diff --git a/modules/core/db/core.erm b/modules/core/db/core.erm
index 46bd6824..cab79408 100644
--- a/modules/core/db/core.erm
+++ b/modules/core/db/core.erm
@@ -11,8 +11,8 @@
 	</page_setting>
 	<category_index>0</category_index>
 	<zoom>1.0</zoom>
-	<x>3166</x>
-	<y>1170</y>
+	<x>3413</x>
+	<y>1172</y>
 	<default_color>
 		<r>128</r>
 		<g>128</g>
@@ -12959,6 +12959,19 @@
 						</column>
 					</columns>
 				</inidex>
+				<inidex>
+					<full_text>false</full_text>
+					<non_unique>true</non_unique>
+					<name>idx_sys_msg_pushw_imp</name>
+					<type></type>
+					<description></description>
+					<columns>
+						<column>
+							<id>013bfa07b771054f43105d72d01324d96518fc38</id>
+							<desc>false</desc>
+						</column>
+					</columns>
+				</inidex>
 			</indexes>
 			<complex_unique_key_list>
 			</complex_unique_key_list>
@@ -13833,6 +13846,19 @@
 						</column>
 					</columns>
 				</inidex>
+				<inidex>
+					<full_text>false</full_text>
+					<non_unique>true</non_unique>
+					<name>idx_sys_msg_push_imp</name>
+					<type></type>
+					<description></description>
+					<columns>
+						<column>
+							<id>385ac7698fd3d6123c18f7cd819a83e80313f614</id>
+							<desc>false</desc>
+						</column>
+					</columns>
+				</inidex>
 			</indexes>
 			<complex_unique_key_list>
 			</complex_unique_key_list>
diff --git a/modules/core/db/oracle/core.sql b/modules/core/db/oracle/core.sql
index 4d3d8090..45497eb5 100644
--- a/modules/core/db/oracle/core.sql
+++ b/modules/core/db/oracle/core.sql
@@ -75,6 +75,7 @@ DROP INDEX idx_sys_msg_push_ps;
 DROP INDEX idx_sys_msg_push_rs;
 DROP INDEX idx_sys_msg_push_bk;
 DROP INDEX idx_sys_msg_push_bt;
+DROP INDEX idx_sys_msg_push_imp;
 DROP INDEX idx_sys_msg_pushw_type;
 DROP INDEX idx_sys_msg_pushw_rc;
 DROP INDEX idx_sys_msg_pushw_uc;
@@ -84,6 +85,7 @@ DROP INDEX idx_sys_msg_pushw_ps;
 DROP INDEX idx_sys_msg_pushw_rs;
 DROP INDEX idx_sys_msg_pushw_bk;
 DROP INDEX idx_sys_msg_pushw_bt;
+DROP INDEX idx_sys_msg_pushw_imp;
 DROP INDEX idx_sys_msg_tpl_key;
 DROP INDEX idx_sys_msg_tpl_type;
 DROP INDEX idx_sys_msg_tpl_status;
@@ -906,6 +908,7 @@ CREATE INDEX idx_sys_msg_push_ps ON js_sys_msg_push (push_status);
 CREATE INDEX idx_sys_msg_push_rs ON js_sys_msg_push (read_status);
 CREATE INDEX idx_sys_msg_push_bk ON js_sys_msg_push (biz_key);
 CREATE INDEX idx_sys_msg_push_bt ON js_sys_msg_push (biz_type);
+CREATE INDEX idx_sys_msg_push_imp ON js_sys_msg_push (is_merge_push);
 CREATE INDEX idx_sys_msg_pushw_type ON js_sys_msg_push_wait (msg_type);
 CREATE INDEX idx_sys_msg_pushw_rc ON js_sys_msg_push_wait (receive_code);
 CREATE INDEX idx_sys_msg_pushw_uc ON js_sys_msg_push_wait (receive_user_code);
@@ -915,6 +918,7 @@ CREATE INDEX idx_sys_msg_pushw_ps ON js_sys_msg_push_wait (push_status);
 CREATE INDEX idx_sys_msg_pushw_rs ON js_sys_msg_push_wait (read_status);
 CREATE INDEX idx_sys_msg_pushw_bk ON js_sys_msg_push_wait (biz_key);
 CREATE INDEX idx_sys_msg_pushw_bt ON js_sys_msg_push_wait (biz_type);
+CREATE INDEX idx_sys_msg_pushw_imp ON js_sys_msg_push_wait (is_merge_push);
 CREATE INDEX idx_sys_msg_tpl_key ON js_sys_msg_template (tpl_key);
 CREATE INDEX idx_sys_msg_tpl_type ON js_sys_msg_template (tpl_type);
 CREATE INDEX idx_sys_msg_tpl_status ON js_sys_msg_template (status);
diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java b/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java
index 1c8150ce..53dcd3e3 100644
--- a/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java
+++ b/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java
@@ -1,75 +1,75 @@
-/**
- * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
- */
-package com.jeesite.common.shiro.realm;
-
-import java.util.Map;
-
-import org.apache.shiro.subject.PrincipalCollection;
-
-import com.jeesite.common.codec.EncodeUtils;
-import com.jeesite.common.lang.ObjectUtils;
-import com.jeesite.common.web.http.ServletUtils;
-import com.jeesite.modules.sys.entity.EmpUser;
-import com.jeesite.modules.sys.entity.User;
-import com.jeesite.modules.sys.service.EmpUserService;
-import com.jeesite.modules.sys.service.UserService;
-import com.jeesite.modules.sys.utils.LogUtils;
-import com.jeesite.modules.sys.utils.UserUtils;
-
-/**
- * 系统安全认证实现类
- * @author ThinkGem
- * @version 2017-03-22
- */
-public class AuthorizingRealm extends com.jeesite.common.shiro.realm.BaseAuthorizingRealm  {
-
-	private UserService userService;
-	private EmpUserService empUserService;
-	
-	public AuthorizingRealm() {
-		super();
-	}
-
-	@Override
-	protected void casCreateEmpUser(User user, Map<String, Object> attributes) {
-		EmpUser empUser = new EmpUser();
-		empUser.setIsNewRecord(true);
-		empUser.setMobile(user.getMobile());
-		empUser.setEmail(user.getEmail());
-		empUser.setPhone(user.getPhone());
-		empUser.getEmployee().getCompany().setCompanyCode(EncodeUtils
-				.decodeUrl(ObjectUtils.toString(attributes.get("companyCode"))));
-		empUser.getEmployee().getOffice().setOfficeCode(EncodeUtils
-				.decodeUrl(ObjectUtils.toString(attributes.get("officeCode"))));
-		empUserService.save(empUser);
-	}
-	
-	@Override
-	public void onLoginSuccess(PrincipalCollection principals) {
-		super.onLoginSuccess(principals);
-		
-		User user = UserUtils.getUser();
-		
-		// 更新登录IP、时间、会话ID等
-		userService.updateUserLoginInfo(user);
-		
-		// 记录用户登录日志
-		LogUtils.saveLog(ServletUtils.getRequest(), "系统登录");
-	}
-	
-	@Override
-	public void onSingleSignOut(User logoutUser) {
-		// 记录用户退出日志
-		LogUtils.saveLog(logoutUser, null, null, null, "系统退出");
-	}
-	
-	public void setUserService(UserService userService) {
-		this.userService = userService;
-	}
-
-	public void setEmpUserService(EmpUserService empUserService) {
-		this.empUserService = empUserService;
-	}
-	
-}
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ */
+package com.jeesite.common.shiro.realm;
+
+import java.util.Map;
+
+import org.apache.shiro.subject.PrincipalCollection;
+
+import com.jeesite.common.codec.EncodeUtils;
+import com.jeesite.common.lang.ObjectUtils;
+import com.jeesite.common.web.http.ServletUtils;
+import com.jeesite.modules.sys.entity.EmpUser;
+import com.jeesite.modules.sys.entity.User;
+import com.jeesite.modules.sys.service.EmpUserService;
+import com.jeesite.modules.sys.service.UserService;
+import com.jeesite.modules.sys.utils.LogUtils;
+import com.jeesite.modules.sys.utils.UserUtils;
+
+/**
+ * 系统安全认证实现类
+ * @author ThinkGem
+ * @version 2017-03-22
+ */
+public class AuthorizingRealm extends com.jeesite.common.shiro.realm.BaseAuthorizingRealm  {
+
+	private UserService userService;
+	private EmpUserService empUserService;
+	
+	public AuthorizingRealm() {
+		super();
+	}
+
+	@Override
+	protected void casCreateEmpUser(User user, Map<String, Object> attributes) {
+		EmpUser empUser = new EmpUser();
+		empUser.setIsNewRecord(true);
+		empUser.setMobile(user.getMobile());
+		empUser.setEmail(user.getEmail());
+		empUser.setPhone(user.getPhone());
+		empUser.getEmployee().getCompany().setCompanyCode(EncodeUtils
+				.decodeUrl(ObjectUtils.toString(attributes.get("companyCode"))));
+		empUser.getEmployee().getOffice().setOfficeCode(EncodeUtils
+				.decodeUrl(ObjectUtils.toString(attributes.get("officeCode"))));
+		empUserService.save(empUser);
+	}
+	
+	@Override
+	public void onLoginSuccess(PrincipalCollection principals) {
+		super.onLoginSuccess(principals);
+		
+		User user = UserUtils.getUser();
+		
+		// 更新登录IP、时间、会话ID等
+		userService.updateUserLoginInfo(user);
+		
+		// 记录用户登录日志
+		LogUtils.saveLog(ServletUtils.getRequest(), "系统登录");
+	}
+	
+	@Override
+	public void onLogoutSuccess(User logoutUser) {
+		// 记录用户退出日志
+		LogUtils.saveLog(logoutUser, null, null, null, "系统退出");
+	}
+	
+	public void setUserService(UserService userService) {
+		this.userService = userService;
+	}
+
+	public void setEmpUserService(EmpUserService empUserService) {
+		this.empUserService = empUserService;
+	}
+	
+}
diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java b/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java
index a3cd914b..1a243565 100644
--- a/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java
+++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java
@@ -1,341 +1,341 @@
-/**
- * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
- */
-package com.jeesite.modules.sys.web;
-
-import java.util.Map;
-import java.util.Map.Entry;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authz.AuthorizationInfo;
-import org.apache.shiro.authz.UnauthorizedException;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
-import org.apache.shiro.session.Session;
-import org.apache.shiro.web.util.WebUtils;
-import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import com.jeesite.common.config.Global;
-import com.jeesite.common.lang.ObjectUtils;
-import com.jeesite.common.lang.StringUtils;
-import com.jeesite.common.shiro.filter.FormAuthenticationFilter;
-import com.jeesite.common.shiro.realm.BaseAuthorizingRealm;
-import com.jeesite.common.shiro.realm.LoginInfo;
-import com.jeesite.common.web.BaseController;
-import com.jeesite.common.web.CookieUtils;
-import com.jeesite.common.web.http.ServletUtils;
-import com.jeesite.modules.sys.entity.User;
-import com.jeesite.modules.sys.service.UserService;
-import com.jeesite.modules.sys.utils.UserUtils;
-
-/**
- * 登录Controller
- * @author ThinkGem
- * @version 2017-03-25
- */
-@Controller
-@RequestMapping(value = "${adminPath}")
-public class LoginController extends BaseController{
-	
-	/**
-	 * 管理登录
-	 */
-	@RequestMapping(value = "login", method = RequestMethod.GET)
-	public String login(HttpServletRequest request, HttpServletResponse response, Model model) {
-		// 地址中如果包含JSESSIONID，则跳转一次，去掉JSESSIONID信息。
-		if (StringUtils.containsIgnoreCase(request.getRequestURI(), ";JSESSIONID=")){
-			String queryString = request.getQueryString();
-			queryString = queryString == null ? "" : "?" + queryString;
-			return REDIRECT + adminPath + "/login" + queryString;
-		}
-
-		LoginInfo loginInfo = UserUtils.getLoginInfo();
-		
-		// 如果已经登录，则跳转到管理首页
-		if(loginInfo != null){
-			String queryString = request.getQueryString();
-			queryString = queryString == null ? "" : "?" + queryString;
-			String indexUrl = adminPath + "/index" + queryString;
-			if (ServletUtils.isAjaxRequest(request)){
-				try {
-					request.getRequestDispatcher(indexUrl).forward(request, response); // AJAX不支持Redirect改用Forward
-				} catch (Exception ex) {
-					logger.error(ex.getMessage(), ex);
-				}
-				return null;
-			}
-			return REDIRECT + indexUrl;
-		}
-		
-		// 如果是登录操作，跳转到此，则认为是登录失败（支持GET登录时传递__login=true参数）
-		if (WebUtils.isTrue(request, "__login")){
-			return loginFailure(request, response, model);
-		}
-
-		// 如果已登录，再次访问主页，则退出原账号。
-		if (!Global.TRUE.equals(Global.getConfig("shiro.isAllowRefreshIndex"))){
-			CookieUtils.setCookie(response, "LOGINED", "false");
-		}
-
-		// 是否显示验证码
-		model.addAttribute("isValidCodeLogin", ObjectUtils.toInteger(Global.getConfig("sys.login.failedNumAfterValidCode", "200")) == 0);
-
-		// 获取登录参数
-		Map<String, Object> paramMap = ServletUtils.getExtParams(request);
-		
-		// 如果登录设置了语言，则切换语言
-		if (paramMap.get("lang") != null){
-			Global.setLang((String)paramMap.get("lang"), request, response);
-		}
-		
-		// 如果是Ajax请求，返回Json字符串。
-		if (ServletUtils.isAjaxRequest((HttpServletRequest)request)){
-			model.addAttribute("result", "login");
-			model.addAttribute("message", text("未登录或登录超时。请重新登录，谢谢！"));
-			return ServletUtils.renderObject(response, model);
-		}
-		
-		// 返回指定用户类型的登录页视图
-		String userType = (String)paramMap.get("userType");
-		if (StringUtils.isNotBlank(userType)){
-			String view = UserUtils.getUserTypeValue(userType, "loginView");
-			if(StringUtils.isNotBlank(view)){
-				return view;
-			}
-		}
-		
-		return "modules/sys/sysLogin";
-	}
-
-	/**
-	 * 登录失败，真正登录的POST请求由Filter完成
-	 */
-	@RequestMapping(value = "login", method = RequestMethod.POST)
-	public String loginFailure(HttpServletRequest request, HttpServletResponse response, Model model) {
