diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java b/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java
index 0b5b2930..a47f0144 100644
--- a/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java
+++ b/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java
@@ -41,7 +41,7 @@ public class AuthorizingRealm extends BaseAuthorizingRealm  {
 	}
 	
 	/**
-	 * 获取登录令牌
+	 * 获取登录凭证，将 authcToken 转换为 FormToken，参考 CAS 实现
 	 */
 	@Override
 	protected FormToken getFormToken(AuthenticationToken authcToken) {
@@ -49,7 +49,9 @@ public class AuthorizingRealm extends BaseAuthorizingRealm  {
 	}
 	
 	/**
-	 * 获取用户信息
+	 * 用于用户根据登录信息获取用户信息<br>
+	 * 1、默认根据登录账号登录信息，如：UserUtils.getByLoginCode(token.getUsername(), token.getParam("corpCode"));<br>
+	 * 2、如果增加其它登录，请重写此方法，如根据手机号或邮箱登录返回用户信息。
 	 */
 	@Override
 	protected User getUserInfo(FormToken token) {
@@ -57,7 +59,7 @@ public class AuthorizingRealm extends BaseAuthorizingRealm  {
 	}
 	
 	/**
-	 * 校验登录凭证
+	 * 校验登录凭证，如密码验证，token验证，验证失败抛出 AuthenticationException 异常
 	 */
 	@Override
 	protected void assertCredentialsMatch(AuthenticationToken authcToken, AuthenticationInfo authcInfo) throws AuthenticationException {
diff --git a/modules/core/src/main/resources/views/themes/default/modules/sys/sysLogin.html b/modules/core/src/main/resources/views/themes/default/modules/sys/sysLogin.html
index e2f225e6..e065503d 100644
--- a/modules/core/src/main/resources/views/themes/default/modules/sys/sysLogin.html
+++ b/modules/core/src/main/resources/views/themes/default/modules/sys/sysLogin.html
@@ -11,6 +11,14 @@
 	<div class="login-box-body">
 		<#form:form id="loginForm" model="${user!}" action="${ctx}/login" method="post">
 			<h4 class="login-box-msg">${isNotBlank(message!)?message:text('欢迎回来')+'！'}</h4>
+			<!-- <ul class="nav nav-tabs mb20">
+				<li class="active"><a href="#tab-1" data-toggle="tab">账号登录</a></li>
+				<li><a href="#tab-2" data-toggle="tab">邮箱登录</a></li>
+			</ul>
+			<div class="tab-content">
+				<div class="tab-pane active" id="tab-1"></div>
+				<div class="tab-pane" id="tab-2"></div>
+			</div> -->
 			<div class="form-group has-feedback">
 				<span class="glyphicon glyphicon-user form-control-feedback" title="${text('登录账号')}"></span>
 				<#form:input type="text" name="username" class="form-control required"
diff --git a/parent/pom.xml b/parent/pom.xml
index 5e602d07..f4071b25 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.2.7.RELEASE</version>
+		<version>2.2.8.RELEASE</version>
 	</parent>
 	
 	<groupId>com.jeesite</groupId>
@@ -45,11 +45,11 @@
 		<groovy.version>3.0.2</groovy.version>
 		
 		<!-- framework version setting -->
-		<mybatis.version>3.5.4</mybatis.version>
-		<mybatis-spring.version>2.0.3</mybatis-spring.version>
+		<mybatis.version>3.5.5</mybatis.version>
+		<mybatis-spring.version>2.0.5</mybatis-spring.version>
 		<jsqlparser.version>3.1</jsqlparser.version>
-		<druid.version>1.1.21</druid.version>
-		<shiro.version>1.5.1</shiro.version>
+		<druid.version>1.1.22</druid.version>
+		<shiro.version>1.5.3</shiro.version>
 		<j2cache.version>2.8.0-release</j2cache.version>
 		<beetl.version>3.1-SNAPSHOT</beetl.version>
 		<swagger.version>1.6.0</swagger.version>