为null
+     *
+     * @param username        用户名
+     * @param password        密码
+     * @param parameterGetter 参数获取函数,用户获取授权时传入的参数
+     */
+    public AbstractAuthorizationEvent(String username, String password, Function<String, Object> parameterGetter) {
+        if (username == null || password == null || parameterGetter == null) throw new NullPointerException();
+        this.username = username;
+        this.password = password;
+        this.parameterGetter = parameterGetter;
+    }
+
+    @SuppressWarnings("unchecked")
+    protected <T> Optional<T> getParameter(String name) {
+        return Optional.ofNullable((T) parameterGetter.apply(name));
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/listener/event/AuthorizationBeforeEvent.java

@@ -0,0 +1,34 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.listener.event;
+
+import java.util.function.Function;
+
+/**
+ * 授权前事件
+ *
+ * @author zhouhao
+ * @since 3.0
+ */
+public class AuthorizationBeforeEvent extends AbstractAuthorizationEvent {
+
+    public AuthorizationBeforeEvent(String username, String password, Function<String, Object> parameterGetter) {
+        super(username, password, parameterGetter);
+    }
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/listener/event/AuthorizationDecodeEvent.java

@@ -0,0 +1,43 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.listener.event;
+
+import java.util.function.Function;
+
+/**
+ * 在进行授权时的最开始,触发此事件进行用户名密码解码,解码后请调用{@link #setUsername(String)} {@link #setPassword(String)}重新设置用户名密码
+ *
+ * @author zhouhao
+ * @since 3.0
+ */
+public class AuthorizationDecodeEvent extends AbstractAuthorizationEvent {
+
+    public AuthorizationDecodeEvent(String username, String password, Function<String, Object> parameterGetter) {
+        super(username, password, parameterGetter);
+    }
+
+    public void setUsername(String username) {
+        super.username = username;
+    }
+
+    public void setPassword(String password) {
+        super.username = password;
+    }
+
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/listener/event/AuthorizationEvent.java

@@ -0,0 +1,33 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.listener.event;
+
+/**
+ * 授权事件
+ *
+ * @author zhouhao
+ * @see AuthorizationSuccessEvent
+ * @see AuthorizationFailedEvent
+ * @see AuthorizationBeforeEvent
+ * @see AuthorizationDecodeEvent
+ * @see AuthorizationExitEvent
+ * @since 3.0
+ */
+public interface AuthorizationEvent {
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/listener/event/AuthorizationExitEvent.java

@@ -0,0 +1,38 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.listener.event;
+
+import org.hswebframework.web.authorization.Authentication;
+
+/**
+ * 退出登录事件
+ *
+ * @author zhouhao
+ */
+public class AuthorizationExitEvent implements AuthorizationEvent {
+    private Authentication authentication;
+
+    public AuthorizationExitEvent(Authentication authentication) {
+        this.authentication = authentication;
+    }
+
+    public Authentication getAuthentication() {
+        return authentication;
+    }
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/listener/event/AuthorizationFailedEvent.java

@@ -0,0 +1,63 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.listener.event;
+
+import java.util.function.Function;
+
+/**
+ * 授权失败时触发
+ *
+ * @author zhouhao
+ */
+public class AuthorizationFailedEvent extends AbstractAuthorizationEvent {
+
+    /**
+     * 失败原因
+     */
+    private Reason reason;
+
+    /**
+     * 异常信息
+     */
+    private Exception exception;
+
+    public AuthorizationFailedEvent(String username,
+                                    String password,
+                                    Function<String, Object> parameterGetter,
+                                    Reason reason) {
+        super(username, password, parameterGetter);
+        this.reason = reason;
+    }
+
+    public Exception getException() {
+        return exception;
+    }
+
+    public void setException(Exception exception) {
+        this.exception = exception;
+    }
+
+    public Reason getReason() {
+        return reason;
+    }
+
+    public enum Reason {
+        PASSWORD_ERROR, USER_DISABLED, USER_NOT_EXISTS, OTHER
+    }
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/listener/event/AuthorizationSuccessEvent.java

@@ -0,0 +1,52 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.listener.event;
+
+import org.hswebframework.web.authorization.Authentication;
+
+import java.util.Optional;
+import java.util.function.Function;
+
+/**
+ * 授权成功事件,当授权成功时,触发此事件,并传入授权的信息
+ *
+ * @author zhouhao
+ * @see Authentication
+ * @since 3.0
+ */
+public class AuthorizationSuccessEvent implements AuthorizationEvent {
+    private Authentication authentication;
+
+    private Function<String,Object> parameterGetter;
+
+    public AuthorizationSuccessEvent(Authentication authentication, Function<String, Object> parameterGetter) {
+        this.authentication = authentication;
+        this.parameterGetter = parameterGetter;
+    }
+
+    public Authentication getAuthentication() {
+        return authentication;
+    }
+
+    @SuppressWarnings("unchecked")
+    public  <T> Optional<T> getParameter(String name) {
+        return Optional.ofNullable((T) parameterGetter.apply(name));
+    }
+
+}

hsweb-authorization/hsweb-authorization-oauth2/README.md

@@ -0,0 +1,7 @@
+# oauth2 认证模块
+
+# 模块说明
+| 模块       | 说明          |   进度 |
+| ------------- |:-------------:| ----|
+|[hsweb-authorization-oauth2-client](hsweb-authorization-oauth2-client)|OAuth2 客户端API| 10%|
+|[hsweb-authorization-oauth2-server](hsweb-authorization-oauth2-server)|OAuth2 服务端API| 50%|

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/pom.xml

@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~  Copyright 2016 http://www.hswebframework.org
+  ~
+  ~  Licensed under the Apache License, Version 2.0 (the "License");
+  ~  you may not use this file except in compliance with the License.
+  ~  You may obtain a copy of the License at
+  ~
+  ~        http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~  Unless required by applicable law or agreed to in writing, software
+  ~  distributed under the License is distributed on an "AS IS" BASIS,
+  ~  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~  See the License for the specific language governing permissions and
+  ~  limitations under the License.
+  ~
+  ~
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>hsweb-authorization-oauth2</artifactId>
+        <groupId>org.hswebframework.web</groupId>
+        <version>3.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>hsweb-authorization-oauth2-auth-server</artifactId>
+    <dependencies>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-commons-entity</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-authorization-oauth2-core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.5</version>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-commons-utils</artifactId>
+            <version>3.0-SNAPSHOT</version>
+        </dependency>
+    </dependencies>
+</project>

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/AuthorizationService.java

@@ -0,0 +1,27 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface AuthorizationService {
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/OAuth2AccessToken.java