-		LoginInfo loginInfo = UserUtils.getLoginInfo();
-		
-		// 如果已经登录，则跳转到管理首页
-		if(loginInfo != null){
-			String queryString = request.getQueryString();
-			queryString = queryString == null ? "" : "?" + queryString;
-			String indexUrl = adminPath + "/index" + queryString;
-			if (ServletUtils.isAjaxRequest(request)){
-				try {
-					request.getRequestDispatcher(indexUrl).forward(request, response); // AJAX不支持Redirect改用Forward
-				} catch (Exception ex) {
-					logger.error(ex.getMessage(), ex);
-				}
-				return null;
-			}
-			return REDIRECT + indexUrl;
-		}
-		
-		String username = WebUtils.getCleanParam(request, FormAuthenticationFilter.DEFAULT_USERNAME_PARAM);
-		boolean rememberMe = WebUtils.isTrue(request, FormAuthenticationFilter.DEFAULT_REMEMBER_ME_PARAM);
-		boolean rememberUserCode = WebUtils.isTrue(request, FormAuthenticationFilter.DEFAULT_REMEMBER_USERCODE_PARAM);
-		String params = WebUtils.getCleanParam(request, FormAuthenticationFilter.DEFAULT_PARAMS_PARAM);
-		String exception = (String)request.getAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);
-		String message = (String)request.getAttribute(FormAuthenticationFilter.DEFAULT_MESSAGE_PARAM);
-
-		model.addAttribute(FormAuthenticationFilter.DEFAULT_USERNAME_PARAM, username);
-		model.addAttribute(FormAuthenticationFilter.DEFAULT_REMEMBER_ME_PARAM, rememberMe);
-		model.addAttribute(FormAuthenticationFilter.DEFAULT_REMEMBER_USERCODE_PARAM, rememberUserCode);
-		model.addAttribute(FormAuthenticationFilter.DEFAULT_PARAMS_PARAM, params);
-		Map<String, Object> paramMap = ServletUtils.getExtParams(request);
-		for (Entry<String, Object> entry : paramMap.entrySet()){
-			model.addAttribute(FormAuthenticationFilter.DEFAULT_PARAM_PREFIX_PARAM + entry.getKey(), entry.getValue());
-		}
-		model.addAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, exception);
-		
-		// 如果登录设置了语言，则切换语言
-		if (paramMap.get("lang") != null){
-			Global.setLang((String)paramMap.get("lang"), request, response);
-		}
-		
-		model.addAttribute(FormAuthenticationFilter.DEFAULT_MESSAGE_PARAM, text(message));
-
-		// 非授权异常，登录失败，验证码加1。
-		if (!UnauthorizedException.class.getName().equals(exception)){
-//			// 如果使用了集团用户模式，则获取集团Code
-//			String corpCode = null;
-//			if (Global.isUseCorpModel()){
-//				corpCode = (String)paramMap.get("corpCode");
-//				if (StringUtils.isBlank(corpCode)){
-//					throw new AuthenticationException("msg:请选择您要登录的集团公司.");
-//				}
-//			}
-			model.addAttribute("isValidCodeLogin", BaseAuthorizingRealm.isValidCodeLogin(username, /*corpCode, */(String)paramMap.get("deviceType"), "failed"));
-		}
-
-		// 登录操作如果是Ajax操作，直接返回登录信息字符串。
-		if (ServletUtils.isAjaxRequest(request)){
-			model.addAttribute("result", Global.FALSE);
-			return ServletUtils.renderObject(response, model);
-		}
-		
-		// 返回指定用户类型的登录页视图
-		String userType = (String)paramMap.get("userType");
-		if (StringUtils.isNotBlank(userType)){
-			String view = UserUtils.getUserTypeValue(userType, "loginView");
-			if(StringUtils.isNotBlank(view)){
-				return view;
-			}
-		}
-		
-		return "modules/sys/sysLogin";
-	}
-
-	/**
-	 * 登录成功，进入管理首页
-	 */
-	@RequestMapping(value = "index")
-	public String index(HttpServletRequest request, HttpServletResponse response, Model model) {
-		// 地址中如果包含JSESSIONID，则跳转一次，去掉JSESSIONID信息。
-		if (StringUtils.containsIgnoreCase(request.getRequestURI(), ";JSESSIONID=")){
-			String queryString = request.getQueryString();
-			queryString = queryString == null ? "" : "?" + queryString;
-			return REDIRECT + adminPath + "/index" + queryString;
-		}
-
-		// 验证下用户权限，以便调用doGetAuthorizationInfo方法，保存单点登录登出句柄
-		if (!SecurityUtils.getSubject().isPermitted("user")){
-			return REDIRECT + adminPath + "/login";
-		}
-
-		//获取登录用户信息
-		LoginInfo loginInfo = UserUtils.getLoginInfo();
-		
-		// 未加载shiro模块时会为空，直接访问则提示操作权限不足。
-		if(loginInfo == null){
-			UserUtils.getSubject().logout();
-			return REDIRECT + adminPath + "/login";
-		}
-		
-		// 当前用户对象信息
-		User user = UserUtils.get(loginInfo.getId());
-		if (user == null){
-			UserUtils.getSubject().logout();
-			return REDIRECT + adminPath + "/login";
-		}
-		model.addAttribute("user", user); // 设置当前用户信息
-		
-		// 登录成功后，验证码计算器清零
-		BaseAuthorizingRealm.isValidCodeLogin(loginInfo.getId(), /*loginInfo.getParam("corpCode"), */loginInfo.getParam("deviceType"), "success");
-
-		//获取当前会话对象
-		Session session = UserUtils.getSession();
-		
-		// 设置共享SessionId的Cookie值，睿思BI使用。
-		String cookieName = Global.getProperty("session.shareSessionIdCookieName");
-		CookieUtils.setCookie((HttpServletResponse)response, cookieName, (String)session.getId());
-
-		// 如果是登录操作，则设置登录信息（移动端用）
-		model.addAttribute("result", Global.TRUE);
-		if (request.getParameter("username") != null && request.getParameter("password") != null){
-			// 如果登录设置了语言，则切换语言
-			if (loginInfo.getParam("lang") != null){
-				Global.setLang(loginInfo.getParam("lang"), request, response);
-			}
-			model.addAttribute("message", text("登录成功！"));
-		}else{
-			model.addAttribute("message", text("获取信息成功！"));
-		}
-		model.addAttribute("sessionid", (String)session.getId());
-		// 授权信息获取
-		AuthorizationInfo authInfo = null;
-		// 获取当前用户权限字符串
-		if (WebUtils.isTrue(request, "permi")){
-			if (authInfo == null){
-				authInfo = (AuthorizationInfo)UserUtils.getCache(UserUtils.CACHE_AUTH_INFO);
-			}
-			model.addAttribute("permi", authInfo.getStringPermissions());
-		}
-		
-		// 登录操作如果是Ajax操作，直接返回登录信息字符串。
-		if (ServletUtils.isAjaxRequest(request)){
-			return ServletUtils.renderObject(response, model);
-		}
-		
-		// 是否允许刷新主页，如果已登录，再次访问主页，则退出原账号。
-		if (!ObjectUtils.toBoolean(Global.getConfig("shiro.isAllowRefreshIndex", "true"))){
-			String logined = CookieUtils.getCookie(request, "LOGINED");
-			if (StringUtils.isBlank(logined) || "false".equals(logined)){
-				CookieUtils.setCookie(response, "LOGINED", "true");
-			}else if (StringUtils.equals(logined, "true")){
-				UserUtils.getSubject().logout();
-				CookieUtils.setCookie(response, "LOGINED", "false");
-				String queryString = request.getQueryString();
-				queryString = queryString == null ? "" : "?" + queryString;
-				return REDIRECT + adminPath + "/login" + queryString;
-			}
-		}
-		
-		// 初始密码策略和密码修改策略验证（0：关闭；1：提醒用户；2：强制修改初始或旧密码）
-		String passwordModifyUrl = UserService.passwordModifyValid(user, model);
-		if (passwordModifyUrl != null){
-			try {
-				request.getRequestDispatcher(passwordModifyUrl).forward(request, response);
-			} catch (Exception e) {
-				e.printStackTrace();
-			}
-			return null;
-		}
-		
-		// 返回指定用户类型的首页视图
-		String view = UserUtils.getUserTypeValue(user.getUserType(), "indexView");
-		if(StringUtils.isNotBlank(view)){
-			return view;
-		}
-		
-		// 返回主页面视图
-		return "modules/sys/sysIndex";
-	}
-
-	/**
-	 * 切换系统菜单（仅超级管理员有权限）
-	 */
-	@RequiresPermissions("user")
-	@RequestMapping(value = "switch/{sysCode}")
-	public String switchSys(@PathVariable String sysCode) {
-		LoginInfo principal = UserUtils.getLoginInfo();
-		User user = UserUtils.get(principal.getId());
-		if (user.isSuperAdmin() && StringUtils.isNotBlank(sysCode)){
-			if (!StringUtils.equals(principal.getParam("sysCode"), sysCode)){
-				principal.setParam("sysCode", sysCode);
-				UserUtils.removeCache(UserUtils.CACHE_AUTH_INFO);
-				UserUtils.removeCache(UserUtils.CACHE_MENU_LIST);
-			}
-		}
-		return REDIRECT + adminPath + "/index";
-	}
-	
-	/**
-	 * 切换主题
-	 */
-	@RequiresPermissions("user")
-	@RequestMapping(value = "switchSkin/{skinName}")
-	public String switchSkin(@PathVariable String skinName, HttpServletRequest request, HttpServletResponse response) {
-		LoginInfo loginInfo = UserUtils.getLoginInfo();
-		if (StringUtils.isNotBlank(skinName) && !"select".equals(skinName)){
-			CookieUtils.setCookie(response, "skinName_" + loginInfo.getId(), skinName);
-			return REDIRECT + adminPath + "/index";
-		}
-		return "modules/sys/sysSwitchSkin";
-	}
-	
-	/**
-	 * 个人桌面页面
-	 */
-	@RequiresPermissions("user")
-	@RequestMapping(value = "desktop")
-	public String desktop(HttpServletRequest request, HttpServletResponse response, Model model) {
-		return "modules/sys/sysDesktop";
-	}
-	
-}
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ */
+package com.jeesite.modules.sys.web;
+
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.UnauthorizedException;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.web.util.WebUtils;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import com.jeesite.common.config.Global;
+import com.jeesite.common.lang.ObjectUtils;
+import com.jeesite.common.lang.StringUtils;
+import com.jeesite.common.shiro.filter.FormAuthenticationFilter;
+import com.jeesite.common.shiro.realm.BaseAuthorizingRealm;
+import com.jeesite.common.shiro.realm.LoginInfo;
+import com.jeesite.common.web.BaseController;
+import com.jeesite.common.web.CookieUtils;
+import com.jeesite.common.web.http.ServletUtils;
+import com.jeesite.modules.sys.entity.User;
+import com.jeesite.modules.sys.service.UserService;
+import com.jeesite.modules.sys.utils.UserUtils;
+
+/**
+ * 登录Controller
+ * @author ThinkGem
+ * @version 2017-03-25
+ */
+@Controller
+@RequestMapping(value = "${adminPath}")
+public class LoginController extends BaseController{
+	
+	/**
+	 * 管理登录
+	 */
+	@RequestMapping(value = "login", method = RequestMethod.GET)
+	public String login(HttpServletRequest request, HttpServletResponse response, Model model) {
+//		// 地址中如果包含JSESSIONID，则跳转一次，去掉JSESSIONID信息。
+//		if (StringUtils.containsIgnoreCase(request.getRequestURI(), ";JSESSIONID=")){
+//			String queryString = request.getQueryString();
+//			queryString = queryString == null ? "" : "?" + queryString;
+//			return REDIRECT + adminPath + "/login" + queryString;
+//		}
+
+		LoginInfo loginInfo = UserUtils.getLoginInfo();
+		
+		// 如果已经登录，则跳转到管理首页
+		if(loginInfo != null){
+			String queryString = request.getQueryString();
+			queryString = queryString == null ? "" : "?" + queryString;
+			String indexUrl = adminPath + "/index" + queryString;
+			if (ServletUtils.isAjaxRequest(request)){
+				try {
+					request.getRequestDispatcher(indexUrl).forward(request, response); // AJAX不支持Redirect改用Forward
+				} catch (Exception ex) {
+					logger.error(ex.getMessage(), ex);
+				}
+				return null;
+			}
+			return REDIRECT + indexUrl;
+		}
+		
+		// 如果是登录操作，跳转到此，则认为是登录失败（支持GET登录时传递__login=true参数）
+		if (WebUtils.isTrue(request, "__login")){
+			return loginFailure(request, response, model);
+		}
+
+		// 如果已登录，再次访问主页，则退出原账号。
+		if (!Global.TRUE.equals(Global.getConfig("shiro.isAllowRefreshIndex"))){
+			CookieUtils.setCookie(response, "LOGINED", "false");
+		}
+
+		// 是否显示验证码
+		model.addAttribute("isValidCodeLogin", ObjectUtils.toInteger(Global.getConfig("sys.login.failedNumAfterValidCode", "200")) == 0);
+
+		// 获取登录参数
+		Map<String, Object> paramMap = ServletUtils.getExtParams(request);
+		
+		// 如果登录设置了语言，则切换语言
+		if (paramMap.get("lang") != null){
+			Global.setLang((String)paramMap.get("lang"), request, response);
+		}
+		
+		// 如果是Ajax请求，返回Json字符串。
+		if (ServletUtils.isAjaxRequest((HttpServletRequest)request)){
+			model.addAttribute("result", "login");
+			model.addAttribute("message", text("未登录或登录超时。请重新登录，谢谢！"));
+			return ServletUtils.renderObject(response, model);
+		}
+		
+		// 返回指定用户类型的登录页视图
+		String userType = (String)paramMap.get("userType");
+		if (StringUtils.isNotBlank(userType)){
+			String view = UserUtils.getUserTypeValue(userType, "loginView");
+			if(StringUtils.isNotBlank(view)){
+				return view;
+			}
+		}
+		
+		return "modules/sys/sysLogin";
+	}
+
+	/**
+	 * 登录失败，真正登录的POST请求由Filter完成
+	 */
+	@RequestMapping(value = "login", method = RequestMethod.POST)
+	public String loginFailure(HttpServletRequest request, HttpServletResponse response, Model model) {
+		LoginInfo loginInfo = UserUtils.getLoginInfo();
+		
+		// 如果已经登录，则跳转到管理首页
+		if(loginInfo != null){
+			String queryString = request.getQueryString();
+			queryString = queryString == null ? "" : "?" + queryString;
