Apps

0307d875 · MaxKey · d11c499e · 0307d875 · 0307d875 · 0307d875
13 changed file
--- a/maxkey-core/src/main/java/org/maxkey/entity/apps/Apps.java
+++ b/maxkey-core/src/main/java/org/maxkey/entity/apps/Apps.java
@@ -29,7 +29,6 @@ import javax.persistence.Table;

 import org.apache.mybatis.jpa.persistence.JpaBaseEntity;
 import org.maxkey.constants.ConstsBoolean;
-import org.springframework.web.multipart.MultipartFile;

 @Entity
 @Table(name = "MXK_APPS")
@@ -80,11 +79,11 @@ public class Apps extends JpaBaseEntity implements Serializable {
    @Column
    private byte[] icon;
    private String iconBase64;
-    private MultipartFile iconFile;
+    String iconId;
+    
    @Column
    private int visible;
    
-
    //引导方式 IDP OR SP,default is IDP
    private String inducer;
    /*
@@ -144,7 +143,6 @@ public class Apps extends JpaBaseEntity implements Serializable {

    @Column
    protected int sortIndex;
-
    @Column
    protected int status;
    @Column
@@ -287,14 +285,15 @@ public class Apps extends JpaBaseEntity implements Serializable {
 		}
 	}

-	/**
-     * @return the iconFile
-     */
-    public MultipartFile getIconFile() {
-        return iconFile;
-    }
+    public String getIconId() {
+		return iconId;
+	}

-    /**
+	public void setIconId(String iconId) {
+		this.iconId = iconId;
+	}
+
+	/**
     * @return the description
     */
    public String getDescription() {
@@ -308,12 +307,7 @@ public class Apps extends JpaBaseEntity implements Serializable {
        this.description = description;
    }

-    /**
-     * @param iconFile the iconFile to set
-     */
-    public void setIconFile(MultipartFile iconFile) {
-        this.iconFile = iconFile;
-    }
+ 

    /**
     * @return the vendor
@@ -624,8 +618,8 @@ public class Apps extends JpaBaseEntity implements Serializable {
 		builder.append(protocol);
 		builder.append(", secret=");
 		builder.append(secret);
-		builder.append(", iconFile=");
-		builder.append(iconFile);
+		builder.append(", iconId=");
+		builder.append(iconId);
 		builder.append(", visible=");
 		builder.append(visible);
 		builder.append(", inducer=");

--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/access/contorller/GroupPrivilegesController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/access/contorller/GroupPrivilegesController.java
@@ -31,6 +31,7 @@ import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
@@ -80,7 +81,7 @@ public class GroupPrivilegesController {
 	@RequestMapping(value = {"/add"})
 	@ResponseBody
 	public ResponseEntity<?> insertGroupApp(
-				@ModelAttribute GroupPrivileges groupPrivileges,
+				@RequestBody GroupPrivileges groupPrivileges,
 				@CurrentUser UserInfo currentUser) {
 		if (groupPrivileges == null || groupPrivileges.getGroupId() == null) {
 			return new Message<GroupPrivileges>(Message.FAIL).buildResponse();

--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/ApplicationsController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/ApplicationsController.java
@@ -20,6 +20,7 @@ package org.maxkey.web.apps.contorller;

 import org.apache.mybatis.jpa.persistence.JpaPageResults;
 import org.maxkey.authn.annotation.CurrentUser;
+import org.maxkey.constants.ConstsProtocols;
 import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.entity.ExtraAttr;
 import org.maxkey.entity.ExtraAttrs;
@@ -53,6 +54,16 @@ import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
 public class ApplicationsController extends BaseAppContorller {
 	final static Logger _logger = LoggerFactory.getLogger(ApplicationsController.class);
 	
+	@RequestMapping(value = { "/init" }, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> init() {
+		Apps app=new Apps();
+		app.setId(app.generateId());
+		app.setProtocol(ConstsProtocols.FORMBASED);
+		app.setSecret(ReciprocalUtils.generateKey(""));
+		return new Message<Apps>(app).buildResponse();
+	}
+	
+	
 	@RequestMapping(value = { "/fetch" }, produces = {MediaType.APPLICATION_JSON_VALUE})
 	@ResponseBody
 	public ResponseEntity<?> fetch(@ModelAttribute Apps apps,@CurrentUser UserInfo currentUser) {
@@ -60,6 +71,8 @@ public class ApplicationsController extends BaseAppContorller {
 		JpaPageResults<Apps> appsList =appsService.queryPageResults(apps);
 		for (Apps app : appsList.getRows()){
 			app.transIconBase64();
+			app.setSecret(null);
+			app.setSharedPassword(null);
 		}
 		_logger.debug("List "+appsList);
 		return new Message<JpaPageResults<Apps>>(appsList).buildResponse();
@@ -79,6 +92,8 @@ public class ApplicationsController extends BaseAppContorller {
 	@RequestMapping(value = { "/get/{id}" }, produces = {MediaType.APPLICATION_JSON_VALUE})
 	public ResponseEntity<?> get(@PathVariable("id") String id) {
 		Apps apps = appsService.get(id);
+		decoderSecret(apps);
+		apps.transIconBase64();
 		return new Message<Apps>(apps).buildResponse();
 	}
 	

--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/BaseAppContorller.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/BaseAppContorller.java
@@ -20,61 +20,49 @@
 */
 package org.maxkey.web.apps.contorller;

-import java.io.IOException;
-
 import org.maxkey.constants.ConstsProtocols;
 import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.apps.Apps;
 import org.maxkey.persistence.service.AppsService;
+import org.maxkey.persistence.service.FileUploadService;
 import org.maxkey.util.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;

 /**
 * @author Crystal.Sea
 *
 */
 public class BaseAppContorller {
-
 	final static Logger _logger = LoggerFactory.getLogger(BaseAppContorller.class);
 	
 	@Autowired
-	@Qualifier("appsService")
 	protected AppsService appsService;

-	
 	@Autowired
-	@Qualifier("passwordReciprocal")
 	protected PasswordReciprocal passwordReciprocal;
 	
+	@Autowired
+	protected FileUploadService fileUploadService;
 	
 	public void setAppsService(AppsService appsService) {
 		this.appsService = appsService;
 	}

 	protected void transform(Apps application) {
-		
 		encodeSharedPassword(application);
-		
 		encodeSecret(application);
-		
 		/*
 		 * string field encoding
 		 */
 		encoding(application);
-
 		/*
-		 * upload iconFile MultipartFile  to icon Bytes
+		 * upload icon Bytes
 		 */
-		if(null!=application.getIconFile()&&!application.getIconFile().isEmpty()){
-			try {
-				application.setIcon(application.getIconFile().getBytes());
-			} catch (IOException e) {
-				e.printStackTrace();
-			}
-		
+		if(StringUtils.isNotBlank(application.getIconId())){
+			application.setIcon(fileUploadService.get(application.getIconId()).getUploaded());
+			fileUploadService.remove(application.getIconId());
 		}
 		