@@ -0,0 +1,75 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server;
+
+import org.hibernate.validator.constraints.NotBlank;
+
+import javax.validation.constraints.NotNull;
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface OAuth2AccessToken {
+
+    @NotBlank
+    String getClientId();
+
+    void setClientId(String clientId);
+
+    @NotBlank
+    String getAccessToken();
+
+    void setAccessToken(String accessToken);
+
+    @NotBlank
+    String getRefreshToken();
+
+    void setRefreshToken(String refreshToken);
+
+    @NotNull
+    Long getCreateTime();
+
+    void setCreateTime(Long createTime);
+
+    Long getUpdateTime();
+
+    void setUpdateTime(Long updateTime);
+
+    @NotNull
+    String getOwnerId();
+
+    void setOwnerId(String ownerId);
+
+    @NotNull
+    Integer getExpiresIn();
+
+    void setExpiresIn(Integer expiresIn);
+
+    Set<String> getScope();
+
+    void setScope(Set<String> scope);
+
+    @NotNull
+    String getGrantType();
+
+    void setGrantType(String grantType);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/OAuth2Authorization.java

@@ -0,0 +1,29 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class OAuth2Authorization {
+    private String userId;
+
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/TokenRequest.java

@@ -0,0 +1,35 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server;
+
+import java.util.Map;
+import java.util.Optional;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface TokenRequest {
+    default Optional<String> getParameter(String name) {
+        return Optional.ofNullable(getParameters().get(name));
+    }
+
+    Map<String, String> getParameters();
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/client/OAuth2Client.java

@@ -0,0 +1,55 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.client;
+
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface OAuth2Client {
+    String getId();
+
+    String getSecret();
+
+    String getName();
+
+    String getRedirectUri();
+
+    String getOwnerId();
+
+    Long getCreateTime();
+
+    Boolean isEnabled();
+
+    /**
+     * @return 客户端支持的认证类型
+     * @see org.hswebframework.web.oauth2.core.GrantType
+     */
+    Set<String> getSupportGrantTypes();
+
+    Set<String> getDefaultGrantScope();
+
+    default boolean isSupportGrantType(String grantType) {
+        Set<String> supports = getSupportGrantTypes();
+        return supports != null && (supports.contains(grantType) || supports.contains("*"));
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/client/OAuth2ClientService.java

@@ -0,0 +1,30 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.client;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface OAuth2ClientService {
+    OAuth2Client getClientById(String id);
+
+    OAuth2Client getClientByOwnerId(String ownerId);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/exception/GrantTokenException.java

@@ -0,0 +1,41 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.exception;
+
+import org.hswebframework.web.oauth2.core.ErrorType;
+
+/**
+ * @author zhouhao
+ */
+public class GrantTokenException extends RuntimeException {
+    private ErrorType errorType;
+
+    public GrantTokenException(ErrorType errorType) {
+        this(errorType, errorType.message());
+    }
+
+    public GrantTokenException(ErrorType errorType, String message) {
+        super(message);
+        this.errorType = errorType;
+    }
+
+    public ErrorType getErrorType() {
+        return errorType;
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/AbstractAuthorizationService.java

@@ -0,0 +1,92 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support;
+
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2Client;
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2ClientService;
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.token.AccessTokenService;
+import org.hswebframework.web.oauth2.core.ErrorType;
+
+import static org.hswebframework.web.oauth2.core.ErrorType.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public abstract class AbstractAuthorizationService {
+    protected AccessTokenService  accessTokenService;
+    protected OAuth2ClientService clientService;
+
+    public AccessTokenService getAccessTokenService() {
+        return accessTokenService;
+    }
+
+    public void setAccessTokenService(AccessTokenService accessTokenService) {
+        this.accessTokenService = accessTokenService;
+    }
+
+    public OAuth2ClientService getClientService() {
+        return clientService;
+    }
+
+    public void setClientService(OAuth2ClientService clientService) {
+        this.clientService = clientService;
+    }
+
+    protected void assertGrantTypeSupport(OAuth2Client client, String grantType) {
+        if (!client.isSupportGrantType(grantType)) {
+            throw new GrantTokenException(UNSUPPORTED_GRANT_TYPE);
+        }
+    }
+
+    protected void assertParameterNotBlank(String parameter, ErrorType type) {
+        if (null == parameter || parameter.isEmpty()) {
+            throw new GrantTokenException(type);
+        }
+    }
+
+    protected OAuth2Client getClient(String clientId, String clientSecret) {
+        OAuth2Client client = getClient(clientId);
+        if (!client.getSecret().equals(clientSecret)) {
+            throw new GrantTokenException(ILLEGAL_CLIENT_SECRET);
+        }
+        return client;
+    }
+
+    protected OAuth2Client checkClient(OAuth2Client client) {
+        if (client == null) {
+            throw new GrantTokenException(CLIENT_NOT_EXIST);
+        }
+        if (Boolean.TRUE != client.isEnabled()) {
+            throw new GrantTokenException(CLIENT_DISABLED);
+        }
+        return client;
+    }
+
+    protected OAuth2Client getClientByOwnerId(String ownerId) {
+        return checkClient(clientService.getClientByOwnerId(ownerId));
+    }
+
+    protected OAuth2Client getClient(String clientId) {
+        return checkClient(clientService.getClientById(clientId));
+    }
+
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/DefaultOAuth2Granter.java

@@ -0,0 +1,115 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support;
+
+import org.hswebframework.web.authorization.oauth2.server.TokenRequest;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeTokenRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.client.ClientCredentialRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.client.ClientCredentialGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.implicit.ImplicitRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.implicit.ImplicitGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.password.PasswordRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.password.PasswordGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.refresh.RefreshTokenRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.refresh.RefreshTokenGranter;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.GrantType;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Function;
+
+import static org.hswebframework.web.oauth2.core.ErrorType.ILLEGAL_GRANT_TYPE;
+import static org.hswebframework.web.oauth2.core.ErrorType.UNSUPPORTED_GRANT_TYPE;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class DefaultOAuth2Granter implements OAuth2Granter {
+
+    private Map<String, Granter> supportGranter = new HashMap<>(5);
+
+    public DefaultOAuth2Granter addAuthorizationCodeSupport(AuthorizationCodeGranter authorizationCodeService) {
+        return addGranter(GrantType.authorization_code, AuthorizationCodeTokenRequest.class, authorizationCodeService::requestToken);
+    }
+
+    public DefaultOAuth2Granter addRefreshTokenSupport(RefreshTokenGranter refreshTokenGranter) {
+        return addGranter(GrantType.refresh_token, RefreshTokenRequest.class, refreshTokenGranter::refreshToken);
+    }
+
+    public DefaultOAuth2Granter addClientCredentialSupport(ClientCredentialGranter clientCredentialGranter) {
+        return addGranter(GrantType.client_credentials, ClientCredentialRequest.class, clientCredentialGranter::requestToken);
+    }
+
+    public DefaultOAuth2Granter addPasswordSupport(PasswordGranter passwordGranter) {
+        return addGranter(GrantType.password, PasswordRequest.class, passwordGranter::requestToken);
+    }
+
+    public DefaultOAuth2Granter addImplicitSupport(ImplicitGranter implicitGranter) {
+        return addGranter(GrantType.implicit, ImplicitRequest.class, implicitGranter::requestToken);
+    }
+
+    private <R extends TokenRequest> DefaultOAuth2Granter addGranter(String grantType, Class<R> tokenRequestType, Function<R, OAuth2AccessToken> granterService) {
+        supportGranter.put(grantType, Granter.build(tokenRequestType, granterService));
+        return this;
+    }
+
+    @Override
+    public OAuth2AccessToken grant(String grantType, TokenRequest request) {
+        assertParameterNotBlank(grantType, ILLEGAL_GRANT_TYPE);
+        Granter granter = supportGranter.get(grantType);
+        if (granter == null) {
+            throw new GrantTokenException(UNSUPPORTED_GRANT_TYPE);
+        }
+        return granter.grant(request);
+    }
+
+    private void assertParameterNotBlank(String parameter, ErrorType type) {
+        if (null == parameter || parameter.isEmpty()) {
+            throw new GrantTokenException(type);
+        }
+    }
+
+    static class Granter<R extends TokenRequest> {
+        Class<R> tokenRequestType;
+
+        Function<R, OAuth2AccessToken> granterService;
+
+        OAuth2AccessToken grant(TokenRequest request) {
+            if (!tokenRequestType.isInstance(request)) {
+                throw new UnsupportedOperationException("AuthorizationRequest must instanceof  " + tokenRequestType);
+            }
+            return granterService.apply(tokenRequestType.cast(request));
+        }
+
+        static <R extends TokenRequest> Granter<R> build(Class<R> tokenRequestType, Function<R, OAuth2AccessToken> granterService) {
+            Granter<R> granter = new Granter<>();
+            granter.tokenRequestType = tokenRequestType;
+            granter.granterService = granterService;
+            return granter;
+        }
+
+    }
+
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/HttpTokenRequest.java