+			String indexUrl = adminPath + "/index" + queryString;
+			if (ServletUtils.isAjaxRequest(request)){
+				try {
+					request.getRequestDispatcher(indexUrl).forward(request, response); // AJAX不支持Redirect改用Forward
+				} catch (Exception ex) {
+					logger.error(ex.getMessage(), ex);
+				}
+				return null;
+			}
+			return REDIRECT + indexUrl;
+		}
+		
+		String username = WebUtils.getCleanParam(request, FormAuthenticationFilter.DEFAULT_USERNAME_PARAM);
+		boolean rememberMe = WebUtils.isTrue(request, FormAuthenticationFilter.DEFAULT_REMEMBER_ME_PARAM);
+		boolean rememberUserCode = WebUtils.isTrue(request, FormAuthenticationFilter.DEFAULT_REMEMBER_USERCODE_PARAM);
+		String params = WebUtils.getCleanParam(request, FormAuthenticationFilter.DEFAULT_PARAMS_PARAM);
+		String exception = (String)request.getAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);
+		String message = (String)request.getAttribute(FormAuthenticationFilter.DEFAULT_MESSAGE_PARAM);
+
+		model.addAttribute(FormAuthenticationFilter.DEFAULT_USERNAME_PARAM, username);
+		model.addAttribute(FormAuthenticationFilter.DEFAULT_REMEMBER_ME_PARAM, rememberMe);
+		model.addAttribute(FormAuthenticationFilter.DEFAULT_REMEMBER_USERCODE_PARAM, rememberUserCode);
+		model.addAttribute(FormAuthenticationFilter.DEFAULT_PARAMS_PARAM, params);
+		Map<String, Object> paramMap = ServletUtils.getExtParams(request);
+		for (Entry<String, Object> entry : paramMap.entrySet()){
+			model.addAttribute(FormAuthenticationFilter.DEFAULT_PARAM_PREFIX_PARAM + entry.getKey(), entry.getValue());
+		}
+		model.addAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, exception);
+		
+		// 如果登录设置了语言，则切换语言
+		if (paramMap.get("lang") != null){
+			Global.setLang((String)paramMap.get("lang"), request, response);
+		}
+		
+		model.addAttribute(FormAuthenticationFilter.DEFAULT_MESSAGE_PARAM, text(message));
+
+		// 非授权异常，登录失败，验证码加1。
+		if (!UnauthorizedException.class.getName().equals(exception)){
+//			// 如果使用了集团用户模式，则获取集团Code
+//			String corpCode = null;
+//			if (Global.isUseCorpModel()){
+//				corpCode = (String)paramMap.get("corpCode");
+//				if (StringUtils.isBlank(corpCode)){
+//					throw new AuthenticationException("msg:请选择您要登录的集团公司.");
+//				}
+//			}
+			model.addAttribute("isValidCodeLogin", BaseAuthorizingRealm.isValidCodeLogin(username, /*corpCode, */(String)paramMap.get("deviceType"), "failed"));
+		}
+
+		// 登录操作如果是Ajax操作，直接返回登录信息字符串。
+		if (ServletUtils.isAjaxRequest(request)){
+			model.addAttribute("result", Global.FALSE);
+			return ServletUtils.renderObject(response, model);
+		}
+		
+		// 返回指定用户类型的登录页视图
+		String userType = (String)paramMap.get("userType");
+		if (StringUtils.isNotBlank(userType)){
+			String view = UserUtils.getUserTypeValue(userType, "loginView");
+			if(StringUtils.isNotBlank(view)){
+				return view;
+			}
+		}
+		
+		return "modules/sys/sysLogin";
+	}
+
+	/**
+	 * 登录成功，进入管理首页
+	 */
+	@RequestMapping(value = "index")
+	public String index(HttpServletRequest request, HttpServletResponse response, Model model) {
+//		// 地址中如果包含JSESSIONID，则跳转一次，去掉JSESSIONID信息。
+//		if (StringUtils.containsIgnoreCase(request.getRequestURI(), ";JSESSIONID=")){
+//			String queryString = request.getQueryString();
+//			queryString = queryString == null ? "" : "?" + queryString;
+//			return REDIRECT + adminPath + "/index" + queryString;
+//		}
+
+		// 验证下用户权限，以便调用doGetAuthorizationInfo方法，保存单点登录登出句柄
+		if (!SecurityUtils.getSubject().isPermitted("user")){
+			return REDIRECT + adminPath + "/login";
+		}
+
+		//获取登录用户信息
+		LoginInfo loginInfo = UserUtils.getLoginInfo();
+		
+		// 未加载shiro模块时会为空，直接访问则提示操作权限不足。
+		if(loginInfo == null){
+			UserUtils.getSubject().logout();
+			return REDIRECT + adminPath + "/login";
+		}
+		
+		// 当前用户对象信息
+		User user = UserUtils.get(loginInfo.getId());
+		if (user == null){
+			UserUtils.getSubject().logout();
+			return REDIRECT + adminPath + "/login";
+		}
+		model.addAttribute("user", user); // 设置当前用户信息
+		
+		// 登录成功后，验证码计算器清零
+		BaseAuthorizingRealm.isValidCodeLogin(loginInfo.getId(), /*loginInfo.getParam("corpCode"), */loginInfo.getParam("deviceType"), "success");
+
+		//获取当前会话对象
+		Session session = UserUtils.getSession();
+		
+		// 设置共享SessionId的Cookie值，睿思BI使用。
+		String cookieName = Global.getProperty("session.shareSessionIdCookieName");
+		CookieUtils.setCookie((HttpServletResponse)response, cookieName, (String)session.getId());
+
+		// 如果是登录操作，则设置登录信息（移动端用）
+		model.addAttribute("result", Global.TRUE);
+		if (request.getParameter("username") != null && request.getParameter("password") != null){
+			// 如果登录设置了语言，则切换语言
+			if (loginInfo.getParam("lang") != null){
+				Global.setLang(loginInfo.getParam("lang"), request, response);
+			}
+			model.addAttribute("message", text("登录成功！"));
+		}else{
+			model.addAttribute("message", text("获取信息成功！"));
+		}
+		model.addAttribute("sessionid", (String)session.getId());
+		// 授权信息获取
+		AuthorizationInfo authInfo = null;
+		// 获取当前用户权限字符串
+		if (WebUtils.isTrue(request, "permi")){
+			if (authInfo == null){
+				authInfo = (AuthorizationInfo)UserUtils.getCache(UserUtils.CACHE_AUTH_INFO);
+			}
+			model.addAttribute("permi", authInfo.getStringPermissions());
+		}
+		
+		// 登录操作如果是Ajax操作，直接返回登录信息字符串。
+		if (ServletUtils.isAjaxRequest(request)){
+			return ServletUtils.renderObject(response, model);
+		}
+		
+		// 是否允许刷新主页，如果已登录，再次访问主页，则退出原账号。
+		if (!ObjectUtils.toBoolean(Global.getConfig("shiro.isAllowRefreshIndex", "true"))){
+			String logined = CookieUtils.getCookie(request, "LOGINED");
+			if (StringUtils.isBlank(logined) || "false".equals(logined)){
+				CookieUtils.setCookie(response, "LOGINED", "true");
+			}else if (StringUtils.equals(logined, "true")){
+				UserUtils.getSubject().logout();
+				CookieUtils.setCookie(response, "LOGINED", "false");
+				String queryString = request.getQueryString();
+				queryString = queryString == null ? "" : "?" + queryString;
+				return REDIRECT + adminPath + "/login" + queryString;
+			}
+		}
+		
+		// 初始密码策略和密码修改策略验证（0：关闭；1：提醒用户；2：强制修改初始或旧密码）
+		String passwordModifyUrl = UserService.passwordModifyValid(user, model);
+		if (passwordModifyUrl != null){
+			try {
+				request.getRequestDispatcher(passwordModifyUrl).forward(request, response);
+			} catch (Exception e) {
+				e.printStackTrace();
+			}
+			return null;
+		}
+		
+		// 返回指定用户类型的首页视图
+		String view = UserUtils.getUserTypeValue(user.getUserType(), "indexView");
+		if(StringUtils.isNotBlank(view)){
+			return view;
+		}
+		
+		// 返回主页面视图
+		return "modules/sys/sysIndex";
+	}
+
+	/**
+	 * 切换系统菜单（仅超级管理员有权限）
+	 */
+	@RequiresPermissions("user")
+	@RequestMapping(value = "switch/{sysCode}")
+	public String switchSys(@PathVariable String sysCode) {
+		LoginInfo principal = UserUtils.getLoginInfo();
+		User user = UserUtils.get(principal.getId());
+		if (user.isSuperAdmin() && StringUtils.isNotBlank(sysCode)){
+			if (!StringUtils.equals(principal.getParam("sysCode"), sysCode)){
+				principal.setParam("sysCode", sysCode);
+				UserUtils.removeCache(UserUtils.CACHE_AUTH_INFO);
+				UserUtils.removeCache(UserUtils.CACHE_MENU_LIST);
+			}
+		}
+		return REDIRECT + adminPath + "/index";
+	}
+	
+	/**
+	 * 切换主题
+	 */
+	@RequiresPermissions("user")
+	@RequestMapping(value = "switchSkin/{skinName}")
+	public String switchSkin(@PathVariable String skinName, HttpServletRequest request, HttpServletResponse response) {
+		LoginInfo loginInfo = UserUtils.getLoginInfo();
+		if (StringUtils.isNotBlank(skinName) && !"select".equals(skinName)){
+			CookieUtils.setCookie(response, "skinName_" + loginInfo.getId(), skinName);
+			return REDIRECT + adminPath + "/index";
+		}
+		return "modules/sys/sysSwitchSkin";
+	}
+	
+	/**
+	 * 个人桌面页面
+	 */
+	@RequiresPermissions("user")
+	@RequestMapping(value = "desktop")
+	public String desktop(HttpServletRequest request, HttpServletResponse response, Model model) {
+		return "modules/sys/sysDesktop";
+	}
+	
+}
diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/web/OnlineController.java b/modules/core/src/main/java/com/jeesite/modules/sys/web/OnlineController.java
index a77ed009..0450aef0 100644
--- a/modules/core/src/main/java/com/jeesite/modules/sys/web/OnlineController.java
+++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/OnlineController.java
@@ -1,151 +1,151 @@
-/**
- * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
- */
-package com.jeesite.modules.sys.web;
-
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.shiro.authz.annotation.RequiresPermissions;
-import org.apache.shiro.session.Session;
-import org.apache.shiro.subject.PrincipalCollection;
-import org.apache.shiro.subject.support.DefaultSubjectContext;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.ResponseBody;
-
-import com.beust.jcommander.internal.Lists;
-import com.beust.jcommander.internal.Maps;
-import com.jeesite.common.config.Global;
-import com.jeesite.common.lang.DateUtils;
-import com.jeesite.common.lang.ObjectUtils;
-import com.jeesite.common.lang.StringUtils;
-import com.jeesite.common.lang.TimeUtils;
-import com.jeesite.common.shiro.realm.LoginInfo;
-import com.jeesite.common.shiro.session.SessionDAO;
-import com.jeesite.common.web.BaseController;
-import com.jeesite.modules.sys.utils.UserUtils;
-
-/**
- * 在线用户Controller
- * @author ThinkGem
- * @version 2016-8-31
- */
-@Controller
-@RequestMapping(value = "${adminPath}/sys/online")
-public class OnlineController extends BaseController{
-
-	@Autowired
-	private SessionDAO sessionDAO;
-
-	/**
-	 * 在线用户数
-	 * @param request
-	 * @param response
-	 * @author ThinkGem
-	 */
-	@RequestMapping(value = "count")
-	@ResponseBody
-	public Integer count(HttpServletRequest request, HttpServletResponse response) {
-		return sessionDAO.getActiveSessions(true, true).size();
-	}
-
-	/**
-	 * 在线用户列表
-	 * @param request
-	 * @param response
-	 * @param model
-	 */
-	@RequiresPermissions("sys:online:view")
-	@RequestMapping(value = "list")
-	public String list(Model model) {
-		return "modules/sys/onlineList";
-	}
-	
-	/**
-	 * 在线用户列表数据
-	 * @param request
-	 * @param response
-	 * @author ThinkGem
-	 */
-	@RequiresPermissions("sys:online:view")
-	@RequestMapping(value = "listData")
-	@ResponseBody
-	public List<Map<String, Object>> listData(@RequestParam(defaultValue="true") Boolean excludeLeave,
-			@RequestParam(defaultValue="true") Boolean excludeVisitor, String sessionId, String userCode,
-			String userName, String userType, String orderBy) {
-		List<Map<String, Object>> list = Lists.newArrayList();
-		Collection<Session> sessions = sessionDAO.getActiveSessions(excludeLeave, excludeVisitor, null, sessionId, userCode);
-		long currentTime = System.currentTimeMillis();
-		for (Session session : sessions){
-			if (StringUtils.isNotBlank(userName) && ((String)session.getAttribute("userName")).contains(userName)){
-				continue;
-			}
-			if (StringUtils.isNotBlank(userType) && ((String)session.getAttribute("userType")).equals(userType)){
-				continue;
-			}
-			Map<String, Object> map = Maps.newLinkedHashMap();
-			// 为了安全性，需要有权限的人才能看
-			if (UserUtils.getSubject().isPermitted("sys:online:edit")){
-				map.put("id", session.getId().toString()); 
-			}
-			map.put("startTimestamp", DateUtils.formatDateTime(session.getStartTimestamp()));
-			map.put("lastAccessTime", DateUtils.formatDateTime(session.getLastAccessTime()));
-			map.put("timeout", TimeUtils.formatDateAgo(session.getTimeout()-(currentTime-session.getLastAccessTime().getTime())));
-			PrincipalCollection pc = (PrincipalCollection)session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
-			LoginInfo principal = (pc != null ? (LoginInfo)pc.getPrimaryPrincipal() : null);
-			if (principal != null){
-				map.put("userCode", session.getAttribute("userCode"));// principal.getId());
-				map.put("userName", session.getAttribute("userName"));// principal.getName());
-				map.put("userType", session.getAttribute("userType"));// ObjectUtils.toString(principal.getParam("userType")));