 	}
@@ -82,8 +70,9 @@ public class BaseAppContorller {
 	protected void encodeSharedPassword(Apps application){
 		if(application.getCredential()!=Apps.CREDENTIALS.SHARED){
 			if(application.getProtocol().equals(ConstsProtocols.FORMBASED)){
-				if(StringUtils.isNotEmpty(application.getSharedPassword())){
-					application.setSharedPassword(PasswordReciprocal.getInstance().encode(application.getSharedPassword()));
+				if(StringUtils.isNotBlank(application.getSharedPassword())){
+					application.setSharedPassword(
+							PasswordReciprocal.getInstance().encode(application.getSharedPassword()));
 				}
 			}
 		}
@@ -92,8 +81,9 @@ public class BaseAppContorller {
 	protected void decoderSharedPassword(Apps application){
 		if(application.getCredential()!=Apps.CREDENTIALS.SHARED){
 			if(application.getProtocol().equals(ConstsProtocols.FORMBASED)){
-				if(StringUtils.isNotEmpty(application.getSharedPassword())){
-					application.setSharedPassword(PasswordReciprocal.getInstance().decoder(application.getSharedPassword()));
+				if(StringUtils.isNotBlank(application.getSharedPassword())){
+					application.setSharedPassword(
+							PasswordReciprocal.getInstance().decoder(application.getSharedPassword()));
 				}
 			}
 		}
@@ -101,24 +91,17 @@ public class BaseAppContorller {
 	
 	protected void encoding(Apps application){
 		
-		//application.setName(WebContext.encoding(application.getName()));
-		if(null!=application.getDescription()){
-		//	application.setDescription(WebContext.encoding(application.getDescription()));
-		}
-		
 	}
 	
-	
 	protected void encodeSecret(Apps application){
-		if(application.getSecret()!=null&&!application.getSecret().equals("")){
-			//
+		if(StringUtils.isNotBlank(application.getSecret())){
 			String encodeSecret=passwordReciprocal.encode(application.getSecret());
 			application.setSecret(encodeSecret);
 		}
 	}
 	
 	protected void decoderSecret(Apps application){
-		if(application.getSecret()!=null&&!application.getSecret().equals("")){
+		if(StringUtils.isNotBlank(application.getSecret())){
 			String decodeSecret=passwordReciprocal.decoder(application.getSecret());
 			application.setSecret(decodeSecret);
 		}

--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/BasicDetailsController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/BasicDetailsController.java
-/*
- * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
- * 
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- *     http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- 
-
-package org.maxkey.web.apps.contorller;
-
-import org.maxkey.constants.ConstsOperateMessage;
-import org.maxkey.constants.ConstsProtocols;
-import org.maxkey.crypto.ReciprocalUtils;
-import org.maxkey.entity.apps.Apps;
-import org.maxkey.web.WebContext;
-import org.maxkey.web.message.Message;
-import org.maxkey.web.message.MessageType;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.servlet.ModelAndView;
-
-
-@Controller
-@RequestMapping(value={"/apps/basic"})
-public class BasicDetailsController  extends BaseAppContorller {
-	final static Logger _logger = LoggerFactory.getLogger(BasicDetailsController.class);
-	
-	
-	@RequestMapping(value = { "/forwardAdd" })
-	public ModelAndView forwardAdd() {
-		ModelAndView modelAndView=new ModelAndView("apps/basic/appAdd");
-		Apps appDetails =new Apps();
-		appDetails.setId(appDetails.generateId());
-		appDetails.setProtocol(ConstsProtocols.BASIC);
-		appDetails.setSecret(ReciprocalUtils.generateKey(""));
-		modelAndView.addObject("model",appDetails);
-		return modelAndView;
-	}
-	
-	
-	@RequestMapping(value={"/add"})
-	public ModelAndView insert(@ModelAttribute("appDetails") Apps appDetails ) {
-		_logger.debug("-Add  :" + appDetails);
-
-		transform(appDetails);
-		appDetails.setInstId(WebContext.getUserInfo().getInstId());
-		if (appsService.insert(appDetails)) {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.success);
-			
-		} else {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.error);
-		}
-		return   WebContext.forward("forwardUpdate/"+appDetails.getId());
-	}
-	
-	@RequestMapping(value = { "/forwardUpdate/{id}" })
-	public ModelAndView forwardUpdate(@PathVariable("id") String id) {
-		ModelAndView modelAndView=new ModelAndView("apps/basic/appUpdate");
-		Apps appDetails=appsService.get(id);
-		super.decoderSecret(appDetails);
-		appDetails.transIconBase64();
-		modelAndView.addObject("model",appDetails);
-		return modelAndView;
-	}
-	
-	/**
-	 * modify
-	 * @param application
-	 * @return
-	 */
-	@RequestMapping(value={"/update"})  
-	public ModelAndView update(@ModelAttribute("appDetails") Apps appDetails) {
-		//
-		_logger.debug("-update  application :" + appDetails);
-		transform(appDetails);
-		appDetails.setInstId(WebContext.getUserInfo().getInstId());
-		if (appsService.update(appDetails)) {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_SUCCESS),MessageType.success);
-			
-		} else {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_ERROR),MessageType.error);
-		}
-		return   WebContext.forward("forwardUpdate/"+appDetails.getId());
-	}
-	
-
-	@ResponseBody
-	@RequestMapping(value={"/delete/{id}"})
-	public Message delete(@PathVariable("id") String id) {
-		_logger.debug("-delete  application :" + id);
-		if (appsService.remove(id)) {
-			return  new Message(WebContext.getI18nValue(ConstsOperateMessage.DELETE_SUCCESS),MessageType.success);
-			
-		} else {
-			return  new Message(WebContext.getI18nValue(ConstsOperateMessage.DELETE_SUCCESS),MessageType.error);
-		}
-	}
-	
-	
-}
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/CasDetailsController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/CasDetailsController.java
@@ -17,23 +17,24 @@

 package org.maxkey.web.apps.contorller;