@@ -0,0 +1,122 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support;
+
+import org.hswebframework.web.WebUtil;
+import org.hswebframework.web.authorization.oauth2.server.TokenRequest;
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.OAuth2Constants;
+import org.hswebframwork.utils.StringUtils;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class HttpTokenRequest implements TokenRequest {
+
+    protected Map<String, String> parameters;
+    protected Map<String, String> headers;
+    protected Set<String>         scope;
+
+    protected ClientCredentials clientCredentials;
+
+    public HttpTokenRequest(HttpServletRequest request) {
+        this.parameters = WebUtil.getParameters(request);
+        this.headers = WebUtil.getHeaders(request);
+        String clientId = parameters.get(OAuth2Constants.client_id);
+        String clientSecret = parameters.get(OAuth2Constants.client_secret);
+        String authorization = headers.get(OAuth2Constants.authorization);
+        clientCredentials = getClientCredentials(clientId, clientSecret, authorization);
+
+        this.scope = getParameter(OAuth2Constants.scope)
+                .filter(Objects::nonNull)
+                .map(scope -> new HashSet<>(Arrays.asList(scope.split("[, \n]"))))
+                .orElseGet(HashSet::new);
+    }
+
+    @Override
+    public Map<String, String> getParameters() {
+        return parameters;
+    }
+
+    protected class ClientCredentials {
+        private String principal;
+        private String credentials;
+
+        public ClientCredentials(String principal, String credentials) {
+            this.principal = principal;
+            this.credentials = credentials;
+        }
+
+        public String getPrincipal() {
+            return principal;
+        }
+
+        public String getCredentials() {
+            return credentials;
+        }
+    }
+
+    protected ClientCredentials getClientCredentials(String principal, String credentials, String authorization) {
+        if ((principal == null || credentials == null) && authorization == null) {
+            return null;
+        }
+        if (authorization != null && !authorization.isEmpty()) {
+            String[] decodeCredentials = decodeClientAuthenticationHeader(authorization);
+            if (decodeCredentials.length > 1) {
+                principal = decodeCredentials[0];
+                credentials = decodeCredentials[1];
+            } else {
+                credentials = decodeCredentials[0];
+            }
+        }
+        return new ClientCredentials(principal, credentials);
+    }
+
+
+    protected String[] decodeClientAuthenticationHeader(String authenticationHeader) {
+        if (StringUtils.isNullOrEmpty(authenticationHeader)) {
+            return null;
+        } else {
+            String[] tokens = authenticationHeader.split(" ");
+            if (tokens.length != 2) {
+                return null;
+            } else {
+                String authType = tokens[0];
+                if (!"basic".equalsIgnoreCase(authType)) {
+                    return ErrorType.OTHER.throwThis(GrantTokenException::new, "authentication " + authType + " not support!");
+                } else {
+                    String encodedCreds = tokens[1];
+                    return decodeBase64EncodedCredentials(encodedCreds);
+                }
+            }
+        }
+    }
+
+    protected String[] decodeBase64EncodedCredentials(String encodedCredentials) {
+        String decodedCredentials = new String(Base64.getDecoder().decode(encodedCredentials));
+        String[] credentials = decodedCredentials.split(":", 2);
+        return credentials.length != 2 ? null : (!StringUtils.isNullOrEmpty(credentials[0]) && !StringUtils.isNullOrEmpty(credentials[1]) ? credentials : null);
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/OAuth2Granter.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support;
+
+import org.hswebframework.web.authorization.oauth2.server.TokenRequest;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface OAuth2Granter {
+    OAuth2AccessToken grant(String grantType, TokenRequest request);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/client/ClientCredentialGranter.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.client;
+
+import org.hswebframework.web.authorization.oauth2.server.AuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface ClientCredentialGranter extends AuthorizationService {
+    OAuth2AccessToken requestToken(ClientCredentialRequest request);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/client/ClientCredentialRequest.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.client;
+
+import org.hswebframework.web.authorization.oauth2.server.TokenRequest;
+
+/**
+ *
+ * @author zhouhao
+ */
+public interface ClientCredentialRequest extends TokenRequest {
+    String getClientId();
+
+    String getClientSecret();
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/client/DefaultClientCredentialGranter.java

@@ -0,0 +1,57 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.client;
+
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2Client;
+import org.hswebframework.web.authorization.oauth2.server.support.AbstractAuthorizationService;
+import org.hswebframework.web.oauth2.core.GrantType;
+
+import static org.hswebframework.web.oauth2.core.ErrorType.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class DefaultClientCredentialGranter extends AbstractAuthorizationService implements ClientCredentialGranter {
+
+    @Override
+    public OAuth2AccessToken requestToken(ClientCredentialRequest request) {
+        String clientId = request.getClientId();
+        String clientSecret = request.getClientSecret();
+
+        assertParameterNotBlank(clientId, ILLEGAL_CLIENT_ID);
+        assertParameterNotBlank(clientSecret, ILLEGAL_CLIENT_SECRET);
+
+        OAuth2Client client = getClient(clientId, clientSecret);
+        assertGrantTypeSupport(client, GrantType.client_credentials);
+
+        OAuth2AccessToken accessToken = accessTokenService.createToken();
+        // 设置自定义的属性,其他属性在create的时候已经被设置
+        accessToken.setOwnerId(client.getOwnerId());
+        accessToken.setExpiresIn(3600);
+        accessToken.setScope(client.getDefaultGrantScope());
+        accessToken.setClientId(client.getId());
+        accessToken.setGrantType(GrantType.client_credentials);
+
+        //保存token
+        return accessTokenService.saveOrUpdateToken(accessToken);
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/client/HttpClientCredentialRequest.java