-				map.put("deviceType", ObjectUtils.toString(principal.getParam("deviceType")));
-			}
-			map.put("host", session.getHost());
-			list.add(map);
-		}
-		// 本地排序
-		if (StringUtils.isNotBlank(orderBy)){
-			final String[] ss = orderBy.trim().split(" ");
-			if (ss != null && ss.length == 2){
-				Collections.sort(list, new Comparator<Map<String, Object>>() {
-					@Override
-					public int compare(Map<String, Object> o1, Map<String, Object> o2) {
-						String s1 = (String)o1.get(ss[0]);
-						String s2 = (String)o2.get(ss[0]);
-						if ("asc".equals(ss[1])){
-							return s1.compareTo(s2);
-						}else{
-							return s2.compareTo(s1);
-						}
-					}});
-			}
-		}
-		return list;
-	}
-	
-	/**
-	 * 提出在线用户
-	 * @author ThinkGem
-	 */
-	@RequiresPermissions("sys:online:edit")
-	@RequestMapping(value = "tickOut")
-	@ResponseBody
-	public String tickOut(String sessionId) {
-		Session session = sessionDAO.readSession(sessionId);
-		if (session != null){
-			sessionDAO.delete(session);
-			return renderResult(Global.TRUE, "踢出已成功！");
-		}
-		return renderResult(Global.FALSE, "踢出失败，没有找到该在线用户！");
-	}
-	
-}
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ */
+package com.jeesite.modules.sys.web;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.apache.shiro.subject.support.DefaultSubjectContext;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import com.beust.jcommander.internal.Lists;
+import com.beust.jcommander.internal.Maps;
+import com.jeesite.common.config.Global;
+import com.jeesite.common.lang.DateUtils;
+import com.jeesite.common.lang.ObjectUtils;
+import com.jeesite.common.lang.StringUtils;
+import com.jeesite.common.lang.TimeUtils;
+import com.jeesite.common.shiro.realm.LoginInfo;
+import com.jeesite.common.shiro.session.SessionDAO;
+import com.jeesite.common.web.BaseController;
+import com.jeesite.modules.sys.utils.UserUtils;
+
+/**
+ * 在线用户Controller
+ * @author ThinkGem
+ * @version 2016-8-31
+ */
+@Controller
+@RequestMapping(value = "${adminPath}/sys/online")
+public class OnlineController extends BaseController{
+
+	@Autowired
+	private SessionDAO sessionDAO;
+
+	/**
+	 * 在线用户数
+	 * @param request
+	 * @param response
+	 * @author ThinkGem
+	 */
+	@RequestMapping(value = "count")
+	@ResponseBody
+	public Integer count(HttpServletRequest request, HttpServletResponse response) {
+		return sessionDAO.getActiveSessions(true, true).size();
+	}
+
+	/**
+	 * 在线用户列表
+	 * @param request
+	 * @param response
+	 * @param model
+	 */
+	@RequiresPermissions("sys:online:view")
+	@RequestMapping(value = "list")
+	public String list(Model model) {
+		return "modules/sys/onlineList";
+	}
+	
+	/**
+	 * 在线用户列表数据
+	 * @param request
+	 * @param response
+	 * @author ThinkGem
+	 */
+	@RequiresPermissions("sys:online:view")
+	@RequestMapping(value = "listData")
+	@ResponseBody
+	public List<Map<String, Object>> listData(@RequestParam(defaultValue="true") Boolean excludeLeave,
+			@RequestParam(defaultValue="true") Boolean excludeVisitor, String sessionId, String userCode,
+			String userName, String userType, String orderBy) {
+		List<Map<String, Object>> list = Lists.newArrayList();
+		Collection<Session> sessions = sessionDAO.getActiveSessions(excludeLeave, excludeVisitor, null, sessionId, userCode);
+		long currentTime = System.currentTimeMillis();
+		for (Session session : sessions){
+			if (StringUtils.isNotBlank(userName) && ((String)session.getAttribute("userName")).contains(userName)){
+				continue;
+			}
+			if (StringUtils.isNotBlank(userType) && ((String)session.getAttribute("userType")).equals(userType)){
+				continue;
+			}
+			Map<String, Object> map = Maps.newLinkedHashMap();
+			// 为了安全性，需要有权限的人才能看
+			if (UserUtils.getSubject().isPermitted("sys:online:edit")){
+				map.put("id", session.getId().toString()); 
+			}
+			map.put("startTimestamp", DateUtils.formatDateTime(session.getStartTimestamp()));
+			map.put("lastAccessTime", DateUtils.formatDateTime(session.getLastAccessTime()));
+			map.put("timeout", TimeUtils.formatDateAgo(session.getTimeout()-(currentTime-session.getLastAccessTime().getTime())));
+			PrincipalCollection pc = (PrincipalCollection)session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
+			LoginInfo principal = (pc != null ? (LoginInfo)pc.getPrimaryPrincipal() : null);
+			if (principal != null){
+				map.put("userCode", session.getAttribute("userCode"));// principal.getId());
+				map.put("userName", session.getAttribute("userName"));// principal.getName());
+				map.put("userType", session.getAttribute("userType"));// ObjectUtils.toString(principal.getParam("userType")));
+				map.put("deviceType", ObjectUtils.toString(principal.getParam("deviceType")));
+			}
+			map.put("host", session.getHost());
+			list.add(map);
+		}
+		// 本地排序
+		if (StringUtils.isNotBlank(orderBy)){
+			final String[] ss = orderBy.trim().split(" ");
+			if (ss != null && ss.length == 2){
+				Collections.sort(list, new Comparator<Map<String, Object>>() {
+					@Override
+					public int compare(Map<String, Object> o1, Map<String, Object> o2) {
+						String s1 = (String)o1.get(ss[0]);
+						String s2 = (String)o2.get(ss[0]);
+						if ("asc".equals(ss[1])){
+							return s1.compareTo(s2);
+						}else{
+							return s2.compareTo(s1);
+						}
+					}});
+			}
+		}
+		return list;
+	}
+	
+	/**
+	 * 提出在线用户
+	 * @author ThinkGem
+	 */
+	@RequiresPermissions("sys:online:edit")
+	@RequestMapping(value = "tickOut")
+	@ResponseBody
+	public String tickOut(String sessionId) {
+		Session session = sessionDAO.readSession(sessionId);
+		if (session != null){
+			sessionDAO.delete(session);
+			return renderResult(Global.TRUE, "踢出已成功！");
+		}
+		return renderResult(Global.FALSE, "踢出失败，没有找到该在线用户！");
+	}
+	
+}
diff --git a/modules/core/src/main/resources/jeesite-core.yml b/modules/core/src/main/resources/jeesite-core.yml
index 8bb4cfd2..95ad98ab 100644
--- a/modules/core/src/main/resources/jeesite-core.yml
+++ b/modules/core/src/main/resources/jeesite-core.yml
@@ -1,428 +1,428 @@
-
-#============================#
-#===== Database sttings =====#
-#============================#
-
-# 数据库连接
-jdbc: 
-
-  # Oracle 数据库配置
-  type: oracle
-  driver: oracle.jdbc.driver.OracleDriver
-  url: jdbc:oracle:thin:@127.0.0.1:1521/orcl
-  username: jeesite
-  password: jeesite
-  testSql: SELECT 1 FROM DUAL
-  
-  # Mysql 数据库配置
-#  type: mysql
-#  driver: com.mysql.jdbc.Driver
-#  url: jdbc:mysql://127.0.0.1:3306/jeesite?useUnicode=true&characterEncoding=utf-8
-#  username: jeesite
-#  password: jeesite
-#  testSql: SELECT 1
-
-  # Sql Server 数据库配置
-#  type: mssql
-#  driver: net.sourceforge.jtds.jdbc.Driver
-#  url: jdbc:jtds:sqlserver://127.0.0.1:1433/jeesite
-#  username: jeesite
-#  password: jeesite
-#  testSql: SELECT 1
-  
-  # PostgreSql 数据库配置
-#  type: postgre
-#  driver: org.postgresql.Driver
-#  url: jdbc:postgresql://localhost:5432/jeesite
-#  username: jeesite
-#  password: jeesite
-#  testSql: SELECT 1
-
-  # 连接信息加密
-  encrypt:
-  
-    # 加密连接用户名
-    username: false
-    # 加密连接密码
-    password: true
-
-  # 数据库连接池配置
-  pool:
-  
-    # 初始化连接数
-    init: 1
-    # 最小连接数
-    minIdle: 3
-    # 最大连接数
-    maxActive: 20
-
-  # 表名前缀
-  tablePrefix: js_
-
-#  # 多数数据源名称列表，调用方式：DataSourceHolder.setDataSourceName("ds2")
-#  dataSourceNames: ds2
-#  
-#  # 多数据源配置：ds2
-#  ds2:
-#    type: oracle
-#    driver: oracle.jdbc.driver.OracleDriver
-#    url: jdbc:oracle:thin:@127.0.0.1:1521/orcl
-#    username: jeesite
-#    password: jeesite
-#    encryptUsername: false
-#    encryptPassword: true
-#    pool:
-#      init: 1
-#      minIdle: 3
-#      maxActive: 20
-
-# Redis 配置
-redis: 
-
-  # Redis 连接参数
-  host: 127.0.0.1
-  port: 6379
-  password: 1234
-  database: 0
-  
-  # 定义Key的前缀标识
-  keyPrefix: jeesite
-  
-  # Redis 连接池配置
-  pool:
-    maxIdle: 3
-    maxTotal: 20
-
-# Mapper文件刷新线程
-mapperRefresh:
-
-  enabled: true
-  delaySeconds: 60
-  sleepSeconds: 3
-  mappingPath: mappings
-
-#============================#
-#===== System settings ======#
-#============================#
-
-#产品信息设置
-productName: JeeSite Demo
-productVersion: V4.0
-copyrightYear: 2018
-companyName: ThinkGem
-
-#是否演示模式
-demoMode: false
-
-#管理基础路径
-adminPath: /a
-
-#前端基础路径
-frontPath: /f
-
-#索引页路径
-defaultPath: ${adminPath}/login
-
-# 用户相关参数
-user:
-
-  # 指定超级管理员编号（实施人员，开发团队使用的用户）
-  superAdminCode: thinkgem
-
-  # 超级管理员获取菜单的最小权重（默认20；>=40二级管理员；>=60系统管理员；>=80超级管理员）
-  superAdminGetMenuMinWeight: 40
-
-  # 系统管理员角色编号（客户方使用的角色，客户方管理员）
-  corpAdminRoleCode: corpAdmin
-
-  # 用户类型配置信息（employee员工，member会员，btype往来单位，persion个人，expert专家，...）
-  # JSON格式说明：{"用户类型":{"dao":"Dao的Bean名称","loginView":"登录视图","indexView":"主页框架面视图"}}
-  userTypeMap: >
-    {
-      "employee":{"dao":"employeeDao","loginView":"","indexView":""},
-      "member":{"dao":"memberDao","loginView":"","indexView":"modules/sys/sysIndexMember"},
-      "btype":{"dao":"btypeInfoDao","loginView":"","indexView":"modules/sys/sysIndexBtype"},
-      "persion":{"dao":"persionDao","loginView":"","indexView":"modules/sys/sysIndexPersion"},
-      "expert":{"dao":"expertDao","loginView":"","indexView":"modules/sys/sysIndexExpert"}
-    }
-
-  # 数据权限设置参数，可新增自定义数据权限，moduleCode: 针对模块, ctrlPermi: 权限类型, 0全部  1拥有权限  2管理权限
-  dataScopes: >
-    [{
-      moduleCode: "core",
-      ctrlPermi: "0",
-      ctrlName: "部门权限",
-      ctrlType: "Office",
-      ctrlDataUrl: "/sys/office/treeData",
-      chkboxType: {"Y":"ps","N":"ps"},
-      remarks: ""
-    },{
-      moduleCode: "core",
-      ctrlName: "公司权限",
-      ctrlType: "Company",
-      ctrlPermi: "0",
-      ctrlDataUrl: "/sys/company/treeData",
-      chkboxType: {"Y":"ps","N":"ps"},
-      remarks: ""
-    },{
-      moduleCode: "core",
-      ctrlName: "角色权限",
-      ctrlType: "Role",
-      ctrlPermi: "2",
-      ctrlDataUrl: "/sys/role/treeData",
-      chkboxType: {"Y":"ps","N":"ps"},
-      remarks: ""
-    }]
-
-  # 集团模式（多公司、多租户、SAAS模式）
-  useCorpModel: false
-
-# 分页配置
-page:
-
-  # 分页默认大小
-  pageSize: 20
-
-# 任务调度
-job:
-
-  # 是否自动启动任务调度（集群情况下开启一个服务）
-  autoStartup: true
-
-  # 任务调度启动延迟设置（单位：秒）（建议设置项目启动完成后的时间）
-  startupDelay: 60
-
-# 内容管理
-cms:
-
-  # 内容管理主站点编码
-  mainSiteCode: main
-
-#============================#
-#==== Framework settings ====#
-#============================#
-
-# Shiro 相关配置
-shiro:
-
-  # 登录相关设置
-  loginUrl: ${adminPath}/login
-  logoutUrl: ${shiro.loginUrl}
-  successUrl: ${adminPath}/index
-
-  # CAS 相关配置
-  casServerUrl: http://192.168.1.3:8080/cas
-  casClientUrl: http://192.168.1.3:8180/jeesite
-#  loginUrl: ${shiro.casServerUrl}?service=${shiro.casClientUrl}${adminPath}/login-cas
-#  logoutUrl: ${shiro.casServerUrl}/logout?service=${shiro.loginUrl}
-#  successUrl: ${shiro.casClientUrl}
-
-  # SSO 登录相关配置
-  sso:
-  
-    # 如果启用/sso/{username}/{token}单点登录，请修改此安全key并与单点登录系统key一致。
-    secretKey: abc
-
-    # 是否加密单点登录安全Key
-    encryptKey: true
-
-  # 登录提交信息加密
-  loginSubmit:
-    
-    # 登录提交信息安全Key，加密用户名、密码、验证码，后再提交（key设置为3个，用逗号分隔）
-    secretKey: thinkgem,jeesite,com
-
-  # 是否允许账号多地登录，如果设置为false，同一个设备类型的其它地点登录的相同账号被踢下线
-  isAllowMultiAddrLogin: true
-  
-  # 是否允许刷新主框架页，如果设置为false，刷新主页将导致重新登录。如安全性比较高的，如银行个人首页不允许刷新。
-  isAllowRefreshIndex: true
-  
-  # 是否允许嵌入到外部网站iframe中（true：不限制，false：不允许）
-  isAllowExternalSiteIframe: true
-  
-  # 是否允许跨域访问，如果允许，设置允许的域名，全部域名设置*号，如果不允许，此设置应该为空
-#  accessControlAllowOrigin: http://demo.jeesite.com
-#  accessControlAllowOrigin: '*'
-  
-  # URI 权限过滤器定义
-  filterChainDefinitions: |
-    /ReportServer/** = user
-    ${adminPath}/** = user
-  
-#  filterChainDefinitions: |
-#    /ReportServer/** = user
-#    ${adminPath}/file/** = anon
-#    ${adminPath}/cms/* = anon
-#    ${adminPath}/cms/site/select = anon
-#    ${adminPath}/cms/site/* = anon
-#    ${adminPath}/cms/category/treeData = anon
-#    ${adminPath}/cms/category/* = anon
-#    ${adminPath}/cms/article/* = anon
-#    ${adminPath}/cms/link/* = anon
-#    ${adminPath}/** = user
-  
-  # 默认的授权过滤定义，如果在filterChainDefinitions中已经定义，则该定义会被覆盖。
-  defaultFilterChainDefinitions: |
-    /static/** = anon