-import org.maxkey.constants.ConstsOperateMessage;
+import org.maxkey.authn.annotation.CurrentUser;
 import org.maxkey.constants.ConstsProtocols;
 import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.entity.Message;
+import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.AppsCasDetails;
 import org.maxkey.persistence.service.AppsCasDetailsService;
-import org.maxkey.web.WebContext;
-import org.maxkey.web.message.Message;
-import org.maxkey.web.message.MessageType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.servlet.ModelAndView;


 @Controller
@@ -44,76 +45,58 @@ public class CasDetailsController  extends BaseAppContorller {
 	@Autowired
 	AppsCasDetailsService casDetailsService;
 	
-	@RequestMapping(value = { "/forwardAdd" })
-	public ModelAndView forwardAdd() {
-		ModelAndView modelAndView=new ModelAndView("apps/cas/appAdd");
+	@RequestMapping(value = { "/init" }, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> init() {
 		AppsCasDetails casDetails =new AppsCasDetails();
 		casDetails.setId(casDetails.generateId());
 		casDetails.setProtocol(ConstsProtocols.CAS);
 		casDetails.setSecret(ReciprocalUtils.generateKey(""));
-		modelAndView.addObject("model",casDetails);
-		return modelAndView;
+		return new Message<AppsCasDetails>(casDetails).buildResponse();
 	}
 	
+	@RequestMapping(value = { "/get/{id}" }, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> get(@PathVariable("id") String id) {
+		AppsCasDetails casDetails=casDetailsService.getAppDetails(id , false);
+		super.decoderSecret(casDetails);
+		casDetails.transIconBase64();
+		return new Message<AppsCasDetails>(casDetails).buildResponse();
+	}
 	
-	@RequestMapping(value={"/add"})
-	public ModelAndView insert(@ModelAttribute("casDetails") AppsCasDetails casDetails) {
+	@ResponseBody
+	@RequestMapping(value={"/add"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> insert(@RequestBody AppsCasDetails casDetails,@CurrentUser UserInfo currentUser) {
 		_logger.debug("-Add  :" + casDetails);
-
 		transform(casDetails);
-		casDetails.setInstId(WebContext.getUserInfo().getInstId());
+		casDetails.setInstId(currentUser.getInstId());
 		if (casDetailsService.insert(casDetails)&&appsService.insertApp(casDetails)) {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.success);
-			
+			return new Message<AppsCasDetails>(Message.SUCCESS).buildResponse();
 		} else {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.error);
+			return new Message<AppsCasDetails>(Message.FAIL).buildResponse();
 		}
-		return   WebContext.forward("forwardUpdate/"+casDetails.getId());
-	}
-	
-	@RequestMapping(value = { "/forwardUpdate/{id}" })
-	public ModelAndView forwardUpdate(@PathVariable("id") String id) {
-		ModelAndView modelAndView=new ModelAndView("apps/cas/appUpdate");
-		AppsCasDetails casDetails=casDetailsService.getAppDetails(id , false);
-		super.decoderSecret(casDetails);
-		casDetails.transIconBase64();
-		
-		modelAndView.addObject("model",casDetails);
-		return modelAndView;
 	}
 	
-	/**
-	 * modify
-	 * @param application
-	 * @return
-	 */
-	@RequestMapping(value={"/update"})  
-	public ModelAndView update(@ModelAttribute("casDetails") AppsCasDetails casDetails) {
-		//
-		_logger.debug("-update  application :" + casDetails);
+	@ResponseBody
+	@RequestMapping(value={"/update"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> update(@RequestBody AppsCasDetails casDetails,@CurrentUser UserInfo currentUser) {
+		_logger.debug("-update  :" + casDetails);
 		transform(casDetails);
-		casDetails.setInstId(WebContext.getUserInfo().getInstId());
+		casDetails.setInstId(currentUser.getInstId());
 		if (casDetailsService.update(casDetails)&&appsService.updateApp(casDetails)) {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_SUCCESS),MessageType.success);
-			
+		    return new Message<AppsCasDetails>(Message.SUCCESS).buildResponse();
 		} else {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_ERROR),MessageType.error);
+			return new Message<AppsCasDetails>(Message.FAIL).buildResponse();
 		}
-		return   WebContext.forward("forwardUpdate/"+casDetails.getId());
 	}
 	
-
 	@ResponseBody
-	@RequestMapping(value={"/delete/{id}"})
-	public Message delete(@PathVariable("id") String id) {
-		_logger.debug("-delete  application :" + id);
-		if (casDetailsService.remove(id)&&appsService.remove(id)) {
-			return  new Message(WebContext.getI18nValue(ConstsOperateMessage.DELETE_SUCCESS),MessageType.success);
-			
+	@RequestMapping(value={"/delete"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> delete(@RequestParam("ids") String ids,@CurrentUser UserInfo currentUser) {
+		_logger.debug("-delete  ids : {} " , ids);
+		if (casDetailsService.deleteBatch(ids)&&appsService.deleteBatch(ids)) {
+			 return new Message<AppsCasDetails>(Message.SUCCESS).buildResponse();
 		} else {
-			return  new Message(WebContext.getI18nValue(ConstsOperateMessage.DELETE_SUCCESS),MessageType.error);
+			return new Message<AppsCasDetails>(Message.FAIL).buildResponse();
 		}
 	}
 	
-	
 }
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/ExtendApiDetailsController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/ExtendApiDetailsController.java
@@ -17,23 +17,24 @@

 package org.maxkey.web.apps.contorller;

-import org.maxkey.constants.ConstsOperateMessage;
+import org.maxkey.authn.annotation.CurrentUser;
 import org.maxkey.constants.ConstsProtocols;
 import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.entity.Message;
+import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.Apps;
 import org.maxkey.entity.apps.AppsExtendApiDetails;
-import org.maxkey.web.WebContext;
-import org.maxkey.web.message.Message;
-import org.maxkey.web.message.MessageType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.BeanUtils;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.servlet.ModelAndView;


 @Controller
@@ -41,76 +42,66 @@ import org.springframework.web.servlet.ModelAndView;
 public class ExtendApiDetailsController  extends BaseAppContorller {
 	final static Logger _logger = LoggerFactory.getLogger(ExtendApiDetailsController.class);