@@ -0,0 +1,50 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.client;
+
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.HttpTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.OAuth2Constants;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * @author zhouhao
+ */
+public class HttpClientCredentialRequest extends HttpTokenRequest implements ClientCredentialRequest {
+    public HttpClientCredentialRequest(HttpServletRequest request) {
+        super(request);
+        if (clientCredentials == null) {
+            ErrorType.OTHER.throwThis(GrantTokenException::new, "missing parameter:" + OAuth2Constants.client_id + "," + OAuth2Constants.client_secret + "," + OAuth2Constants.authorization);
+
+            //throw new GrantTokenException(ErrorType.OTHER, "missing parameter:" + OAuth2Constants.client_id + "," + OAuth2Constants.client_secret + "," + OAuth2Constants.authorization);
+        }
+    }
+
+    @Override
+    public String getClientId() {
+        return clientCredentials.getPrincipal();
+    }
+
+    @Override
+    public String getClientSecret() {
+        return clientCredentials.getCredentials();
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/code/AuthorizationCode.java

@@ -0,0 +1,51 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.code;
+
+import java.util.Set;
+
+/**
+ *
+ * @author zhouhao
+ */
+public interface AuthorizationCode {
+    String getClientId();
+
+    void setClientId(String clientId);
+
+    String getUserId();
+
+    void setUserId(String userId);
+
+    String getCode();
+
+    void setCode(String code);
+
+    Long getCreateTime();
+
+    void setCreateTime(Long createTime);
+
+    Set<String> getScope();
+
+    void setScope(Set<String> scope);
+
+    String getRedirectUri();
+
+    void setRedirectUri(String redirectUri);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/code/AuthorizationCodeGranter.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.code;
+
+import org.hswebframework.web.authorization.oauth2.server.AuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface AuthorizationCodeGranter extends AuthorizationService {
+    OAuth2AccessToken requestToken(AuthorizationCodeTokenRequest request);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/code/AuthorizationCodeRequest.java

@@ -0,0 +1,36 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.code;
+
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface AuthorizationCodeRequest {
+    String getClientId();
+
+    String getUserId();
+
+    Set<String> getScope();
+
+    String getRedirectUri();
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/code/AuthorizationCodeService.java

@@ -0,0 +1,29 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.code;
+
+/**
+ *
+ * @author zhouhao
+ */
+public interface AuthorizationCodeService {
+    String createAuthorizationCode(AuthorizationCodeRequest request);
+
+    AuthorizationCode consumeAuthorizationCode(String code);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/code/AuthorizationCodeTokenRequest.java

@@ -0,0 +1,40 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.code;
+
+import org.hswebframework.web.authorization.oauth2.server.TokenRequest;
+
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface AuthorizationCodeTokenRequest extends TokenRequest {
+    String getCode();
+
+    String getClientId();
+
+    String getClientSecret();
+
+    Set<String> getScope();
+
+    String getRedirectUri();
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/code/DefaultAuthorizationCodeGranter.java

@@ -0,0 +1,86 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.code;
+
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2Client;
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.AbstractAuthorizationService;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.GrantType;
+
+import static org.hswebframework.web.oauth2.core.ErrorType.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class DefaultAuthorizationCodeGranter extends AbstractAuthorizationService implements AuthorizationCodeGranter {
+
+    //默认有效时间为10分钟
+    private long codeTimeOut = 10 * 60 * 1000;
+
+    private AuthorizationCodeService authorizationCodeService;
+
+    public DefaultAuthorizationCodeGranter(AuthorizationCodeService authorizationCodeService) {
+        this.authorizationCodeService = authorizationCodeService;
+    }
+
+    public void setCodeTimeOut(long codeTimeOut) {
+        this.codeTimeOut = codeTimeOut;
+    }
+
+    @Override
+    public OAuth2AccessToken requestToken(AuthorizationCodeTokenRequest request) {
+        String clientId = request.getClientId();
+        String clientSecret = request.getClientSecret();
+        String code = request.getCode();
+        String redirectUri = request.getRedirectUri();
+
+        assertParameterNotBlank(clientId, ILLEGAL_CLIENT_ID);
+        assertParameterNotBlank(clientSecret, ILLEGAL_CLIENT_SECRET);
+        assertParameterNotBlank(code, ILLEGAL_CODE);
+        assertParameterNotBlank(redirectUri, ILLEGAL_REDIRECT_URI);
+
+        OAuth2Client client = getClient(clientId, clientSecret);
+        assertGrantTypeSupport(client, GrantType.authorization_code);
+
+        AuthorizationCode authorizationCode = authorizationCodeService.consumeAuthorizationCode(code);
+        if (authorizationCode == null) {
+            throw new GrantTokenException(ErrorType.ILLEGAL_CODE);
+        }
+        if (System.currentTimeMillis() - authorizationCode.getCreateTime() > codeTimeOut) {
+            throw new GrantTokenException(ErrorType.EXPIRED_CODE);
+        }
+        // TODO: 17-5-3  验证redirect_uri
+        //验证redirect_uri
+        if (!redirectUri.equals(authorizationCode.getRedirectUri())) {
+            //   throw new GrantTokenException(ILLEGAL_REDIRECT_URI);
+        }
+
+        OAuth2AccessToken accessToken = accessTokenService.createToken();
+        accessToken.setGrantType(GrantType.authorization_code);
+        accessToken.setScope(authorizationCode.getScope());
+        accessToken.setOwnerId(authorizationCode.getUserId());
+        accessToken.setExpiresIn(3600);
+        accessToken.setClientId(clientId);
+        return accessTokenService.saveOrUpdateToken(accessToken);
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/code/HttpAuthorizationCodeRequest.java

@@ -0,0 +1,63 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.code;
+
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.HttpTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.OAuth2Constants;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class HttpAuthorizationCodeRequest extends HttpTokenRequest implements AuthorizationCodeRequest {
+    private String userId;
+
+    public HttpAuthorizationCodeRequest(String userId, HttpServletRequest request) {
+        super(request);
+        this.userId = userId;
+    }
+
+    @Override
+    public String getClientId() {
+        return getParameter(OAuth2Constants.client_id)
+                .orElseThrow(() -> new GrantTokenException(ErrorType.ILLEGAL_CLIENT_ID));
+    }
+
+    @Override
+    public String getUserId() {
+        return userId;
+    }
+
+    @Override
+    public Set<String> getScope() {
+        return scope;
+    }
+
+    @Override
+    public String getRedirectUri() {
+        return getParameter(OAuth2Constants.redirect_uri).orElse(null);
+    }
+
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/code/HttpAuthorizationCodeTokenRequest.java