-    /userfiles/** = anon
-    /druid/** = perms[state:druid]
-    ${adminPath}/login-cas = cas
-    ${adminPath}/login = authc
-    ${adminPath}/logout = logout
-    ${adminPath}/file/** = user
-    ${adminPath}/cms/* = perms[cms:view]
-    ${adminPath}/cms/site/select = user
-    ${adminPath}/cms/site/* = perms[cms:site:view]
-    ${adminPath}/cms/category/treeData = user
-    ${adminPath}/cms/category/* = perms[cms:category:view]
-    ${adminPath}/cms/article/* = perms[cms:article:view]
-    ${adminPath}/cms/link/* = perms[cms:link:view]
-  
-# Session 相关
-session:
-
-  #全局会话超时，单位：毫秒， 20m=1200000ms, 30m=1800000ms, 60m=3600000ms, 12h=43200000ms, 1day=86400000ms
-  sessionTimeout: 1800000
-  
-  #手机APP设备会话超时参数设置，登录请求参数加 param_deviceType=mobileApp 时有效
-  mobileAppSessionTimeout: 43200000
-  
-  #定时清理失效会话，清理用户直接关闭浏览器造成的孤立会话
-  sessionTimeoutClean: 1200000
-  
-  #会话唯一标识SessionId在Cookie中的名称。
-  sessionIdCookieName: jeesite.session.id
-  
-  #共享的SessionId的Cookie名称，保存到跟路径下，第三方应用获取。同一域名下多个项目时需设置共享Cookie的名称。
-  shareSessionIdCookieName: jeesite.session.id
-
-# MyBatis 相关
-mybatis:
-
-  # 扫描基础包设置（Aliases、@MyBatisDao），如果多个，用“,”分隔
-  scanBasePackage: com.jeesite.modules
-  
-# 缓存设置
-ehcache:
-
-  # 缓存配置文件路径
-  configFile: cache/ehcache-local.xml
-#  configFile: cache/ehcache-rmi.xml
-
-  # 清理缓存的缓存名称
-  clearNames: sysCache,userCache,corpCache,cmsCache,pageCachingFilter
-
-# Web 相关
-web:
-  
-  # MVC 视图相关
-  view:
-    
-    # 系统主题名称，主题视图优先级最高，如果主题下无这个视图文件则访问默认视图
-    # 引入页面头部：'/themes/'+themeName+'/include/header.html'
-    # 引入页面为不：'/themes/'+themeName+'/include/footer.html'
-    themeName: default
-
-  # 静态文件后缀，过滤静态文件，以提高访问性能。
-  staticFile: .css,.js,.map,.png,.jpg,.gif,.jpeg,.bmp,.ico,.swf,.psd,.htc,.crx,.xpi,.exe,.ipa,.apk,.otf,.eot,.svg,.ttf,.woff,.woff2
-  
-  # 静态文件后缀，排除的url路径，指定哪些uri路径不进行静态文件过滤。
-  staticFileExcludeUri: /druid/
-
-# 错误页面500.html是否输出错误信息（正式环境，为提供安全性可设置为false）
-error:
-  page:
-    printErrorInfo: true
-
-#============================#
-#=== FileUpload settings ====#
-#============================#
-
-file:
-
-  # 文件上传跟路径，设置路径中不允许包含“userfiles”，在指定目录中系统会自动创建userfiles目录，如果不设置默认为contextPath路径
-#  baseDir: D:/jeesite
-
-  # 上传文件的相对路径（支持：yyyy, MM, dd, HH, mm, ss, E）
-  uploadPath: '{yyyy}{MM}/'
-  
-  # 上传单个文件最大字节（500M），在这之上还有 > Tomcat限制 > Nginx限制，等。
-  maxFileSize: 500*1024*1024
-  
-  #设置允许上传的文件后缀
-  imageAllowSuffixes: .gif,.bmp,.jpeg,.jpg,.ico,.png,.tif,.tiff,
-  mediaAllowSuffixes: .flv,.swf,.mkv,webm,.mid,.mov,.mp3,.mp4,.m4v,.mpc,.mpeg,.mpg,.swf,.wav,.wma,.wmv,.avi,.rm,.rmi,.rmvb,.aiff,.asf,.ogg,.ogv,
-  fileAllowSuffixes: .doc,.docx,.rtf,.xls,.xlsx,.csv,.ppt,.pptx,.pdf,.vsd,.txt,.md,.xml,.rar,.zip,7z,.tar,.tgz,.jar,.gz,.gzip,.bz2,.cab,.iso,
-  
-  #允许上传的文件内容类型（图片、word、excel、ppt）防止修改后缀恶意上传文件（默认不启用验证）
-#  allowContentTypes: image/jpeg,image/gif,image/bmp,image/png,image/x-png,
-#    application/msword,application/vnd.openxmlformats-officedocument.wordprocessingml.document,
-#    application/vnd.ms-excel,application/vnd.openxmlformats-officedocument.spreadsheetml.sheet,
-#    application/vnd.ms-powerpoint,application/vnd.openxmlformats-officedocument.presentationml.presentation
-
-#============================#
-#===== Message settings =====#
-#============================#
-
-msg:
-
-  # 是否开启实时发送消息（保存消息后立即检查未读消息并发送），分布式部署下请单独配置消息发送服务，不建议开启此选项。
-  realtime:
-    # 是否开启
-    enabled: true
-    # 消息发送任务Bean名称
-    sendTaskBeanName: msgLocalSendTask
-
-  # 邮件发送参数
-  email:
-    fromAddress: jeesite_demo@163.com
-    fromPassword: jeesitedemo1234
-    fromHostName: smtp.163.com
-    sslOnConnect: false
-    sslSmtpPort: 994
-
-  # 短信网关
-  sms:
-    url: http://host:port/msg/sendSms
-    data: account=demo&pswd=demo&product=
-    suffix: 【JeeSite】
-
-  # 微信相关
-  weixin:
-    #微信应用ID
-    appid: ~
-    #微信应用密钥
-    secret: ~
-    # 微信服务器配置
-    server:
-      # 微信服务器配置Token
-      token: ~
-      # 微信服务器配置EncodingAESKey
-      aeskey: ~
-      # 微信服务器是否开启Debug模式，开启后发送未知消息时候会返回消息内容
-      debug: true
-    # 微信OAuth登录授权回调地址
-    oauth:
-      redirectUri: http://demo.jeesite.com/jeesite
-
-#============================#
-#===== Video settings =======#
-#============================#
-
-video:
-
-  # 视频格式转换  ffmpeg.exe 所放的路径
-  ffmpegFile: d:/tools/video/ffmpeg-4.9/bin/ffmpeg.exe
-#  ffmpegFile: d:/tools/video/libav-10.6-win64/bin/avconv.exe
-  
-  # 视频格式转换  mencoder.exe 所放的路径
-  mencoderFile: d:/tools/video/mencoder-4.9/mencoder.exe
-  
-  # 将mp4视频的元数据信息转到视频第一帧
-  qtFaststartFile: d:/tools/video/qt-faststart/qt-faststart.exe
-
-#============================#
-#===== Project settings =====#
-#============================#
-
+
+#============================#
+#===== Database sttings =====#
+#============================#
+
+# 数据库连接
+jdbc: 
+
+  # Oracle 数据库配置
+  type: oracle
+  driver: oracle.jdbc.driver.OracleDriver
+  url: jdbc:oracle:thin:@127.0.0.1:1521/orcl
+  username: jeesite
+  password: jeesite
+  testSql: SELECT 1 FROM DUAL
+  
+  # Mysql 数据库配置
+#  type: mysql
+#  driver: com.mysql.jdbc.Driver
+#  url: jdbc:mysql://127.0.0.1:3306/jeesite?useUnicode=true&characterEncoding=utf-8
+#  username: jeesite
+#  password: jeesite
+#  testSql: SELECT 1
+
+  # Sql Server 数据库配置
+#  type: mssql
+#  driver: net.sourceforge.jtds.jdbc.Driver
+#  url: jdbc:jtds:sqlserver://127.0.0.1:1433/jeesite
+#  username: jeesite
+#  password: jeesite
+#  testSql: SELECT 1
+  
+  # PostgreSql 数据库配置
+#  type: postgre
+#  driver: org.postgresql.Driver
+#  url: jdbc:postgresql://localhost:5432/jeesite
+#  username: jeesite
+#  password: jeesite
+#  testSql: SELECT 1
+
+  # 连接信息加密
+  encrypt:
+  
+    # 加密连接用户名
+    username: false
+    # 加密连接密码
+    password: true
+
+  # 数据库连接池配置
+  pool:
+  
+    # 初始化连接数
+    init: 1
+    # 最小连接数
+    minIdle: 3
+    # 最大连接数
+    maxActive: 20
+
+  # 表名前缀
+  tablePrefix: js_
+
+#  # 多数数据源名称列表，调用方式：DataSourceHolder.setDataSourceName("ds2")
+#  dataSourceNames: ds2
+#  
+#  # 多数据源配置：ds2
+#  ds2:
+#    type: oracle
+#    driver: oracle.jdbc.driver.OracleDriver
+#    url: jdbc:oracle:thin:@127.0.0.1:1521/orcl
+#    username: jeesite
+#    password: jeesite
+#    encryptUsername: false
+#    encryptPassword: true
+#    pool:
+#      init: 1
+#      minIdle: 3
+#      maxActive: 20
+
+# Redis 配置
+redis: 
+
+  # Redis 连接参数
+  host: 127.0.0.1
+  port: 6379
+  password: 1234
+  database: 0
+  
+  # 定义Key的前缀标识
+  keyPrefix: jeesite
+  
+  # Redis 连接池配置
+  pool:
+    maxIdle: 3
+    maxTotal: 20
+
+# Mapper文件刷新线程
+mapperRefresh:
+
+  enabled: true
+  delaySeconds: 60
+  sleepSeconds: 3
+  mappingPath: mappings
+
+#============================#
+#===== System settings ======#
+#============================#
+
+#产品信息设置
+productName: JeeSite Demo
+productVersion: V4.0
+copyrightYear: 2018
+companyName: ThinkGem
+
+#是否演示模式
+demoMode: false
+
+#管理基础路径
+adminPath: /a
+
+#前端基础路径
+frontPath: /f
+
+#索引页路径
+defaultPath: ${adminPath}/login
+
+# 用户相关参数
+user:
+
+  # 指定超级管理员编号（实施人员，开发团队使用的用户）
+  superAdminCode: thinkgem
+
+  # 超级管理员获取菜单的最小权重（默认20；>=40二级管理员；>=60系统管理员；>=80超级管理员）
+  superAdminGetMenuMinWeight: 40
+
+  # 系统管理员角色编号（客户方使用的角色，客户方管理员）
+  corpAdminRoleCode: corpAdmin
+
+  # 用户类型配置信息（employee员工，member会员，btype往来单位，persion个人，expert专家，...）
+  # JSON格式说明：{"用户类型":{"dao":"Dao的Bean名称","loginView":"登录视图","indexView":"主页框架面视图"}}
+  userTypeMap: >
+    {
+      "employee":{"dao":"employeeDao","loginView":"","indexView":""},
+      "member":{"dao":"memberDao","loginView":"","indexView":"modules/sys/sysIndexMember"},
+      "btype":{"dao":"btypeInfoDao","loginView":"","indexView":"modules/sys/sysIndexBtype"},
+      "persion":{"dao":"persionDao","loginView":"","indexView":"modules/sys/sysIndexPersion"},
+      "expert":{"dao":"expertDao","loginView":"","indexView":"modules/sys/sysIndexExpert"}
+    }
+
+  # 数据权限设置参数，可新增自定义数据权限，moduleCode: 针对模块, ctrlPermi: 权限类型, 0全部  1拥有权限  2管理权限
+  dataScopes: >
+    [{
+      moduleCode: "core",
+      ctrlPermi: "0",
+      ctrlName: "部门权限",
+      ctrlType: "Office",
+      ctrlDataUrl: "/sys/office/treeData",
+      chkboxType: {"Y":"ps","N":"ps"},
+      remarks: ""
+    },{
+      moduleCode: "core",
+      ctrlName: "公司权限",
+      ctrlType: "Company",
+      ctrlPermi: "0",
+      ctrlDataUrl: "/sys/company/treeData",
+      chkboxType: {"Y":"ps","N":"ps"},
+      remarks: ""
+    },{
+      moduleCode: "core",
+      ctrlName: "角色权限",
+      ctrlType: "Role",
+      ctrlPermi: "2",
+      ctrlDataUrl: "/sys/role/treeData",
+      chkboxType: {"Y":"ps","N":"ps"},
+      remarks: ""
+    }]
+
+  # 集团模式（多公司、多租户、SAAS模式）
+  useCorpModel: false
+
+# 分页配置
+page:
+
+  # 分页默认大小
+  pageSize: 20
+
+# 任务调度
+job:
+
+  # 是否自动启动任务调度（集群情况下开启一个服务）
+  autoStartup: true
+
+  # 任务调度启动延迟设置（单位：秒）（建议设置项目启动完成后的时间）
+  startupDelay: 60
+
+# 内容管理
+cms:
+
+  # 内容管理主站点编码
+  mainSiteCode: main
+
+#============================#
+#==== Framework settings ====#
+#============================#
+
+# Shiro 相关配置
+shiro:
+
+  # 登录相关设置
+  loginUrl: ${adminPath}/login
+  logoutUrl: ${shiro.loginUrl}
+  successUrl: ${adminPath}/index
+
+  # CAS 相关配置
+  casServerUrl: http://192.168.1.3:8080/cas
+  casClientUrl: http://192.168.1.3:8180/jeesite
+#  loginUrl: ${shiro.casServerUrl}?service=${shiro.casClientUrl}${adminPath}/login-cas
+#  logoutUrl: ${shiro.casServerUrl}/logout?service=${shiro.loginUrl}
+#  successUrl: ${shiro.casClientUrl}
+
+  # SSO 登录相关配置
+  sso:
+  
+    # 如果启用/sso/{username}/{token}单点登录，请修改此安全key并与单点登录系统key一致。
+    secretKey: abc
+
+    # 是否加密单点登录安全Key
+    encryptKey: true
+
+  # 登录提交信息加密
+  loginSubmit:
+    
+    # 登录提交信息安全Key，加密用户名、密码、验证码，后再提交（key设置为3个，用逗号分隔）
+    secretKey: thinkgem,jeesite,com
+
+  # 是否允许账号多地登录，如果设置为false，同一个设备类型的其它地点登录的相同账号被踢下线
+  isAllowMultiAddrLogin: true
+  
+  # 是否允许刷新主框架页，如果设置为false，刷新主页将导致重新登录。如安全性比较高的，如银行个人首页不允许刷新。
+  isAllowRefreshIndex: true
+  
+  # 是否允许嵌入到外部网站iframe中（true：不限制，false：不允许）
+  isAllowExternalSiteIframe: true
+  
+  # 是否允许跨域访问，如果允许，设置允许的域名，全部域名设置*号，如果不允许，此设置应该为空
+#  accessControlAllowOrigin: http://demo.jeesite.com
+#  accessControlAllowOrigin: '*'
+  
+  # URI 权限过滤器定义
+  filterChainDefinitions: |
+    /ReportServer/** = user
+    ${adminPath}/** = user
+  
+#  filterChainDefinitions: |
+#    /ReportServer/** = user
+#    ${adminPath}/file/** = anon
+#    ${adminPath}/cms/* = anon
+#    ${adminPath}/cms/site/select = anon
+#    ${adminPath}/cms/site/* = anon
+#    ${adminPath}/cms/category/treeData = anon
+#    ${adminPath}/cms/category/* = anon
+#    ${adminPath}/cms/article/* = anon
+#    ${adminPath}/cms/link/* = anon
+#    ${adminPath}/** = user
+  
+  # 默认的授权过滤定义，如果在filterChainDefinitions中已经定义，则该定义会被覆盖。
+  defaultFilterChainDefinitions: |
+    /static/** = anon
+    /userfiles/** = anon
+    /druid/** = perms[state:druid]
+    ${adminPath}/login-cas = cas
+    ${adminPath}/login = authc
+    ${adminPath}/logout = logout
+    ${adminPath}/file/** = user
+    ${adminPath}/cms/* = perms[cms:view]
+    ${adminPath}/cms/site/select = user
+    ${adminPath}/cms/site/* = perms[cms:site:view]
+    ${adminPath}/cms/category/treeData = user
+    ${adminPath}/cms/category/* = perms[cms:category:view]
+    ${adminPath}/cms/article/* = perms[cms:article:view]
+    ${adminPath}/cms/link/* = perms[cms:link:view]
+  
+# Session 相关
+session:
+
+  #全局会话超时，单位：毫秒， 20m=1200000ms, 30m=1800000ms, 60m=3600000ms, 12h=43200000ms, 1day=86400000ms
+  sessionTimeout: 1800000
+  
+  #手机APP设备会话超时参数设置，登录请求参数加 param_deviceType=mobileApp 时有效
+  mobileAppSessionTimeout: 43200000
+  
+  #定时清理失效会话，清理用户直接关闭浏览器造成的孤立会话
+  sessionTimeoutClean: 1200000
+  
+  #会话唯一标识SessionId在Cookie中的名称。
+  sessionIdCookieName: jeesite.session.id
+  
+  #共享的SessionId的Cookie名称，保存到跟路径下，第三方应用获取。同一域名下多个项目时需设置共享Cookie的名称。
+  shareSessionIdCookieName: jeesite.session.id
+
+# MyBatis 相关
+mybatis:
+
+  # 扫描基础包设置（Aliases、@MyBatisDao），如果多个，用“,”分隔
+  scanBasePackage: com.jeesite.modules
+  
+# 缓存设置
+ehcache:
+
+  # 缓存配置文件路径
+  configFile: cache/ehcache-local.xml
+#  configFile: cache/ehcache-rmi.xml
+
+  # 清理缓存的缓存名称
+  clearNames: sysCache,userCache,corpCache,cmsCache,pageCachingFilter