-	
-	@RequestMapping(value = { "/forwardAdd" })
-	public ModelAndView forwardAdd() {
-		ModelAndView modelAndView=new ModelAndView("apps/extendapi/appAdd");
+	@RequestMapping(value = { "/init" }, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> init() {
 		AppsExtendApiDetails extendApiDetails=new AppsExtendApiDetails();
 		extendApiDetails.setId(extendApiDetails.generateId());
 		extendApiDetails.setProtocol(ConstsProtocols.EXTEND_API);
 		extendApiDetails.setSecret(ReciprocalUtils.generateKey(""));
-
-		modelAndView.addObject("model",extendApiDetails);
-		return modelAndView;
+		return new Message<AppsExtendApiDetails>(extendApiDetails).buildResponse();
+	}
+	
+	@RequestMapping(value = { "/get/{id}" }, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> get(@PathVariable("id") String id) {
+		Apps application= appsService.get(id);
+		super.decoderSecret(application);
+		AppsExtendApiDetails extendApiDetails=new AppsExtendApiDetails();
+		BeanUtils.copyProperties(application, extendApiDetails);
+		extendApiDetails.transIconBase64();
+		return new Message<AppsExtendApiDetails>(extendApiDetails).buildResponse();
 	}
 	
-	@RequestMapping(value={"/add"})
-	public ModelAndView insert(@ModelAttribute("extendApiDetails") AppsExtendApiDetails extendApiDetails) {
+	@ResponseBody
+	@RequestMapping(value={"/add"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> add(
+			@RequestBody AppsExtendApiDetails extendApiDetails,
+			@CurrentUser UserInfo currentUser) {
 		_logger.debug("-Add  :" + extendApiDetails);
 		
 		transform(extendApiDetails);
-		extendApiDetails.setInstId(WebContext.getUserInfo().getInstId());
+		extendApiDetails.setInstId(currentUser.getInstId());
 		if (appsService.insertApp(extendApiDetails)) {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.success);
-			
+			return new Message<AppsExtendApiDetails>(Message.SUCCESS).buildResponse();
 		} else {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.error);
+			return new Message<AppsExtendApiDetails>(Message.FAIL).buildResponse();
 		}
-		return   WebContext.forward("forwardUpdate/"+extendApiDetails.getId());
 	}
 	
-	@RequestMapping(value = { "/forwardUpdate/{id}" })
-	public ModelAndView forwardUpdate(@PathVariable("id") String id) {
-		ModelAndView modelAndView=new ModelAndView("apps/extendapi/appUpdate");
-		Apps application= appsService.get(id);
-		super.decoderSecret(application);
-		AppsExtendApiDetails extendApiDetails=new AppsExtendApiDetails();
-		BeanUtils.copyProperties(application, extendApiDetails);
-		extendApiDetails.transIconBase64();
-
-		modelAndView.addObject("model",extendApiDetails);
-		return modelAndView;
-	}
-	
-	/**
-	 * modify
-	 * @param extendApiDetails
-	 * @return
-	 */
-	@RequestMapping(value={"/update"})  
-	public ModelAndView update(@ModelAttribute("extendApiDetails") AppsExtendApiDetails extendApiDetails) {
-		_logger.debug("-update  extendApiDetails :" + extendApiDetails);
+	@ResponseBody
+	@RequestMapping(value={"/update"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> update(
+			@RequestBody AppsExtendApiDetails extendApiDetails,
+			@CurrentUser UserInfo currentUser) {
+		_logger.debug("-update  :" + extendApiDetails);
 		transform(extendApiDetails);
-		extendApiDetails.setInstId(WebContext.getUserInfo().getInstId());
+		extendApiDetails.setInstId(currentUser.getInstId());
 		if (appsService.updateApp(extendApiDetails)) {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_SUCCESS),MessageType.success);
-			
+		    return new Message<AppsExtendApiDetails>(Message.SUCCESS).buildResponse();
 		} else {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_ERROR),MessageType.error);
+			return new Message<AppsExtendApiDetails>(Message.FAIL).buildResponse();
 		}
-		return   WebContext.forward("forwardUpdate/"+extendApiDetails.getId());
 	}
 	
-
 	@ResponseBody
-	@RequestMapping(value={"/delete/{id}"})
-	public Message delete(@PathVariable("id") String id) {
-		_logger.debug("-delete  application :" + id);
-		if (appsService.remove(id)) {
-			return  new Message(WebContext.getI18nValue(ConstsOperateMessage.DELETE_SUCCESS),MessageType.success);
-			
+	@RequestMapping(value={"/delete"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> delete(
+			@RequestParam("ids") String ids,
+			@CurrentUser UserInfo currentUser) {
+		_logger.debug("-delete  ids : {} " , ids);
+		if (appsService.deleteBatch(ids)) {
+			 return new Message<AppsExtendApiDetails>(Message.SUCCESS).buildResponse();
 		} else {
-			return  new Message(WebContext.getI18nValue(ConstsOperateMessage.DELETE_SUCCESS),MessageType.error);
+			return new Message<AppsExtendApiDetails>(Message.FAIL).buildResponse();
 		}
 	}


--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/FormBasedDetailsController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/FormBasedDetailsController.java
@@ -17,23 +17,24 @@

 package org.maxkey.web.apps.contorller;

-import org.maxkey.constants.ConstsOperateMessage;
+import org.maxkey.authn.annotation.CurrentUser;
 import org.maxkey.constants.ConstsProtocols;
 import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.entity.Message;
+import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.AppsFormBasedDetails;
 import org.maxkey.persistence.service.AppsFormBasedDetailsService;
-import org.maxkey.web.WebContext;
-import org.maxkey.web.message.Message;
-import org.maxkey.web.message.MessageType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.servlet.ModelAndView;


 @Controller
@@ -44,77 +45,69 @@ public class FormBasedDetailsController  extends BaseAppContorller {
 	@Autowired
 	AppsFormBasedDetailsService formBasedDetailsService;
 	
-	
-	@RequestMapping(value = { "/forwardAdd" })
-	public ModelAndView forwardAdd() {
-		ModelAndView modelAndView=new ModelAndView("apps/formbased/appAdd");
+	@RequestMapping(value = { "/init" }, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> init() {
 		AppsFormBasedDetails formBasedDetails=new AppsFormBasedDetails();
 		formBasedDetails.setId(formBasedDetails.generateId());
 		formBasedDetails.setProtocol(ConstsProtocols.FORMBASED);
 		formBasedDetails.setSecret(ReciprocalUtils.generateKey(""));
-
-		modelAndView.addObject("model",formBasedDetails);
-		return modelAndView;
+		return new Message<AppsFormBasedDetails>(formBasedDetails).buildResponse();
 	}
 	
+	@RequestMapping(value = { "/get/{id}" }, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> get(@PathVariable("id") String id) {
+		AppsFormBasedDetails formBasedDetails=formBasedDetailsService.getAppDetails(id , false);
+		decoderSecret(formBasedDetails);
+		decoderSharedPassword(formBasedDetails);
+		formBasedDetails.transIconBase64();
+		return new Message<AppsFormBasedDetails>(formBasedDetails).buildResponse();
+	}
 	