@@ -0,0 +1,67 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.code;
+
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.HttpTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.OAuth2Constants;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class HttpAuthorizationCodeTokenRequest extends HttpTokenRequest implements AuthorizationCodeTokenRequest {
+
+    public HttpAuthorizationCodeTokenRequest(HttpServletRequest request) {
+        super(request);
+        if (clientCredentials == null) {
+            ErrorType.OTHER.throwThis(GrantTokenException::new, "missing parameter:" + OAuth2Constants.client_id + "," + OAuth2Constants.client_secret + "," + OAuth2Constants.authorization);
+        }
+    }
+
+    @Override
+    public String getCode() {
+        return getParameter(OAuth2Constants.code).orElse(null);
+    }
+
+    @Override
+    public String getClientId() {
+        return clientCredentials.getPrincipal();
+    }
+
+    @Override
+    public String getClientSecret() {
+        return clientCredentials.getCredentials();
+    }
+
+    @Override
+    public Set<String> getScope() {
+        return scope;
+    }
+
+    @Override
+    public String getRedirectUri() {
+        return getParameter(OAuth2Constants.redirect_uri).orElse(null);
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/implicit/DefaultImplicitGranter.java

@@ -0,0 +1,69 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.implicit;
+
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2Client;
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.AbstractAuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCode;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeService;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.GrantType;
+
+import java.util.Set;
+
+import static org.hswebframework.web.oauth2.core.ErrorType.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class DefaultImplicitGranter extends AbstractAuthorizationService implements ImplicitGranter {
+
+    @Override
+    public OAuth2AccessToken requestToken(ImplicitRequest request) {
+        String clientId = request.getClientId();
+        Set<String> scope = request.getScope();
+
+        assertParameterNotBlank(clientId, ILLEGAL_CLIENT_ID);
+
+        OAuth2Client client = getClient(clientId);
+        assertGrantTypeSupport(client, GrantType.implicit);
+        if (scope == null || scope.isEmpty())
+            scope = client.getDefaultGrantScope();
+        if (!client.getDefaultGrantScope().containsAll(scope)) {
+            throw new GrantTokenException(SCOPE_OUT_OF_RANGE);
+        }
+        if (!client.getRedirectUri().equals(request.getRedirectUri())) {
+            throw new GrantTokenException(ILLEGAL_REDIRECT_URI);
+        }
+
+        OAuth2AccessToken accessToken = accessTokenService.createToken();
+        accessToken.setGrantType(GrantType.implicit);
+        accessToken.setScope(scope);
+        accessToken.setOwnerId(client.getOwnerId());
+        accessToken.setExpiresIn(3600);
+        accessToken.setClientId(clientId);
+        return accessTokenService.saveOrUpdateToken(accessToken);
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/implicit/HttpImplicitRequest.java

@@ -0,0 +1,55 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.implicit;
+
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.HttpTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.OAuth2Constants;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class HttpImplicitRequest extends HttpTokenRequest implements ImplicitRequest {
+
+    public HttpImplicitRequest(HttpServletRequest request) {
+        super(request);
+    }
+
+    @Override
+    public String getClientId() {
+        return getParameter(OAuth2Constants.client_id)
+                .orElseThrow(ErrorType.ILLEGAL_CLIENT_ID.throwThis(GrantTokenException::new));
+    }
+
+    @Override
+    public Set<String> getScope() {
+        return scope;
+    }
+
+    @Override
+    public String getRedirectUri() {
+        return getParameter(OAuth2Constants.redirect_uri).orElse(null);
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/implicit/ImplicitGranter.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.implicit;
+
+import org.hswebframework.web.authorization.oauth2.server.AuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface ImplicitGranter extends AuthorizationService {
+    OAuth2AccessToken requestToken(ImplicitRequest request);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/implicit/ImplicitRequest.java

@@ -0,0 +1,36 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.implicit;
+
+import org.hswebframework.web.authorization.oauth2.server.TokenRequest;
+
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface ImplicitRequest extends TokenRequest {
+    String getClientId();
+
+    Set<String> getScope();
+
+    String getRedirectUri();
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/password/DefaultPasswordGranter.java

@@ -0,0 +1,74 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.password;
+
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2Client;
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.AbstractAuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.support.implicit.ImplicitGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.implicit.ImplicitRequest;
+import org.hswebframework.web.oauth2.core.GrantType;
+
+import java.util.Set;
+
+import static org.hswebframework.web.oauth2.core.ErrorType.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class DefaultPasswordGranter extends AbstractAuthorizationService implements PasswordGranter {
+    private PasswordService passwordService;
+
+    public DefaultPasswordGranter(PasswordService passwordService) {
+        this.passwordService = passwordService;
+    }
+
+    @Override
+    public OAuth2AccessToken requestToken(PasswordRequest request) {
+        String username = request.getUsername();
+        String password = request.getPassword();
+        Set<String> scope = request.getScope();
+
+        assertParameterNotBlank(username, ILLEGAL_USERNAME);
+        assertParameterNotBlank(password, ILLEGAL_PASSWORD);
+
+        String userId = passwordService.getUserIdByUsernameAndPassword(username, password);
+
+        assertParameterNotBlank(userId, USER_NOT_EXIST);
+
+        OAuth2Client client = getClientByOwnerId(userId);
+        assertGrantTypeSupport(client, GrantType.implicit);
+        if (scope == null || scope.isEmpty())
+            scope = client.getDefaultGrantScope();
+        if (!client.getDefaultGrantScope().containsAll(scope)) {
+            throw new GrantTokenException(SCOPE_OUT_OF_RANGE);
+        }
+
+        OAuth2AccessToken accessToken = accessTokenService.createToken();
+        accessToken.setGrantType(GrantType.password);
+        accessToken.setScope(scope);
+        accessToken.setOwnerId(userId);
+        accessToken.setExpiresIn(3600);
+        accessToken.setClientId(client.getId());
+        return accessTokenService.saveOrUpdateToken(accessToken);
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/password/HttpPasswordRequest.java

@@ -0,0 +1,58 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.password;
+
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.HttpTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.OAuth2Constants;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Set;
+
+/**
+ * @author zhouhao
+ */
+public class HttpPasswordRequest extends HttpTokenRequest implements PasswordRequest {
+    public HttpPasswordRequest(HttpServletRequest request) {
+        super(request);
+        clientCredentials = getClientCredentials(
+                parameters.get(OAuth2Constants.username),
+                parameters.get(OAuth2Constants.password),
+                headers.get(OAuth2Constants.authorization));
+        if (clientCredentials == null) {
+            ErrorType.OTHER.throwThis(GrantTokenException::new, "missing parameter:" + OAuth2Constants.username + "," + OAuth2Constants.password + "," + OAuth2Constants.authorization);
+        }
+    }
+
+    @Override
+    public String getUsername() {
+        return clientCredentials.getPrincipal();
+    }
+
+    @Override
+    public String getPassword() {
+        return clientCredentials.getCredentials();
+    }
+
+    @Override
+    public Set<String> getScope() {
+        return scope;
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/password/PasswordGranter.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.password;
+
+import org.hswebframework.web.authorization.oauth2.server.AuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface PasswordGranter extends AuthorizationService {
+    OAuth2AccessToken requestToken(PasswordRequest request);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/password/PasswordRequest.java