+
+# Web 相关
+web:
+  
+  # MVC 视图相关
+  view:
+    
+    # 系统主题名称，主题视图优先级最高，如果主题下无这个视图文件则访问默认视图
+    # 引入页面头部：'/themes/'+themeName+'/include/header.html'
+    # 引入页面为不：'/themes/'+themeName+'/include/footer.html'
+    themeName: default
+
+  # 静态文件后缀，过滤静态文件，以提高访问性能。
+  staticFile: .css,.js,.map,.png,.jpg,.gif,.jpeg,.bmp,.ico,.swf,.psd,.htc,.crx,.xpi,.exe,.ipa,.apk,.otf,.eot,.svg,.ttf,.woff,.woff2
+  
+  # 静态文件后缀，排除的url路径，指定哪些uri路径不进行静态文件过滤。
+  staticFileExcludeUri: /druid/
+
+# 错误页面500.html是否输出错误信息（正式环境，为提供安全性可设置为false）
+error:
+  page:
+    printErrorInfo: true
+
+#============================#
+#=== FileUpload settings ====#
+#============================#
+
+file:
+
+  # 文件上传跟路径，设置路径中不允许包含“userfiles”，在指定目录中系统会自动创建userfiles目录，如果不设置默认为contextPath路径
+#  baseDir: D:/jeesite
+
+  # 上传文件的相对路径（支持：yyyy, MM, dd, HH, mm, ss, E）
+  uploadPath: '{yyyy}{MM}/'
+  
+  # 上传单个文件最大字节（500M），在这之上还有 > Tomcat限制 > Nginx限制，等。
+  maxFileSize: 500*1024*1024
+  
+  #设置允许上传的文件后缀
+  imageAllowSuffixes: .gif,.bmp,.jpeg,.jpg,.ico,.png,.tif,.tiff,
+  mediaAllowSuffixes: .flv,.swf,.mkv,webm,.mid,.mov,.mp3,.mp4,.m4v,.mpc,.mpeg,.mpg,.swf,.wav,.wma,.wmv,.avi,.rm,.rmi,.rmvb,.aiff,.asf,.ogg,.ogv,
+  fileAllowSuffixes: .doc,.docx,.rtf,.xls,.xlsx,.csv,.ppt,.pptx,.pdf,.vsd,.txt,.md,.xml,.rar,.zip,7z,.tar,.tgz,.jar,.gz,.gzip,.bz2,.cab,.iso,
+  
+  #允许上传的文件内容类型（图片、word、excel、ppt）防止修改后缀恶意上传文件（默认不启用验证）
+#  allowContentTypes: image/jpeg,image/gif,image/bmp,image/png,image/x-png,
+#    application/msword,application/vnd.openxmlformats-officedocument.wordprocessingml.document,
+#    application/vnd.ms-excel,application/vnd.openxmlformats-officedocument.spreadsheetml.sheet,
+#    application/vnd.ms-powerpoint,application/vnd.openxmlformats-officedocument.presentationml.presentation
+
+#============================#
+#===== Message settings =====#
+#============================#
+
+msg:
+
+  # 是否开启实时发送消息（保存消息后立即检查未读消息并发送），分布式部署下请单独配置消息发送服务，不建议开启此选项。
+  realtime:
+    # 是否开启
+    enabled: true
+    # 消息发送任务Bean名称
+    sendTaskBeanName: msgLocalSendTask
+
+  # 邮件发送参数
+  email:
+    fromAddress: jeesite_demo@163.com
+    fromPassword: jeesitedemo1234
+    fromHostName: smtp.163.com
+    sslOnConnect: false
+    sslSmtpPort: 994
+
+  # 短信网关
+  sms:
+    url: http://host:port/msg/sendSms
+    data: account=demo&pswd=demo&product=
+    suffix: 【JeeSite】
+
+  # 微信相关
+  weixin:
+    #微信应用ID
+    appid: ~
+    #微信应用密钥
+    secret: ~
+    # 微信服务器配置
+    server:
+      # 微信服务器配置Token
+      token: ~
+      # 微信服务器配置EncodingAESKey
+      aeskey: ~
+      # 微信服务器是否开启Debug模式，开启后发送未知消息时候会返回消息内容
+      debug: true
+    # 微信OAuth登录授权回调地址
+    oauth:
+      redirectUri: http://demo.jeesite.com/jeesite
+
+#============================#
+#===== Video settings =======#
+#============================#
+
+video:
+
+  # 视频格式转换  ffmpeg.exe 所放的路径
+  ffmpegFile: d:/tools/video/ffmpeg-4.9/bin/ffmpeg.exe
+#  ffmpegFile: d:/tools/video/libav-10.6-win64/bin/avconv.exe
+  
+  # 视频格式转换  mencoder.exe 所放的路径
+  mencoderFile: d:/tools/video/mencoder-4.9/mencoder.exe
+  
+  # 将mp4视频的元数据信息转到视频第一帧
+  qtFaststartFile: d:/tools/video/qt-faststart/qt-faststart.exe
+
+#============================#
+#===== Project settings =====#
+#============================#
+
diff --git a/modules/core/src/main/resources/logger-core.xml b/modules/core/src/main/resources/logger-core.xml
index b030732f..ee73705b 100644
--- a/modules/core/src/main/resources/logger-core.xml
+++ b/modules/core/src/main/resources/logger-core.xml
@@ -5,6 +5,7 @@
 <!-- 	<logger name="org.springframework.jdbc" level="DEBUG" /> -->
 	<logger name="org.mybatis.spring.transaction" level="DEBUG" />
 	<logger name="org.apache.catalina.webresources.Cache" level="ERROR" />
+	<logger name="org.springframework.boot.context.embedded" level="INFO" />
 	
 	<logger name="com.jeesite" level="DEBUG" />
 	<logger name="com.jeesite.common.i18n" level="INFO" />
diff --git a/modules/core/src/main/resources/spring/spring-context-shiro.xml b/modules/core/src/main/resources/spring/spring-context-shiro.xml
index 79aa6e6a..e0c2fcdf 100644
--- a/modules/core/src/main/resources/spring/spring-context-shiro.xml
+++ b/modules/core/src/main/resources/spring/spring-context-shiro.xml
@@ -1,118 +1,121 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="
-		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
-		http://www.springframework.org/schema/context  http://www.springframework.org/schema/context/spring-context-4.1.xsd"
-	default-lazy-init="true">
-
-	<description>Shiro Configuration</description>
-	
-	<!-- Shiro权限过滤过滤器定义 -->
-	<bean id="shiroFilterChainDefinitionMap" class="com.jeesite.common.shiro.config.FilterChainDefinitionMap">
-	    
-	    <!-- 默认的授权过滤定义，如果在filterChainDefinitions中已经定义，则该定义会被覆盖。-->
-	    <property name="defaultFilterChainDefinitions" value="${shiro.defaultFilterChainDefinitions}"/>
-	    
-	    <!-- 自定义的授权过滤器 -->
-		<property name="filterChainDefinitions" value="${shiro.filterChainDefinitions}"/>
-		
-	</bean>
-
-	<!-- Shiro安全认证过滤器 -->
-	<bean id="shiroFilter" class="com.jeesite.common.shiro.sso.ShiroFilterFactoryBean">
-		<property name="securityManager" ref="securityManager" />
-		<property name="loginUrl" value="${shiro.loginUrl}" />
-		<property name="successUrl" value="${shiro.successUrl}" />
-		<property name="filters">
-            <map>
-                <entry key="cas" value-ref="shiroCasFilter" />
-                <entry key="authc" value-ref="shiroAuthcFilter" />
-                <entry key="logout" value-ref="shiroLogoutFilter"/>
-                <entry key="perms" value-ref="shiroPermsFilter"/>
-                <entry key="roles" value-ref="shiroRolesFilter"/>
-                <entry key="user" value-ref="shiroUserFilter"/>
-            </map>
-        </property>
-		<property name="filterChainDefinitionMap" ref="shiroFilterChainDefinitionMap"/>
-	</bean>
-	
-	<!-- CAS登录过滤器 -->
-	<bean id="shiroCasFilter" class="com.jeesite.common.shiro.filter.CasAuthenticationFilter">
-		<property name="authorizingRealm" ref="authorizingRealm"/>
-	</bean>
-	
-	<!-- Form登录过滤器 -->
-	<bean id="shiroAuthcFilter" class="com.jeesite.common.shiro.filter.FormAuthenticationFilter">
-		<property name="authorizingRealm" ref="authorizingRealm"/>
-	</bean>
-	
-	<!-- 登出过滤器 -->
-	<bean id="shiroLogoutFilter" class="com.jeesite.common.shiro.filter.LogoutFilter"/>
-	
-	<!-- 权限字符串过滤器 -->
-	<bean id="shiroPermsFilter" class="com.jeesite.common.shiro.filter.PermissionsAuthorizationFilter"/>
-	
-	<!-- 角色权限过滤器 -->
-	<bean id="shiroRolesFilter" class="com.jeesite.common.shiro.filter.RolesAuthorizationFilter"/>
-	
-	<!-- 用户权限过滤器 -->
-	<bean id="shiroUserFilter" class="com.jeesite.common.shiro.filter.UserFilter"/>
-	
-	<!-- 单点登录信息句柄，单点退出用 -->
-	<bean id="singleSignOutHandler" class="com.jeesite.common.shiro.sso.SingleSignOutHandler"/>
-		
-	<!-- 系统安全认证实现类 -->
-	<bean id="authorizingRealm" class="com.jeesite.common.shiro.realm.AuthorizingRealm">
-        <property name="cachingEnabled" value="false"/>
-        <property name="sessionDAO" ref="sessionDAO"/>
-        <property name="userService" ref="userService"/>
-        <property name="empUserService" ref="empUserService"/> 
-        <property name="singleSignOutHandler" ref="singleSignOutHandler"/> 
-        <property name="casServerUrl" value="${shiro.casServerUrl}"/>
-        <property name="casServerCallbackUrl" value="${shiro.casClientUrl}${adminPath}/login-cas"/>
-    </bean>
-    
-	<!-- 定义Shiro安全管理配置 -->
-	<bean id="securityManager" class="com.jeesite.common.shiro.mgt.WebSecurityManager">
-		<property name="realm" ref="authorizingRealm" />
-		<property name="sessionManager" ref="sessionManager" />
-		<!-- shiroCacheManager 在spring-context.xml中定义 -->
-		<property name="cacheManager" ref="shiroCacheManager" />
-		<!-- 设置支持CAS的subjectFactory -->
-		<property name="subjectFactory">
-			<bean class="org.apache.shiro.cas.CasSubjectFactory"/>
-		</property>
-	</bean>
-	
-	<!-- 自定义会话管理配置 -->
-	<bean id="sessionManager" class="com.jeesite.common.shiro.session.SessionManager"> 
-		<!-- sessionDAO 在spring-context.xml中定义 -->
-		<property name="sessionDAO" ref="sessionDAO"/> 
-		
-		<!-- 会话超时时间，单位：毫秒  -->
-		<property name="globalSessionTimeout" value="${session.sessionTimeout}"/>
-		
-		<!-- 定时清理失效会话, 清理用户直接关闭浏览器造成的孤立会话   -->
-		<property name="sessionValidationInterval" value="${session.sessionTimeoutClean}"/>
- 		<property name="sessionValidationSchedulerEnabled" value="true"/>
- 		
-		<property name="sessionIdCookie" ref="sessionIdCookie"/>
-		<property name="sessionIdCookieEnabled" value="true"/>
-	</bean>
-	
-	<!-- 指定本系统SESSIONID, 默认为: JSESSIONID 问题: 与SERVLET容器名冲突, 如JETTY, TOMCAT 等默认JSESSIONID,
-		当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失! -->
-	<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
-	    <constructor-arg name="name" value="${session.sessionIdCookieName}"/>
-	</bean>
-	
-	<!-- 支持Shiro对Controller的方法级AOP安全控制 -->
-	<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
-    	<property name="securityManager" ref="securityManager"/>
-	</bean>
-	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
-	<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
-		<property name="proxyTargetClass" value="true" />
-	</bean>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
+		http://www.springframework.org/schema/context  http://www.springframework.org/schema/context/spring-context-4.1.xsd"
+	default-lazy-init="true">
+
+	<description>Shiro Configuration</description>
+	
+	<!-- Shiro权限过滤过滤器定义 -->
+	<bean id="shiroFilterChainDefinitionMap" class="com.jeesite.common.shiro.config.FilterChainDefinitionMap">
+	    
+	    <!-- 默认的授权过滤定义，如果在filterChainDefinitions中已经定义，则该定义会被覆盖。-->
+	    <property name="defaultFilterChainDefinitions" value="${shiro.defaultFilterChainDefinitions}"/>
+	    
+	    <!-- 自定义的授权过滤器 -->
+		<property name="filterChainDefinitions" value="${shiro.filterChainDefinitions}"/>
+		
+	</bean>
+
+	<!-- Shiro安全认证过滤器 -->
+	<bean id="shiroFilter" class="com.jeesite.common.shiro.web.ShiroFilterFactoryBean">
+		<property name="securityManager" ref="securityManager" />
+		<property name="loginUrl" value="${shiro.loginUrl}" />
+		<property name="successUrl" value="${shiro.successUrl}" />
+		<property name="filters">
+            <map>
+                <entry key="cas" value-ref="shiroCasFilter" />
+                <entry key="authc" value-ref="shiroAuthcFilter" />
+                <entry key="logout" value-ref="shiroLogoutFilter"/>
+                <entry key="perms" value-ref="shiroPermsFilter"/>
+                <entry key="roles" value-ref="shiroRolesFilter"/>
+                <entry key="user" value-ref="shiroUserFilter"/>
+            </map>
+        </property>
+		<property name="filterChainDefinitionMap" ref="shiroFilterChainDefinitionMap"/>
+	</bean>
+	
+	<!-- CAS登录过滤器 -->
+	<bean id="shiroCasFilter" class="com.jeesite.common.shiro.filter.CasAuthenticationFilter">
+		<property name="authorizingRealm" ref="authorizingRealm"/>
+	</bean>
+	
+	<!-- Form登录过滤器 -->
+	<bean id="shiroAuthcFilter" class="com.jeesite.common.shiro.filter.FormAuthenticationFilter">
+		<property name="authorizingRealm" ref="authorizingRealm"/>
+	</bean>
+	
+	<!-- 登出过滤器 -->
+	<bean id="shiroLogoutFilter" class="com.jeesite.common.shiro.filter.LogoutFilter"/>
+	
+	<!-- 权限字符串过滤器 -->
+	<bean id="shiroPermsFilter" class="com.jeesite.common.shiro.filter.PermissionsAuthorizationFilter"/>
+	
+	<!-- 角色权限过滤器 -->
+	<bean id="shiroRolesFilter" class="com.jeesite.common.shiro.filter.RolesAuthorizationFilter"/>
+	
+	<!-- 用户权限过滤器 -->
+	<bean id="shiroUserFilter" class="com.jeesite.common.shiro.filter.UserFilter"/>
+	
+	<!-- 单点登录信息句柄，单点退出用 -->
+	<bean id="casOutHandler" class="com.jeesite.common.shiro.cas.CasOutHandler"/>
+		
+	<!-- 系统安全认证实现类 -->
+	<bean id="authorizingRealm" class="com.jeesite.common.shiro.realm.AuthorizingRealm">
+        <property name="cachingEnabled" value="false"/>
+        <property name="sessionDAO" ref="sessionDAO"/>