-
-	@RequestMapping(value={"/add"})
-	public ModelAndView insert(@ModelAttribute("formBasedDetails") AppsFormBasedDetails formBasedDetails) {
+	@ResponseBody
+	@RequestMapping(value={"/add"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> add(
+			@RequestBody AppsFormBasedDetails formBasedDetails,
+			@CurrentUser UserInfo currentUser) {
 		_logger.debug("-Add  :" + formBasedDetails);
 		
 		transform(formBasedDetails);
-		formBasedDetails.setInstId(WebContext.getUserInfo().getInstId());
-		if (formBasedDetailsService.insert(formBasedDetails)&&appsService.insertApp(formBasedDetails)) {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.success);
-			
+		formBasedDetails.setInstId(currentUser.getInstId());
+		if (formBasedDetailsService.insert(formBasedDetails)
+				&&appsService.insertApp(formBasedDetails)) {
+			return new Message<AppsFormBasedDetails>(Message.SUCCESS).buildResponse();
 		} else {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.error);
+			return new Message<AppsFormBasedDetails>(Message.FAIL).buildResponse();
 		}
-		return   WebContext.forward("forwardUpdate/"+formBasedDetails.getId());
 	}
 	
-	@RequestMapping(value = { "/forwardUpdate/{id}" })
-	public ModelAndView forwardUpdate(@PathVariable("id") String id) {
-		ModelAndView modelAndView=new ModelAndView("apps/formbased/appUpdate");
-		AppsFormBasedDetails formBasedDetails=formBasedDetailsService.getAppDetails(id , false);
-		decoderSecret(formBasedDetails);
-		decoderSharedPassword(formBasedDetails);
-		formBasedDetails.transIconBase64();
-
-		modelAndView.addObject("model",formBasedDetails);
-		return modelAndView;
-	}
-	/**
-	 * modify
-	 * @param application
-	 * @return
-	 */
-	@RequestMapping(value={"/update"})  
-	public ModelAndView update(@ModelAttribute("formBasedDetails") AppsFormBasedDetails formBasedDetails) {
-		//
-		_logger.debug("-update  application :" + formBasedDetails);
+	@ResponseBody
+	@RequestMapping(value={"/update"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> update(
+			@RequestBody AppsFormBasedDetails formBasedDetails,
+			@CurrentUser UserInfo currentUser) {
+		_logger.debug("-update  :" + formBasedDetails);
 		transform(formBasedDetails);
-		formBasedDetails.setInstId(WebContext.getUserInfo().getInstId());
-		if (formBasedDetailsService.update(formBasedDetails)&&appsService.updateApp(formBasedDetails)) {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_SUCCESS),MessageType.success);
-			
+		formBasedDetails.setInstId(currentUser.getInstId());
+		if (formBasedDetailsService.update(formBasedDetails)
+				&&appsService.updateApp(formBasedDetails)) {
+		    return new Message<AppsFormBasedDetails>(Message.SUCCESS).buildResponse();
 		} else {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_ERROR),MessageType.error);
+			return new Message<AppsFormBasedDetails>(Message.FAIL).buildResponse();
 		}
-		return   WebContext.forward("forwardUpdate/"+formBasedDetails.getId());
 	}
 	
-
 	@ResponseBody
-	@RequestMapping(value={"/delete/{id}"})
-	public Message delete(@PathVariable("id") String id) {
-		_logger.debug("-delete  application :" + id);
-		if (formBasedDetailsService.remove(id)&&appsService.remove(id)) {
-			return  new Message(WebContext.getI18nValue(ConstsOperateMessage.DELETE_SUCCESS),MessageType.success);
-			
+	@RequestMapping(value={"/delete"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> delete(
+			@RequestParam("ids") String ids,
+			@CurrentUser UserInfo currentUser) {
+		_logger.debug("-delete  ids : {} " , ids);
+		if (formBasedDetailsService.deleteBatch(ids)
+				&& appsService.deleteBatch(ids)) {
+			 return new Message<AppsFormBasedDetails>(Message.SUCCESS).buildResponse();
 		} else {
-			return  new Message(WebContext.getI18nValue(ConstsOperateMessage.DELETE_ERROR),MessageType.error);
+			return new Message<AppsFormBasedDetails>(Message.FAIL).buildResponse();
 		}
 	}
+	
 }
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/JwtDetailsController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/JwtDetailsController.java
@@ -17,23 +17,24 @@

 package org.maxkey.web.apps.contorller;

-import org.maxkey.constants.ConstsOperateMessage;
+import org.maxkey.authn.annotation.CurrentUser;
 import org.maxkey.constants.ConstsProtocols;
 import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.entity.Message;
+import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.AppsJwtDetails;
 import org.maxkey.persistence.service.AppsJwtDetailsService;
-import org.maxkey.web.WebContext;
-import org.maxkey.web.message.Message;
-import org.maxkey.web.message.MessageType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.servlet.ModelAndView;


 @Controller
@@ -44,78 +45,61 @@ public class JwtDetailsController  extends BaseAppContorller {
 	@Autowired
 	AppsJwtDetailsService jwtDetailsService;
 	
-	
-	@RequestMapping(value = { "/forwardAdd" })
-	public ModelAndView forwardAdd() {
-		ModelAndView modelAndView=new ModelAndView("apps/jwt/appAdd");
+	@RequestMapping(value = { "/init" }, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> init() {
 		AppsJwtDetails jwtDetails =new AppsJwtDetails();
 		jwtDetails.setId(jwtDetails.generateId());
 		jwtDetails.setProtocol(ConstsProtocols.JWT);
 		jwtDetails.setSecret(ReciprocalUtils.generateKey(""));
 		jwtDetails.setUserPropertys("userPropertys");
-		modelAndView.addObject("model",jwtDetails);
-		return modelAndView;
+		return new Message<AppsJwtDetails>(jwtDetails).buildResponse();
 	}
 	
+	@RequestMapping(value = { "/get/{id}" }, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> get(@PathVariable("id") String id) {
+		AppsJwtDetails jwtDetails=jwtDetailsService.getAppDetails(id , false);
+		decoderSecret(jwtDetails);
+		jwtDetails.transIconBase64();
+		return new Message<AppsJwtDetails>(jwtDetails).buildResponse();
+	}
 	
-	@RequestMapping(value={"/add"})
-	public ModelAndView insert(@ModelAttribute("jwtDetails") AppsJwtDetails jwtDetails) {
+	@ResponseBody
+	@RequestMapping(value={"/add"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> insert(@RequestBody AppsJwtDetails jwtDetails,@CurrentUser UserInfo currentUser) {
 		_logger.debug("-Add  :" + jwtDetails);
 		
 		transform(jwtDetails);
 		