@@ -0,0 +1,34 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.password;
+
+import org.hswebframework.web.authorization.oauth2.server.TokenRequest;
+
+import java.util.Set;
+
+/**
+ * @author zhouhao
+ */
+public interface PasswordRequest extends TokenRequest {
+    String getUsername();
+
+    String getPassword();
+
+    Set<String> getScope();
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/password/PasswordService.java

@@ -0,0 +1,28 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.password;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface PasswordService {
+    String getUserIdByUsernameAndPassword(String username, String password);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/refresh/DefaultRefreshTokenGranter.java

@@ -0,0 +1,78 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.refresh;
+
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2Client;
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.AbstractAuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCode;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeService;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.GrantType;
+
+import java.util.Set;
+
+import static org.hswebframework.web.oauth2.core.ErrorType.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class DefaultRefreshTokenGranter extends AbstractAuthorizationService implements RefreshTokenGranter {
+
+    //默认有效时间为1年
+    private long refreshTokenTimeOut = 1 * 365 * 24 * 60 * 60 * 1000;
+
+    public void setRefreshTokenTimeOut(long refreshTokenTimeOut) {
+        this.refreshTokenTimeOut = refreshTokenTimeOut;
+    }
+
+    @Override
+    public OAuth2AccessToken refreshToken(RefreshTokenRequest request) {
+        String clientId = request.getClientId();
+        String clientSecret = request.getClientSecret();
+        String refreshToken = request.getRefreshToken();
+        assertParameterNotBlank(clientId, ILLEGAL_CLIENT_ID);
+        assertParameterNotBlank(clientSecret, ILLEGAL_CLIENT_SECRET);
+        assertParameterNotBlank(refreshToken, ILLEGAL_REFRESH_TOKEN);
+
+        OAuth2Client client = getClient(clientId, clientSecret);
+        assertGrantTypeSupport(client, GrantType.refresh_token);
+
+        OAuth2AccessToken accessToken = accessTokenService.getTokenByRefreshToken(refreshToken);
+        if (accessToken == null) {
+            throw new GrantTokenException(ILLEGAL_REFRESH_TOKEN);
+        }
+        if (System.currentTimeMillis() - accessToken.getCreateTime() > refreshTokenTimeOut) {
+            throw new GrantTokenException(EXPIRED_REFRESH_TOKEN);
+        }
+        Set<String> newRange = request.getScope() != null ? request.getScope() : accessToken.getScope();
+        if (!accessToken.getScope().containsAll(newRange)) {
+            throw new GrantTokenException(ErrorType.SCOPE_OUT_OF_RANGE);
+        }
+        accessToken.setAccessToken(accessTokenService.createToken().getAccessToken());
+        accessToken.setScope(newRange);
+        accessToken.setUpdateTime(System.currentTimeMillis());
+        return accessTokenService.saveOrUpdateToken(accessToken);
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/refresh/HttpRefreshTokenRequest.java

@@ -0,0 +1,66 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.refresh;
+
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.HttpTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.OAuth2Constants;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class HttpRefreshTokenRequest extends HttpTokenRequest implements RefreshTokenRequest {
+
+    public HttpRefreshTokenRequest(HttpServletRequest request) {
+        super(request);
+        if (clientCredentials == null) {
+            ErrorType.OTHER.throwThis(GrantTokenException::new,
+                    "missing parameter:"
+                            + OAuth2Constants.client_id + ","
+                            + OAuth2Constants.client_secret + ","
+                            + OAuth2Constants.authorization);
+        }
+    }
+
+    @Override
+    public String getClientId() {
+        return clientCredentials.getPrincipal();
+    }
+
+    @Override
+    public String getClientSecret() {
+        return clientCredentials.getCredentials();
+    }
+
+    @Override
+    public String getRefreshToken() {
+        return getParameter(OAuth2Constants.refresh_token).orElse(null);
+    }
+
+    @Override
+    public Set<String> getScope() {
+        return scope;
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/refresh/RefreshTokenGranter.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.refresh;
+
+import org.hswebframework.web.authorization.oauth2.server.AuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface RefreshTokenGranter extends AuthorizationService {
+    OAuth2AccessToken refreshToken(RefreshTokenRequest request);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/refresh/RefreshTokenRequest.java

@@ -0,0 +1,38 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.refresh;
+
+import org.hswebframework.web.authorization.oauth2.server.TokenRequest;
+
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface RefreshTokenRequest extends TokenRequest {
+    String getClientId();
+
+    String getClientSecret();
+
+    String getRefreshToken();
+
+    Set<String> getScope();
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/token/AccessTokenService.java

@@ -0,0 +1,36 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.token;
+
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface AccessTokenService {
+    OAuth2AccessToken createToken();
+
+    OAuth2AccessToken getTokenByRefreshToken(String refreshToken);
+
+    OAuth2AccessToken getTokenByAccessToken(String accessToken);
+
+    OAuth2AccessToken saveOrUpdateToken(OAuth2AccessToken token);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/README.md

@@ -0,0 +1,59 @@
+# OAuth2客户端API
+本模块只提供接口,未提供实现,使用时请自行引入相关实现模块
+
+## 处理OAuth2授权码方式的回调
+方式一、创建一个类并实现 `OAuth2Listener` 使用`OAuth2CodeAuthBeforeEvent`作为泛型,例如
+```java
+ public class MyOAuth2Listener
+         implements OAuth2Listener<OAuth2CodeAuthBeforeEvent> {
+     @Override
+     public void on(OAuth2CodeAuthBeforeEvent event) {
+          String authCode= event.getCode();
+     }
+ }
+```
+
+注册到对应的oauth2服务配置,例如:
+```java
+@Autowired
+OAuth2RequestService requestService;
+public void demo(){
+      requestService.registerListener("oauth2_server",new MyOAuth2Listener());
+}
+```
+
+方式二、使用`AutoRegisterOAuth2Listener`
+```java
+ @Component
+ public class MyOAuth2Listener
+         implements AutoRegisterOAuth2Listener<OAuth2CodeAuthBeforeEvent> {
+    @Override
+    public String getServerId(){
+        return "oauth2_server";
+    }
+    @Override
+    public void on(OAuth2CodeAuthBeforeEvent event) {
+        String authCode= event.getCode();
+    }
+ }
+```
+
+## 发起OAuth2请求
+```java
+@Autowired
+OAuth2RequestService requestService;
+
+public void demo(){
+   //第一步
+   OAuth2Session session = requestService
+                .create(oatuh2ServerId)
+                .byAuthorizationCode(authorizationCode); //使用授权码方式,将自动获取access_token信息并存入会话
+  
+    //第二步
+    String oauth2ApiUri = "oauth2/user-auth-info";
+    Authentication authentication = session
+                   .request(oauth2ApiUri)       // 创建api请求,将自动使用第一步获得的token
+                   .get().ifSuccess()           // http GET请求
+                   .as(Authentication.class);   // 响应结果转为Class
+}
+```