+        <property name="userService" ref="userService"/>
+        <property name="empUserService" ref="empUserService"/> 
+        <property name="casOutHandler" ref="casOutHandler"/> 
+        <property name="casServerUrl" value="${shiro.casServerUrl}"/>
+        <property name="casServerCallbackUrl" value="${shiro.casClientUrl}${adminPath}/login-cas"/>
+    </bean>
+    
+	<!-- 定义Shiro安全管理配置 -->
+	<bean id="securityManager" class="com.jeesite.common.shiro.web.WebSecurityManager">
+		<property name="realm" ref="authorizingRealm" />
+		<property name="sessionManager" ref="sessionManager" />
+		<!-- shiroCacheManager 在spring-context.xml中定义 -->
+		<property name="cacheManager" ref="shiroCacheManager" />
+		<!-- 设置支持CAS的subjectFactory -->
+		<property name="subjectFactory">
+			<bean class="org.apache.shiro.cas.CasSubjectFactory"/>
+		</property>
+	</bean>
+	
+	<!-- 自定义会话管理配置 -->
+	<bean id="sessionManager" class="com.jeesite.common.shiro.session.SessionManager"> 
+		<!-- sessionDAO 在spring-context.xml中定义 -->
+		<property name="sessionDAO" ref="sessionDAO"/> 
+		
+		<!-- 从URL中去掉JSESSIONID串 -->
+		<property name="sessionIdUrlRewritingEnabled" value="false" /> 
+		
+		<!-- 会话超时时间，单位：毫秒  -->
+		<property name="globalSessionTimeout" value="${session.sessionTimeout}"/>
+		
+		<!-- 定时清理失效会话, 清理用户直接关闭浏览器造成的孤立会话   -->
+		<property name="sessionValidationInterval" value="${session.sessionTimeoutClean}"/>
+ 		<property name="sessionValidationSchedulerEnabled" value="true"/>
+ 		
+		<property name="sessionIdCookie" ref="sessionIdCookie"/>
+		<property name="sessionIdCookieEnabled" value="true"/>
+	</bean>
+	
+	<!-- 指定本系统SESSIONID, 默认为: JSESSIONID 问题: 与SERVLET容器名冲突, 如JETTY, TOMCAT 等默认JSESSIONID,
+		当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失! -->
+	<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
+	    <constructor-arg name="name" value="${session.sessionIdCookieName}"/>
+	</bean>
+	
+	<!-- 支持Shiro对Controller的方法级AOP安全控制 -->
+	<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
+    	<property name="securityManager" ref="securityManager"/>
+	</bean>
+	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
+	<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
+		<property name="proxyTargetClass" value="true" />
+	</bean>
+	
 </beans>
\ No newline at end of file
diff --git a/modules/core/src/main/resources/spring/spring-mvc-core.xml b/modules/core/src/main/resources/spring/spring-mvc-core.xml
index 46b8a3ad..7806c9dc 100644
--- a/modules/core/src/main/resources/spring/spring-mvc-core.xml
+++ b/modules/core/src/main/resources/spring/spring-mvc-core.xml
@@ -1,116 +1,113 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
-		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd
-		http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd">
-    
-    <description>Spring MVC Configuration</description>
-    
-    <!-- 加载配置属性文件（谁先加载，谁优先级越高，jeesite.yml的优先级高于jeesite-core.yml）-->
-	<bean id="yamlProperties" class="org.springframework.beans.factory.config.YamlPropertiesFactoryBean">
-		<property name="resources">
-			<array><value>classpath:jeesite-core.yml</value>
-			<value>classpath:jeesite.yml</value></array>
-		</property>
-	</bean>
-	<context:property-placeholder properties-ref="yamlProperties" ignore-unresolvable="true"/>
-	
-	<!-- 默认的注解映射的支持，org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping -->
-	<mvc:annotation-driven content-negotiation-manager="contentNegotiationManager" validator="beanValidator">
-		<mvc:message-converters register-defaults="true">
-			<!-- 将StringHttpMessageConverter的默认编码设为UTF-8 -->
-			<bean class="org.springframework.http.converter.StringHttpMessageConverter">
-		    	<constructor-arg value="UTF-8" />
-			</bean>
-			<!-- 将Jackson2HttpMessageConverter的默认格式化输出为false -->
-			<bean class="com.jeesite.common.web.converter.JsonHttpMessageConverter">
-                <property name="prettyPrint" value="false"/>
-            </bean>
-			<!-- 将Jackson2XmlHttpMessageConverter的默认格式化输出为false -->
-			<bean class="com.jeesite.common.web.converter.XmlHttpMessageConverter">
-                <property name="prettyPrint" value="false"/>
-            </bean>
-		</mvc:message-converters>
-	</mvc:annotation-driven>
-	
-    <!-- REST中根据URL后缀自动判定Content-Type及相应的View -->
-	<bean id="contentNegotiationManager" class="org.springframework.web.accept.ContentNegotiationManagerFactoryBean">
-	    <property name="mediaTypes" >
-	        <value>
-				json=application/json
-				xml=application/xml
-			</value>
-	    </property>
-        <property name="ignoreAcceptHeader" value="true"/><!-- 忽略accept-header匹配，不加后缀使用默认配置 -->
-        <property name="favorPathExtension" value="true"/><!-- .json、.xml后缀匹配 -->
-        <property name="favorParameter" value="false"/><!-- format参数名匹配 -->
-	</bean>
-	
-	<!-- 定义视图文件解析 -->
-	<mvc:view-resolvers>
-		<!-- Beetl主题视图解析器（order越小优先级越高） -->
-		<bean name="viewResolverBeetlThemes" class="com.jeesite.common.beetl.view.BeetlViewResolver">
-			<property name="prefix" value="/themes/${web.view.themeName}/"/>
-			<property name="suffix" value=".html" />
-			<property name="order" value="1000" />
-		</bean>
-		<!-- Beetl默认视图文件解析（order越小优先级越高） -->
-		<bean name="viewResolverBeetlDefault" class="com.jeesite.common.beetl.view.BeetlViewResolver">
-			<property name="prefix" value="/"/>
-			<property name="suffix" value=".html" />
-			<property name="order" value="2000" />
-		</bean>
-		<!-- JSP主题视图文件解析（order越小优先级越高） -->
-		<bean id="viewResolverJspThemes" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
-			<property name="viewClass" value="com.jeesite.common.web.view.JstlView" />
-			<property name="prefix" value="/WEB-INF/views/themes/${web.view.themeName}/"/>
-			<property name="suffix" value=".jsp"/>
-			<property name="order" value="10000"/>
-		</bean>
-		<!-- JSP视图文件解析 （order越小优先级越高）-->
-		<bean id="viewResolverJspDefault" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
-			<property name="viewClass" value="com.jeesite.common.web.view.JstlView" />
-			<property name="prefix" value="/WEB-INF/views/"/>
-			<property name="suffix" value=".jsp"/>
-			<property name="order" value="20000"/>
-		</bean>
-		<!-- 默认视图定义，根据后缀渲染 -->
-		<mvc:content-negotiation>
-			<mvc:default-views>
-				<bean class="com.jeesite.common.web.view.JsonView">
-	                <property name="prettyPrint" value="false"/>
-	            </bean>
-				<bean class="com.jeesite.common.web.view.XmlView">
-	                <property name="prettyPrint" value="false"/>
-	            </bean>
-			</mvc:default-views>
-		</mvc:content-negotiation>
-	</mvc:view-resolvers>
-	
-	<!-- 直接访问项目名称跳转到默认地址 -->
-	<mvc:view-controller path="/" view-name="redirect:${defaultPath}"/>
-    
-    <!-- 静态资源映射，可读取classes下、jar包里的静态文件 -->
-    <mvc:resources mapping="/static/**" location="/static/,classpath:/static/" cache-period="31536000"/>
-	
-	<!-- 对静态资源文件的访问， 将无法mapping到Controller的path交给default servlet handler处理 -->
-	<mvc:default-servlet-handler/>
-	
-	<!-- 异常拦截，处理异常信息，其它异常拦截见BaseController里的@ExceptionHandler注解 -->
-	<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
-		<property name="exceptionMappings">
-			<props>
-				<prop key="org.apache.shiro.authz.UnauthenticatedException">error/403</prop>
-				<prop key="org.apache.shiro.authz.UnauthorizedException">error/403</prop>
-				<prop key="java.lang.Throwable">error/500</prop>
-			</props>
-		</property>
-	</bean>
-	
-	<!-- Spring MVC上传文件  MultipartFile 拦截，设置字符集 -->  
-	<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">  
-		<property name="defaultEncoding" value="UTF-8" />  
-	</bean>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd
+		http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd">
+    
+    <description>Spring MVC Configuration</description>
+    
+    <!-- 加载配置属性文件（谁先加载，谁优先级越高，jeesite.yml的优先级高于jeesite-core.yml）-->
+	<bean id="yamlProperties" class="org.springframework.beans.factory.config.YamlPropertiesFactoryBean">
+		<property name="resources">
+			<array><value>classpath:jeesite-core.yml</value>
+			<value>classpath:jeesite.yml</value></array>
+		</property>
+	</bean>
+	<context:property-placeholder properties-ref="yamlProperties" ignore-unresolvable="true"/>
+	
+	<!-- 默认的注解映射的支持，org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping -->
+	<mvc:annotation-driven content-negotiation-manager="contentNegotiationManager" validator="beanValidator">
+		<mvc:message-converters register-defaults="true">
+			<!-- 将StringHttpMessageConverter的默认编码设为UTF-8 -->
+			<bean class="org.springframework.http.converter.StringHttpMessageConverter">
+		    	<constructor-arg value="UTF-8" />
+			</bean>
+			<!-- 将Jackson2HttpMessageConverter的默认格式化输出为false -->
+			<bean class="com.jeesite.common.web.converter.JsonHttpMessageConverter">
+                <property name="prettyPrint" value="false"/>
+            </bean>
+			<!-- 将Jackson2XmlHttpMessageConverter的默认格式化输出为false -->
+			<bean class="com.jeesite.common.web.converter.XmlHttpMessageConverter">
+                <property name="prettyPrint" value="false"/>
+            </bean>
+		</mvc:message-converters>
+	</mvc:annotation-driven>
+	
+    <!-- REST中根据MediaType自动判定Content-Type及相应的View -->
+	<bean id="contentNegotiationManager" class="org.springframework.web.accept.ContentNegotiationManagerFactoryBean">
+	    <property name="mediaTypes" >
+	        <value>
+				json=application/json
+				xml=application/xml
+			</value>
+	    </property>
+        <property name="ignoreAcceptHeader" value="true"/><!-- 忽略accept-header匹配，不加后缀使用默认配置 -->
+        <property name="favorPathExtension" value="true"/><!-- .json、.xml后缀匹配 -->
+        <property name="favorParameter" value="false"/><!-- format参数名匹配 -->
+	</bean>
+	
+	<!-- 定义视图文件解析 -->
+	<mvc:view-resolvers>
+		<!-- Beetl主题视图解析器（order越小优先级越高） -->
+		<bean name="viewResolverBeetlThemes" class="com.jeesite.common.beetl.view.BeetlViewResolver">
+			<property name="prefix" value="/themes/${web.view.themeName}/"/>
+			<property name="suffix" value=".html" />
+			<property name="order" value="1000" />
+		</bean>
+		<!-- Beetl默认视图文件解析（order越小优先级越高） -->
+		<bean name="viewResolverBeetlDefault" class="com.jeesite.common.beetl.view.BeetlViewResolver">
+			<property name="prefix" value="/"/>
+			<property name="suffix" value=".html" />
+			<property name="order" value="2000" />
+		</bean>
+		<!-- JSP主题视图文件解析（order越小优先级越高） -->
+		<bean id="viewResolverJspThemes" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
+			<property name="viewClass" value="com.jeesite.common.web.view.JstlView" />
+			<property name="prefix" value="/WEB-INF/views/themes/${web.view.themeName}/"/>
+			<property name="suffix" value=".jsp"/>
+			<property name="order" value="10000"/>
+		</bean>
+		<!-- JSP视图文件解析 （order越小优先级越高）-->
+		<bean id="viewResolverJspDefault" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
+			<property name="viewClass" value="com.jeesite.common.web.view.JstlView" />
+			<property name="prefix" value="/WEB-INF/views/"/>
+			<property name="suffix" value=".jsp"/>
+			<property name="order" value="20000"/>
+		</bean>
+		<!-- 默认视图定义，根据后缀渲染 -->
+		<mvc:content-negotiation>
+			<mvc:default-views>
+				<bean class="com.jeesite.common.web.view.JsonView">
+	                <property name="prettyPrint" value="false"/>
+	            </bean>
+				<bean class="com.jeesite.common.web.view.XmlView">
+	                <property name="prettyPrint" value="false"/>
+	            </bean>
+			</mvc:default-views>
+		</mvc:content-negotiation>
+	</mvc:view-resolvers>
+	
+    <!-- 静态资源映射，可读取classes下、jar包里的静态文件 -->
+    <mvc:resources mapping="/static/**" location="/static/,classpath:/static/" cache-period="31536000"/>
+	
+	<!-- 对静态资源文件的访问， 将无法mapping到Controller的path交给default servlet handler处理 -->
+	<mvc:default-servlet-handler/>
+	
+	<!-- 异常拦截，处理异常信息，其它异常拦截见BaseController里的@ExceptionHandler注解 -->
+	<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
+		<property name="exceptionMappings">
+			<props>
+				<prop key="org.apache.shiro.authz.UnauthenticatedException">error/403</prop>