-		jwtDetails.setInstId(WebContext.getUserInfo().getInstId());
+		jwtDetails.setInstId(currentUser.getInstId());
 		if (jwtDetailsService.insert(jwtDetails)&&appsService.insertApp(jwtDetails)) {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.success);
-			
+			return new Message<AppsJwtDetails>(Message.SUCCESS).buildResponse();
 		} else {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.error);
+			return new Message<AppsJwtDetails>(Message.FAIL).buildResponse();
 		}
-		return   WebContext.forward("forwardUpdate/"+jwtDetails.getId());
 	}
 	
-	@RequestMapping(value = { "/forwardUpdate/{id}" })
-	public ModelAndView forwardUpdate(@PathVariable("id") String id) {
-		ModelAndView modelAndView=new ModelAndView("apps/jwt/appUpdate");
-		AppsJwtDetails jwtDetails=jwtDetailsService.getAppDetails(id , false);
-		decoderSecret(jwtDetails);
-		jwtDetails.transIconBase64();
-
-		modelAndView.addObject("model",jwtDetails);
-		return modelAndView;
-	}
-	/**
-	 * modify
-	 * @param application
-	 * @return
-	 */
-	@RequestMapping(value={"/update"})  
-	public ModelAndView update(@ModelAttribute("jwtDetails") AppsJwtDetails jwtDetails) {
-		//
-		_logger.debug("-update  application :" + jwtDetails);
+	@ResponseBody
+	@RequestMapping(value={"/update"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> update(@RequestBody AppsJwtDetails jwtDetails,@CurrentUser UserInfo currentUser) {
+		_logger.debug("-update  :" + jwtDetails);
 		transform(jwtDetails);
-		jwtDetails.setInstId(WebContext.getUserInfo().getInstId());
+		jwtDetails.setInstId(currentUser.getInstId());
 		if (jwtDetailsService.update(jwtDetails)&&appsService.updateApp(jwtDetails)) {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_SUCCESS),MessageType.success);
-			
+		    return new Message<AppsJwtDetails>(Message.SUCCESS).buildResponse();
 		} else {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_ERROR),MessageType.error);
+			return new Message<AppsJwtDetails>(Message.FAIL).buildResponse();
 		}
-		return   WebContext.forward("forwardUpdate/"+jwtDetails.getId());
 	}
 	
-
 	@ResponseBody
-	@RequestMapping(value={"/delete/{id}"})
-	public Message delete(@PathVariable("id") String id) {
-		_logger.debug("-delete  application :" + id);
-		if (jwtDetailsService.remove(id)&&appsService.remove(id)) {
-			return  new Message(WebContext.getI18nValue(ConstsOperateMessage.DELETE_SUCCESS),MessageType.success);
-			
+	@RequestMapping(value={"/delete"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> delete(@RequestParam("ids") String ids,@CurrentUser UserInfo currentUser) {
+		_logger.debug("-delete  ids : {} " , ids);
+		if (jwtDetailsService.deleteBatch(ids)&&appsService.deleteBatch(ids)) {
+			 return new Message<AppsJwtDetails>(Message.SUCCESS).buildResponse();
 		} else {
-			return  new Message(WebContext.getI18nValue(ConstsOperateMessage.DELETE_SUCCESS),MessageType.error);
+			return new Message<AppsJwtDetails>(Message.FAIL).buildResponse();
 		}
 	}
 	
-	
 }
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/OAuth20DetailsController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/OAuth20DetailsController.java
@@ -17,26 +17,28 @@

 package org.maxkey.web.apps.contorller;

+import org.maxkey.authn.annotation.CurrentUser;
 import org.maxkey.authz.oauth2.common.OAuth2Constants;
 import org.maxkey.authz.oauth2.provider.client.JdbcClientDetailsService;
-import org.maxkey.constants.ConstsOperateMessage;
 import org.maxkey.constants.ConstsProtocols;
 import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.entity.Message;
+import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.Apps;
 import org.maxkey.entity.apps.AppsOAuth20Details;
 import org.maxkey.entity.apps.oauth2.provider.client.BaseClientDetails;
-import org.maxkey.web.WebContext;
-import org.maxkey.web.message.Message;
-import org.maxkey.web.message.MessageType;
+import org.maxkey.util.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.servlet.ModelAndView;


 @Controller
@@ -47,23 +49,35 @@ public class OAuth20DetailsController  extends BaseAppContorller {
 	@Autowired
 	JdbcClientDetailsService oauth20JdbcClientDetailsService;

-	
-	@RequestMapping(value = { "/forwardAdd" })
-	public ModelAndView forwardAdd() {
-		ModelAndView modelAndView=new ModelAndView("apps/oauth20/appAdd");
+	@RequestMapping(value = { "/init" }, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> init() {
 		AppsOAuth20Details oauth20Details=new AppsOAuth20Details();
 		oauth20Details.setId(oauth20Details.generateId());
 		oauth20Details.setSecret(ReciprocalUtils.generateKey(""));
 		oauth20Details.setClientId(oauth20Details.getId());
 		oauth20Details.setClientSecret(oauth20Details.getSecret());
 		oauth20Details.setProtocol(ConstsProtocols.OAUTH20);
-		modelAndView.addObject("model",oauth20Details);
-		return modelAndView;
+		return new Message<AppsOAuth20Details>(oauth20Details).buildResponse();
 	}
 	
+	@RequestMapping(value = { "/get/{id}" }, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> get(@PathVariable("id") String id) {
+		BaseClientDetails baseClientDetails=(BaseClientDetails)oauth20JdbcClientDetailsService.loadClientByClientId(id,false);
+		Apps application=appsService.get(id);//
+		decoderSecret(application);
+		AppsOAuth20Details oauth20Details=new AppsOAuth20Details(application,baseClientDetails);
+		oauth20Details.setSecret(application.getSecret());
+		oauth20Details.setClientSecret(application.getSecret());
+		_logger.debug("forwardUpdate "+oauth20Details);
+		oauth20Details.transIconBase64();
+		return new Message<AppsOAuth20Details>(oauth20Details).buildResponse();
+	}
 	