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/pom.xml

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~  Copyright 2016 http://www.hswebframework.org
+  ~
+  ~  Licensed under the Apache License, Version 2.0 (the "License");
+  ~  you may not use this file except in compliance with the License.
+  ~  You may obtain a copy of the License at
+  ~
+  ~        http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~  Unless required by applicable law or agreed to in writing, software
+  ~  distributed under the License is distributed on an "AS IS" BASIS,
+  ~  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~  See the License for the specific language governing permissions and
+  ~  limitations under the License.
+  ~
+  ~
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>hsweb-authorization-oauth2</artifactId>
+        <groupId>org.hswebframework.web</groupId>
+        <version>3.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>hsweb-authorization-oauth2-client</artifactId>
+
+
+    <dependencies>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-authorization-api</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-authorization-oauth2-core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+</project>

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/AccessTokenInfo.java

@@ -0,0 +1,124 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *  
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *  
+ *
+ */
+package org.hswebframework.web.authorization.oauth2.client;
+
+/**
+ * 默认的服务实现
+ *
+ * @author zhouhao
+ */
+public class AccessTokenInfo {
+    //授权码
+    private String  accessToken;
+    //更新码
+    private String  refreshToken;
+    //有效期
+    private Integer expiresIn;
+    //授权范围
+    private String  scope;
+
+    private Long createTime;
+
+    private Long updateTime;
+
+    private String tokenType;
+
+    public boolean isExpire() {
+        return updateTime != null && System.currentTimeMillis() - updateTime > expiresIn * 1000;
+    }
+
+    public String getTokenType() {
+        return tokenType;
+    }
+
+    public void setTokenType(String tokenType) {
+        this.tokenType = tokenType;
+    }
+
+    /**
+     * @return 授权码
+     */
+    public String getAccessToken() {
+        return this.accessToken;
+    }
+
+    /**
+     * 设置 授权码
+     */
+    public void setAccessToken(String accessToken) {
+        this.accessToken = accessToken;
+    }
+
+    /**
+     * @return 更新码
+     */
+    public String getRefreshToken() {
+        return this.refreshToken;
+    }
+
+    /**
+     * 设置 更新码
+     */
+    public void setRefreshToken(String refreshToken) {
+        this.refreshToken = refreshToken;
+    }
+
+    /**
+     * @return 有效期
+     */
+    public Integer getExpiresIn() {
+        return this.expiresIn;
+    }
+
+    /**
+     * 设置 有效期
+     */
+    public void setExpiresIn(Integer expiresIn) {
+        this.expiresIn = expiresIn;
+    }
+
+    /**
+     * @return 授权范围
+     */
+    public String getScope() {
+        return this.scope;
+    }
+
+    /**
+     * 设置 授权范围
+     */
+    public void setScope(String scope) {
+        this.scope = scope;
+    }
+
+    public Long getCreateTime() {
+        return createTime;
+    }
+
+    public void setCreateTime(Long createTime) {
+        this.createTime = createTime;
+    }
+
+    public Long getUpdateTime() {
+        return updateTime;
+    }
+
+    public void setUpdateTime(Long updateTime) {
+        this.updateTime = updateTime;
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/GrantType.java

@@ -0,0 +1,30 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.client;
+
+/**
+ * @author zhouhao
+ */
+public interface GrantType {
+    String authorization_code = "authorization_code";
+    String implicit           = "implicit";
+    String password           = "password";
+    String client_credentials = "client_credentials";
+    String refresh_token      = "refresh_token";
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/OAuth2Constants.java

@@ -0,0 +1,36 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.client;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface OAuth2Constants {
+    String access_token  = "access_token";
+    String grant_type    = "grant_type";
+    String scope         = "scope";
+    String client_id     = "client_id";
+    String client_secret = "client_secret";
+    String authorization = "Authorization";
+    String redirect_uri  = "redirect_uri";
+    String response_type = "response_type";
+    String state         = "state";
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/OAuth2RequestBuilder.java

@@ -0,0 +1,30 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.client;
+
+import org.hswebframework.web.authorization.oauth2.client.request.OAuth2Request;
+
+/**
+ * @author zhouhao
+ */
+public interface OAuth2RequestBuilder {
+    OAuth2RequestBuilder url(String url);
+
+    OAuth2Request build();
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/OAuth2RequestBuilderFactory.java

@@ -0,0 +1,27 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.client;
+
+/**
+ *
+ * @author zhouhao
+ */
+public interface OAuth2RequestBuilderFactory {
+    OAuth2RequestBuilder create(String serverId,String provider);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/OAuth2RequestService.java

@@ -0,0 +1,64 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.client;
+
+import org.hswebframework.web.authorization.oauth2.client.listener.OAuth2Event;
+import org.hswebframework.web.authorization.oauth2.client.listener.OAuth2Listener;
+
+/**
+ * OAuth2请求服务接口,用于创建OAuth2请求,注册监听器等操作
+ *
+ * @author zhouhao
+ * @@since 3.0
+ */
+public interface OAuth2RequestService {
+
+    /**
+     * 创建一个OAuth2服务的会话创建器
+     *
+     * @param serverId 服务ID,serverId是由接口的实现模块自行定义的
+     * @return OAuth2会话创建器
+     * @see OAuth2SessionBuilder
+     */
+    OAuth2SessionBuilder create(String serverId);
+
+    /**
+     * 注册一个监听器到指定的OAuth2服务
+     *
+     * @param serverId 服务ID
+     * @param listener 监听器
+     */
+    void registerListener(String serverId, OAuth2Listener<? extends OAuth2Event> listener);
+
+    /**
+     * 触发一个监听事件
+     *
+     * @param serverId 服务ID
+     * @param event    事件实例
+     */
+    void doEvent(String serverId, OAuth2Event event);
+
+    /**
+     * 触发一个指定类型的事件
+     * @param serverId
+     * @param event
+     * @param eventType
+     */
+    void doEvent(String serverId, OAuth2Event event, Class<? extends OAuth2Event> eventType);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/OAuth2SessionBuilder.java

@@ -0,0 +1,65 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.client;
+
+import org.hswebframework.web.authorization.oauth2.client.request.OAuth2Session;
+
+/**
+ * OAuth2会话创建器,根据各种方式创建 OAuth2会话
+ *
+ * @author zhouhao
+ * @see OAuth2Session
+ * @since 3.0
+ */
+public interface OAuth2SessionBuilder {
+
+    /**
+     * 根据授权码方式创建会话
+     *
+     * @param code 授权码
+     * @return 会话
+     * @see "grant_type=authorization_code"
+     */
+    OAuth2Session byAuthorizationCode(String code);
+
+    /**
+     * 根据密钥方式创建会话
+     *
+     * @return 会话
+     * @see "grant_type=client_credentials"
+     */
+    OAuth2Session byClientCredentials();
+
+    /**
+     * 根据密码方式创建会话
+     *
+     * @return 会话
+     * @see "grant_type=password"
+     */
+    OAuth2Session byPassword(String username, String password);
+
+    /**
+     * 直接指定accessToken创建会话
+     *
+     * @param accessToken
+     * @return 会话
+     */
+    OAuth2Session byAccessToken(String accessToken);
+
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/exception/OAuth2RequestException.java