+				<prop key="org.apache.shiro.authz.UnauthorizedException">error/403</prop>
+				<prop key="java.lang.Throwable">error/500</prop>
+			</props>
+		</property>
+	</bean>
+	
+	<!-- Spring MVC上传文件  MultipartFile 拦截，设置字符集 -->  
+	<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">  
+		<property name="defaultEncoding" value="UTF-8" />  
+	</bean>
+	
 </beans>
\ No newline at end of file
diff --git a/web/.settings/org.eclipse.wst.common.component b/web/.settings/org.eclipse.wst.common.component
index 85af978c..1e044cdf 100644
--- a/web/.settings/org.eclipse.wst.common.component
+++ b/web/.settings/org.eclipse.wst.common.component
@@ -9,6 +9,9 @@
         <dependent-module archiveName="jeesite-common-4.0-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/jeesite-common/jeesite-common">
             <dependency-type>uses</dependency-type>
         </dependent-module>
+        <dependent-module archiveName="jeesite-module-devtools-4.0-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/jeesite-module-devtools/jeesite-module-devtools">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
     <property name="context-root" value="jeesite-web"/>
     <wb-resource deploy-path="/" source-path="src/main/webapp"/>
     <property name="java-output-path" value="/src/main/webapp/WEB-INF/classes"/>
diff --git a/web/src/main/webapp/WEB-INF/web.xml b/web/src/main/webapp/WEB-INF/web.xml
index 6cf13c87..1340b5f3 100644
--- a/web/src/main/webapp/WEB-INF/web.xml
+++ b/web/src/main/webapp/WEB-INF/web.xml
@@ -1,175 +1,175 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
-	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
-	version="3.0">
-
-	<display-name>JeeSite</display-name>
-
-	<!-- Context Param -->
-	<context-param>
-		<param-name>contextConfigLocation</param-name>
-		<param-value>classpath*:spring/spring-context.xml</param-value>
-	</context-param>
-	
-	<!-- Web Context Listener -->
-	<listener>
-		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-	</listener>
-	
-	<!-- CAS Session Listener -->
-	<listener>
-		<listener-class>com.jeesite.common.shiro.sso.SingleSignOutSessionListener</listener-class>
-	</listener>
-	
-	<!-- Request Context Listener -->
-	<listener>
-        <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>  
-	</listener>
-	
-	<!-- Encoding Filter -->
-	<filter>
-		<filter-name>encodingFilter</filter-name>
-		<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
-		<async-supported>true</async-supported>
-		<init-param>
-			<param-name>encoding</param-name>
-			<param-value>UTF-8</param-value>
-		</init-param>
-		<init-param>
-			<param-name>forceEncoding</param-name>
-			<param-value>true</param-value>
-		</init-param>
-	</filter>
-	<filter-mapping>
-		<filter-name>encodingFilter</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
-
-	<!-- PageCache Filter, cache .html suffix.
-	<filter>
-		<filter-name>PageCacheFilter</filter-name>
-		<filter-class>com.jeesite.common.web.PageCachingFilter</filter-class>
-		<async-supported>true</async-supported>
-		<init-param>
-			<param-name>cacheName</param-name>
-			<param-value>pageCachingFilter</param-value>
-		</init-param>
-	</filter>
-	<filter-mapping>
-		<filter-name>PageCacheFilter</filter-name>
-		<url-pattern>*.html</url-pattern>
-	</filter-mapping> -->
-	
-	<!-- Apache Shiro Filter -->
-	<filter>
-		<filter-name>shiroFilter</filter-name>
-		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-		<async-supported>true</async-supported>
-		<init-param>
-			<param-name>targetFilterLifecycle</param-name>
-			<param-value>true</param-value>
-		</init-param>
-	</filter>
-	<filter-mapping>
-		<filter-name>shiroFilter</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
-	<!-- Request Context Filter 需要放在shiroFilter后，否则request获取不到session -->
-	<filter>
-		<filter-name>requestContextFilter</filter-name>
-		<filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
-		<async-supported>true</async-supported>
-	</filter>
-	<filter-mapping>
-		<filter-name>requestContextFilter</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
-
-	<!-- Spring MVC Servlet -->
-	<servlet>
-		<servlet-name>webMvcServlet</servlet-name>
-		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
-		<init-param>
-			<param-name>contextConfigLocation</param-name>
-			<param-value>classpath*:/spring/spring-mvc.xml</param-value>
-		</init-param>
-		<load-on-startup>1</load-on-startup>
-		<async-supported>true</async-supported>
-	</servlet>
-	<servlet-mapping>
-		<servlet-name>webMvcServlet</servlet-name>
-		<url-pattern>/</url-pattern>
-	</servlet-mapping>
-	
-	<!-- Druid StatView 
-	<servlet>
-		<servlet-name>DruidStatView</servlet-name>
-		<servlet-class>com.alibaba.druid.support.http.StatViewServlet</servlet-class>
-		<async-supported>true</async-supported>
-	</servlet>
-	<servlet-mapping>
-		<servlet-name>DruidStatView</servlet-name>
-		<url-pattern>/druid/*</url-pattern>
-	</servlet-mapping>-->
-	
-	<!-- Druid WebStatFilter 
-	<filter>
-		<filter-name>DruidWebStatFilter</filter-name>
-		<filter-class>com.alibaba.druid.support.http.WebStatFilter</filter-class>
-		<async-supported>true</async-supported>
-		<init-param>
-			<param-name>exclusions</param-name>
-			<param-value>*.css,*.js,*.png,*.jpg,*.gif,*.jpeg,*.bmp,*.ico,*.swf,*.psd,*.htc,*.htm,*.html,*.crx,*.xpi,*.exe,*.ipa,*.apk,*.otf,*.eot,*.svg,*.ttf,*.woff</param-value>
-		</init-param>
-	</filter>
-	<filter-mapping>
-		<filter-name>DruidWebStatFilter</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>-->
-	
-	<!-- FineReport Servlet 
-	<servlet>
-		<servlet-name>ReportServer</servlet-name>
-		<servlet-class>com.fr.web.ReportServlet</servlet-class>
-	</servlet>
-	<servlet-mapping>
-		<servlet-name>ReportServer</servlet-name>
-		<url-pattern>/ReportServer</url-pattern>
-	</servlet-mapping>-->
-	
-	<!-- Apache CXF Servlet 
-  	<servlet>
-        <servlet-name>CXFServlet</servlet-name>
-        <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
-    </servlet>
-    <servlet-mapping>
-        <servlet-name>CXFServlet</servlet-name>
-        <url-pattern>/services/*</url-pattern>
-    </servlet-mapping>-->
-    
-	<!-- FoxBPM Restlet Servlet 
-	<servlet>
-		<servlet-name>FoxbpmRestletServlet</servlet-name>
-		<servlet-class>org.restlet.ext.servlet.ServerServlet</servlet-class>
-		<init-param>
-			<param-name>org.restlet.application</param-name>
-			<param-value>com.jeesite.modules.foxbpm.rest.FlowRestApplication</param-value>
-		</init-param>
-	</servlet>
-	<servlet-mapping>
-		<servlet-name>FoxbpmRestletServlet</servlet-name>
-		<url-pattern>/foxbpm/service/*</url-pattern>
-	</servlet-mapping>-->
-
-	<!-- Error page -->
-	<error-page>
-		<error-code>500</error-code>
-		<location>/error/500</location>
-	</error-page>
-	<error-page>
-		<error-code>404</error-code>
-		<location>/error/404</location>
-	</error-page>
-
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	version="3.0">
+
+	<display-name>JeeSite</display-name>
+
+	<!-- Context Param -->
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>classpath*:spring/spring-context.xml</param-value>
+	</context-param>
+	
+	<!-- Web Context Listener -->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
+	
+	<!-- CAS Session Listener -->
+	<listener>
+		<listener-class>com.jeesite.common.shiro.cas.CasOutSessionListener</listener-class>
+	</listener>
+	
+	<!-- Request Context Listener -->
+	<listener>
+        <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>  
+	</listener>
+	
+	<!-- Encoding Filter -->
+	<filter>
+		<filter-name>encodingFilter</filter-name>
+		<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
+		<async-supported>true</async-supported>
+		<init-param>
+			<param-name>encoding</param-name>
+			<param-value>UTF-8</param-value>
+		</init-param>
+		<init-param>
+			<param-name>forceEncoding</param-name>
+			<param-value>true</param-value>
+		</init-param>
+	</filter>
+	<filter-mapping>
+		<filter-name>encodingFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+
+	<!-- PageCache Filter, cache .html suffix.
+	<filter>
+		<filter-name>PageCacheFilter</filter-name>
+		<filter-class>com.jeesite.common.web.PageCachingFilter</filter-class>
+		<async-supported>true</async-supported>
+		<init-param>
+			<param-name>cacheName</param-name>
+			<param-value>pageCachingFilter</param-value>
+		</init-param>
+	</filter>
+	<filter-mapping>
+		<filter-name>PageCacheFilter</filter-name>
+		<url-pattern>*.html</url-pattern>
+	</filter-mapping> -->
+	
+	<!-- Apache Shiro Filter -->
+	<filter>
+		<filter-name>shiroFilter</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+		<async-supported>true</async-supported>
+		<init-param>
+			<param-name>targetFilterLifecycle</param-name>
+			<param-value>true</param-value>
+		</init-param>
+	</filter>
+	<filter-mapping>
+		<filter-name>shiroFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+	<!-- Request Context Filter 需要放在shiroFilter后，否则request获取不到session -->
+	<filter>
+		<filter-name>requestContextFilter</filter-name>
+		<filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
+		<async-supported>true</async-supported>
+	</filter>
+	<filter-mapping>
+		<filter-name>requestContextFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+
+	<!-- Spring MVC Servlet -->
+	<servlet>
+		<servlet-name>webMvcServlet</servlet-name>
+		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+		<init-param>
+			<param-name>contextConfigLocation</param-name>
+			<param-value>classpath*:/spring/spring-mvc.xml</param-value>
+		</init-param>
+		<load-on-startup>1</load-on-startup>
+		<async-supported>true</async-supported>
+	</servlet>
+	<servlet-mapping>
+		<servlet-name>webMvcServlet</servlet-name>
+		<url-pattern>/</url-pattern>
+	</servlet-mapping>
+	
+	<!-- Druid StatView 
+	<servlet>
+		<servlet-name>DruidStatView</servlet-name>
+		<servlet-class>com.alibaba.druid.support.http.StatViewServlet</servlet-class>
+		<async-supported>true</async-supported>
+	</servlet>
+	<servlet-mapping>
+		<servlet-name>DruidStatView</servlet-name>
+		<url-pattern>/druid/*</url-pattern>
+	</servlet-mapping>-->
+	
+	<!-- Druid WebStatFilter 
+	<filter>
+		<filter-name>DruidWebStatFilter</filter-name>
+		<filter-class>com.alibaba.druid.support.http.WebStatFilter</filter-class>
+		<async-supported>true</async-supported>
+		<init-param>
+			<param-name>exclusions</param-name>
+			<param-value>*.css,*.js,*.png,*.jpg,*.gif,*.jpeg,*.bmp,*.ico,*.swf,*.psd,*.htc,*.htm,*.html,*.crx,*.xpi,*.exe,*.ipa,*.apk,*.otf,*.eot,*.svg,*.ttf,*.woff</param-value>
+		</init-param>
+	</filter>
+	<filter-mapping>
+		<filter-name>DruidWebStatFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>-->
+	
+	<!-- FineReport Servlet 
+	<servlet>
+		<servlet-name>ReportServer</servlet-name>
+		<servlet-class>com.fr.web.ReportServlet</servlet-class>
+	</servlet>
+	<servlet-mapping>
+		<servlet-name>ReportServer</servlet-name>
+		<url-pattern>/ReportServer</url-pattern>
+	</servlet-mapping>-->
+	
+	<!-- Apache CXF Servlet 
+  	<servlet>
+        <servlet-name>CXFServlet</servlet-name>
+        <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>CXFServlet</servlet-name>
+        <url-pattern>/services/*</url-pattern>
+    </servlet-mapping>-->
+    
+	<!-- FoxBPM Restlet Servlet 
+	<servlet>
+		<servlet-name>FoxbpmRestletServlet</servlet-name>
+		<servlet-class>org.restlet.ext.servlet.ServerServlet</servlet-class>
+		<init-param>
+			<param-name>org.restlet.application</param-name>
+			<param-value>com.jeesite.modules.foxbpm.rest.FlowRestApplication</param-value>
+		</init-param>
+	</servlet>
+	<servlet-mapping>
+		<servlet-name>FoxbpmRestletServlet</servlet-name>
+		<url-pattern>/foxbpm/service/*</url-pattern>
+	</servlet-mapping>-->
+
+	<!-- Error page -->
+	<error-page>
+		<error-code>500</error-code>
+		<location>/error/500</location>
+	</error-page>
+	<error-page>
+		<error-code>404</error-code>
+		<location>/error/404</location>
+	</error-page>
+
 </web-app>
\ No newline at end of file