-	@RequestMapping(value={"/add"})
-	public ModelAndView insert(@ModelAttribute("oauth20Details") AppsOAuth20Details oauth20Details ) {
+	@ResponseBody
+	@RequestMapping(value={"/add"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> add(
+			@RequestBody  AppsOAuth20Details oauth20Details,
+			@CurrentUser UserInfo currentUser) {
 		_logger.debug("-Add  :" + oauth20Details);
 		
 		if(oauth20Details.getProtocol().equalsIgnoreCase(ConstsProtocols.OAUTH21)) {
@@ -72,76 +86,55 @@ public class OAuth20DetailsController  extends BaseAppContorller {
 		transform(oauth20Details);

 		oauth20Details.setClientSecret(oauth20Details.getSecret());
-		oauth20Details.setInstId(WebContext.getUserInfo().getInstId());
+		oauth20Details.setInstId(currentUser.getInstId());
 		
 		oauth20JdbcClientDetailsService.addClientDetails(oauth20Details.clientDetailsRowMapper());
 		if (appsService.insertApp(oauth20Details)) {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.success);
-			
+			return new Message<AppsOAuth20Details>(Message.SUCCESS).buildResponse();
 		} else {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.error);
+			return new Message<AppsOAuth20Details>(Message.FAIL).buildResponse();
 		}
-		return   WebContext.forward("forwardUpdate/"+oauth20Details.getId());
 	}
 	
-	@RequestMapping(value = { "/forwardUpdate/{id}" })
-	public ModelAndView forwardUpdate(@PathVariable("id") String id) {
-		ModelAndView modelAndView=new ModelAndView("apps/oauth20/appUpdate");
-		BaseClientDetails baseClientDetails=(BaseClientDetails)oauth20JdbcClientDetailsService.loadClientByClientId(id,false);
-		Apps application=appsService.get(id);//
-		decoderSecret(application);
-		AppsOAuth20Details oauth20Details=new AppsOAuth20Details(application,baseClientDetails);
-		oauth20Details.setSecret(application.getSecret());
-		oauth20Details.setClientSecret(application.getSecret());
-		_logger.debug("forwardUpdate "+oauth20Details);
-		oauth20Details.transIconBase64();
-		modelAndView.addObject("model",oauth20Details);
-		return modelAndView;
-	}
-	/**
-	 * modify
-	 * @param application
-	 * @return
-	 */
-	@RequestMapping(value={"/update"})  
-	public ModelAndView update( @ModelAttribute("oauth20Details") AppsOAuth20Details oauth20Details) {
-		//
+	@ResponseBody
+	@RequestMapping(value={"/update"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> update(
+			@RequestBody  AppsOAuth20Details oauth20Details,
+			@CurrentUser UserInfo currentUser) {
+		_logger.debug("-update  :" + oauth20Details);
 		_logger.debug("-update  application :" + oauth20Details);
 		_logger.debug("-update  oauth20Details use oauth20JdbcClientDetails" );
 		if(oauth20Details.getProtocol().equalsIgnoreCase(ConstsProtocols.OAUTH21)) {
            oauth20Details.setPkce(OAuth2Constants.PKCE_TYPE.PKCE_TYPE_YES);
        }
 		oauth20Details.setClientSecret(oauth20Details.getSecret());
-		oauth20Details.setInstId(WebContext.getUserInfo().getInstId());
+		oauth20Details.setInstId(currentUser.getInstId());
        oauth20JdbcClientDetailsService.updateClientDetails(oauth20Details.clientDetailsRowMapper());
        oauth20JdbcClientDetailsService.updateClientSecret(oauth20Details.getClientId(), oauth20Details.getClientSecret());
        
 		transform(oauth20Details);
 		
 		if (appsService.updateApp(oauth20Details)) {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_SUCCESS),MessageType.success);
+		    return new Message<AppsOAuth20Details>(Message.SUCCESS).buildResponse();
 		} else {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_ERROR),MessageType.error);
+			return new Message<AppsOAuth20Details>(Message.FAIL).buildResponse();
 		}
-		return   WebContext.forward("forwardUpdate/"+oauth20Details.getId());
 	}
 	
-
 	@ResponseBody
-	@RequestMapping(value={"/delete/{id}"})
-	public Message delete(@PathVariable("id") String id) {
-		_logger.debug("-delete  application :" + id);
-		oauth20JdbcClientDetailsService.removeClientDetails(id);
-		if (appsService.remove(id)) {
-			return  new Message(WebContext.getI18nValue(ConstsOperateMessage.DELETE_SUCCESS),MessageType.success);
-			
+	@RequestMapping(value={"/delete"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> delete(
+			@RequestParam("ids") String ids,
+			@CurrentUser UserInfo currentUser) {
+		_logger.debug("-delete  ids : {} " , ids);
+		for (String id : StringUtils.split(ids, ",")){
+			oauth20JdbcClientDetailsService.removeClientDetails(id);
+		}
+		if (appsService.deleteBatch(ids)) {
+			 return new Message<AppsOAuth20Details>(Message.SUCCESS).buildResponse();
 		} else {
-			return  new Message(WebContext.getI18nValue(ConstsOperateMessage.DELETE_SUCCESS),MessageType.error);
+			return new Message<AppsOAuth20Details>(Message.FAIL).buildResponse();
 		}
 	}
 	
-	
-	
-	
-	
 }
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/SAML20DetailsController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/SAML20DetailsController.java
@@ -25,19 +25,18 @@ import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
+import org.maxkey.authn.annotation.CurrentUser;
 import org.maxkey.authz.saml20.metadata.MetadataDescriptorUtil;
 import org.maxkey.configuration.ApplicationConfig;
-import org.maxkey.constants.ConstsOperateMessage;
 import org.maxkey.constants.ConstsProtocols;
 import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.crypto.cert.X509CertUtils;
 import org.maxkey.crypto.keystore.KeyStoreLoader;
 import org.maxkey.crypto.keystore.KeyStoreUtil;
+import org.maxkey.entity.Message;
+import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.AppsSAML20Details;
 import org.maxkey.persistence.service.AppsSaml20DetailsService;
-import org.maxkey.web.WebContext;
-import org.maxkey.web.message.Message;
-import org.maxkey.web.message.MessageType;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
@@ -45,12 +44,14 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.servlet.ModelAndView;


 @Controller
@@ -68,88 +69,83 @@ public class SAML20DetailsController   extends BaseAppContorller {
 	@Autowired
 	ApplicationConfig applicationConfig;
 	
-	@RequestMapping(value = { "/forwardAdd" })
-	public ModelAndView forwardAdd() {
-		ModelAndView modelAndView=new ModelAndView("apps/saml20/appAdd");
+	@RequestMapping(value = { "/init" }, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> init() {
 		AppsSAML20Details saml20Details=new AppsSAML20Details();
 		saml20Details.setSecret(ReciprocalUtils.generateKey(""));
 		saml20Details.setProtocol(ConstsProtocols.SAML20);
 		saml20Details.setId(saml20Details.generateId());
-		modelAndView.addObject("model",saml20Details);
-		 
-		return modelAndView;
+		return new Message<AppsSAML20Details>(saml20Details).buildResponse();
 	}
 	