@@ -0,0 +1,45 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.client.exception;
+
+import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
+import org.hswebframework.web.oauth2.core.ErrorType;
+
+/**
+ * @author zhouhao
+ */
+public class OAuth2RequestException extends RuntimeException {
+    ErrorType errorType;
+
+    OAuth2Response response;
+
+    public OAuth2RequestException(ErrorType errorType, OAuth2Response response) {
+        super(errorType.name());
+        this.errorType = errorType;
+        this.response = response;
+    }
+
+    public ErrorType getErrorType() {
+        return errorType;
+    }
+
+    public OAuth2Response getResponse() {
+        return response;
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/listener/AutoRegisterOAuth2Listener.java

@@ -0,0 +1,27 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.client.listener;
+
+/**
+ *
+ * @author zhouhao
+ */
+public interface AutoRegisterOAuth2Listener<T extends OAuth2Event> extends OAuth2Listener<T> {
+    String getServerId();
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/listener/OAuth2CodeAuthBeforeEvent.java

@@ -0,0 +1,51 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.client.listener;
+
+
+import java.util.Optional;
+import java.util.function.Function;
+
+/**
+ * @author zhouhao
+ */
+public class OAuth2CodeAuthBeforeEvent implements OAuth2Event {
+    private String                   code;
+    private String                   state;
+    private Function<String, String> parameterGetter;
+
+    public OAuth2CodeAuthBeforeEvent(String code, String state, Function<String, String> parameterGetter) {
+        this.code = code;
+        this.state = state;
+        this.parameterGetter = parameterGetter;
+    }
+
+    public String getCode() {
+        return code;
+    }
+
+    public String getState() {
+        return state;
+    }
+
+    public Optional<String> getParameter(String name) {
+        return Optional.ofNullable(parameterGetter.apply(name));
+    }
+
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/listener/OAuth2Event.java

@@ -0,0 +1,27 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.client.listener;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface OAuth2Event {
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/listener/OAuth2Listener.java

@@ -0,0 +1,28 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.client.listener;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface OAuth2Listener<T extends OAuth2Event> {
+    void on(T event);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/request/OAuth2Request.java

@@ -0,0 +1,131 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.client.request;
+
+import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
+
+import java.util.function.Consumer;
+
+/**
+ * OAuth2请求接口,用于发起OAuth2请求
+ *
+ * @author zhouhao
+ */
+public interface OAuth2Request {
+
+    OAuth2Request onTokenExpired(TokenExpiredCallBack callback);
+
+    /**
+     * 设置请求参数,相当于/url?name=value
+     *
+     * @param name  参数名称
+     * @param value 参数值
+     * @return request自身
+     */
+    OAuth2Request param(String name, Object value);
+
+    /**
+     * 设置请求体,将内容根据contentType(默认application/json)序列化为对应的请求数据
+     *
+     * @param value 请求内容
+     * @return request自身
+     */
+    OAuth2Request requestBody(String value);
+
+    /**
+     * 设置请求头
+     *
+     * @param name  名称
+     * @param value 值
+     * @return request自身
+     */
+    OAuth2Request header(String name, String value);
+
+    /**
+     * 设置cookie
+     *
+     * @param cookie 值
+     * @return request自身
+     */
+    OAuth2Request cookie(String cookie);
+
+    /**
+     * 设置请求的contentType
+     *
+     * @param contentType
+     * @return request自身
+     * @see "application/json"
+     */
+    OAuth2Request contentType(String contentType);
+
+    /**
+     * 设置接受响应的格式,相当与请求头:Accept
+     *
+     * @param accept
+     * @return request自身
+     * @see "application/json"
+     */
+    OAuth2Request accept(String accept);
+
+    /**
+     * 设置请求超时时间,超时后回调 timeoutConsumer
+     *
+     * @param millisecond     超时时间（毫秒）,小于0则不设置超时
+     * @param timeoutCallBack 超时后的处理回调
+     * @return request自身
+     * @see Consumer
+     */
+    OAuth2Request timeout(long millisecond, Consumer<OAuth2Request> timeoutCallBack);
+
+    /**
+     * 以GET方式请求,并返回请求结果
+     *
+     * @return 请求结果
+     */
+    OAuth2Response get();
+
+    /**
+     * 以PUT方式请求,并返回请求结果
+     *
+     * @return 请求结果
+     */
+    OAuth2Response put();
+
+    /**
+     * 以POST方式请求,并返回请求结果
+     *
+     * @return 请求结果
+     */
+    OAuth2Response post();
+
+    /**
+     * 以DELETE方式请求,并返回请求结果
+     *
+     * @return 请求结果
+     */
+    OAuth2Response delete();
+
+    /**
+     * 以PATCH方式请求,并返回请求结果
+     *
+     * @return 请求结果
+     */
+    OAuth2Response patch();
+
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/request/OAuth2Session.java

@@ -0,0 +1,73 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.client.request;
+
+import org.hswebframework.web.authorization.annotation.Authorize;
+import org.hswebframework.web.authorization.oauth2.client.AccessTokenInfo;
+
+import java.io.Serializable;
+
+/**
+ * OAuth2会话,此会话保存的是 OAuth2授权成功后得到的access_token等相关信息.
+ * 通过会话发起的OAuth2请求将自动带上access_token信息.
+ *
+ * @author zhouhao
+ * @see OAuth2Request
+ * @since 3.0
+ */
+public interface OAuth2Session extends Serializable {
+    /**
+     * 尝试进行认证
+     *
+     * @return 会话自身
+     */
+    OAuth2Session authorize();
+
+    /**
+     * 发起一个OAuth2请求,参数为接口地址
+     *
+     * @param uriOrUrl 请求地址,可以为URI或者URL
+     * @return 请求接口
+     */
+    OAuth2Request request(String uriOrUrl);
+
+    /**
+     * 设置在请求OAuth2 授权的时候的参数(除了必要之外的参数),client_id,client_secret等信息不需要调用此方法设置
+     *
+     * @param name  参数名称
+     * @param value 参数值
+     * @return 会话自身
+     */
+    OAuth2Session param(String name, Object value);
+
+    OAuth2Session scope(String scope);
+
+    /**
+     * 关闭会话,将清空
+     */
+    void close();
+
+    /**
+     * @return 是否已关闭
+     */
+    boolean isClosed();
+
+    AccessTokenInfo getAccessToken();
+
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/request/ReTry.java

@@ -0,0 +1,29 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.client.request;
+
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface ReTry {
+    void doReTry();
+}