+	@RequestMapping(value = { "/get/{id}" }, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> get(@PathVariable("id") String id) {
+		AppsSAML20Details saml20Details=saml20DetailsService.getAppDetails(id , false);
+		decoderSecret(saml20Details);
+		saml20Details.transIconBase64();
+		//modelAndView.addObject("model",saml20Details);
+		//modelAndView.addObject("authzURI",applicationConfig.getAuthzUri());
+		return new Message<AppsSAML20Details>(saml20Details).buildResponse();
+	}
 	
-	@RequestMapping(value={"/add"})
-	public ModelAndView insert(@ModelAttribute("saml20Details") AppsSAML20Details saml20Details) {
+	@ResponseBody
+	@RequestMapping(value={"/add"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> add(
+			@RequestBody AppsSAML20Details saml20Details,
+			@CurrentUser UserInfo currentUser) {
 		_logger.debug("-Add  :" + saml20Details);
-
+		
 		try {
 			transform(saml20Details);
 		} catch (Exception e) {
 			e.printStackTrace();
 		}
-		saml20Details.setInstId(WebContext.getUserInfo().getInstId());
+		saml20Details.setInstId(currentUser.getInstId());
 		saml20DetailsService.insert(saml20Details);
 		if (appsService.insertApp(saml20Details)) {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.success);
-			
+			return new Message<AppsSAML20Details>(Message.SUCCESS).buildResponse();
 		} else {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.error);
+			return new Message<AppsSAML20Details>(Message.FAIL).buildResponse();
 		}
-		return   WebContext.forward("forwardUpdate/"+saml20Details.getId());
 	}
 	
-	@RequestMapping(value = { "/forwardUpdate/{id}" })
-	public ModelAndView forwardUpdate(@PathVariable("id") String id) {
-		ModelAndView modelAndView=new ModelAndView("apps/saml20/appUpdate");
-		AppsSAML20Details saml20Details=saml20DetailsService.getAppDetails(id , false);
-		decoderSecret(saml20Details);
-		saml20Details.transIconBase64();
-		modelAndView.addObject("model",saml20Details);
-		modelAndView.addObject("authzURI",applicationConfig.getAuthzUri());
-		return modelAndView;
-	}
-	/**
-	 * modify
-	 * @param application
-	 * @return
-	 */
-	@RequestMapping(value={"/update"})  
-	public ModelAndView update(@ModelAttribute("saml20Details") AppsSAML20Details saml20Details) {
-		//
-		_logger.debug("-update  application :" + saml20Details);
-	   _logger.debug("");
+	@ResponseBody
+	@RequestMapping(value={"/update"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> update(
+			@RequestBody AppsSAML20Details saml20Details,
+			@CurrentUser UserInfo currentUser) {
+		_logger.debug("-update  :" + saml20Details);
 		try {
 			transform(saml20Details);
 		} catch (Exception e) {
 			e.printStackTrace();
 		}
-		saml20Details.setInstId(WebContext.getUserInfo().getInstId());
+		saml20Details.setInstId(currentUser.getInstId());
 		saml20DetailsService.update(saml20Details);
 		if (appsService.updateApp(saml20Details)) {
-			 new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_SUCCESS),MessageType.success);
-			
+		    return new Message<AppsSAML20Details>(Message.SUCCESS).buildResponse();
 		} else {
-			 new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_ERROR),MessageType.error);
+			return new Message<AppsSAML20Details>(Message.FAIL).buildResponse();
 		}
-		return   WebContext.forward("forwardUpdate/"+saml20Details.getId());
 	}
 	
-
 	@ResponseBody
-	@RequestMapping(value={"/delete/{id}"})
-	public Message delete(@PathVariable("id") String id) {
-		_logger.debug("-delete  application :" + id);
-		if (saml20DetailsService.remove(id)&&appsService.remove(id)) {
-			return  new Message(WebContext.getI18nValue(ConstsOperateMessage.DELETE_SUCCESS),MessageType.success);
-			
+	@RequestMapping(value={"/delete"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> delete(
+			@RequestParam("ids") String ids,
+			@CurrentUser UserInfo currentUser) {
+		_logger.debug("-delete  ids : {} " , ids);
+		if (saml20DetailsService.deleteBatch(ids)&&appsService.deleteBatch(ids)) {
+			 return new Message<AppsSAML20Details>(Message.SUCCESS).buildResponse();
 		} else {
-			return  new Message(WebContext.getI18nValue(ConstsOperateMessage.DELETE_SUCCESS),MessageType.error);
+			return new Message<AppsSAML20Details>(Message.FAIL).buildResponse();
 		}
 	}
 	
+	//////////////////////////////
+
+	
+
 	protected AppsSAML20Details transform(AppsSAML20Details samlDetails) throws Exception{
 		
 		super.transform(samlDetails);

--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/TokenBasedDetailsController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/TokenBasedDetailsController.java
@@ -17,23 +17,25 @@

 package org.maxkey.web.apps.contorller;

-import org.maxkey.constants.ConstsOperateMessage;
+import org.maxkey.authn.annotation.CurrentUser;
 import org.maxkey.constants.ConstsProtocols;
 import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.entity.Message;
+import org.maxkey.entity.UserInfo;
+import org.maxkey.entity.apps.AppsJwtDetails;
 import org.maxkey.entity.apps.AppsTokenBasedDetails;
 import org.maxkey.persistence.service.AppsTokenBasedDetailsService;
-import org.maxkey.web.WebContext;
-import org.maxkey.web.message.Message;
-import org.maxkey.web.message.MessageType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.servlet.ModelAndView;


 @Controller
@@ -44,83 +46,74 @@ public class TokenBasedDetailsController  extends BaseAppContorller {
 	@Autowired
 	AppsTokenBasedDetailsService tokenBasedDetailsService;
 	
-	
-	@RequestMapping(value = { "/forwardAdd" })
-	public ModelAndView forwardAdd() {
-		ModelAndView modelAndView=new ModelAndView("apps/tokenbased/appAdd");
+	@RequestMapping(value = { "/init" }, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> init() {
 		AppsTokenBasedDetails tokenBasedDetails =new AppsTokenBasedDetails();
 		tokenBasedDetails.setId(tokenBasedDetails.generateId());
 		tokenBasedDetails.setProtocol(ConstsProtocols.TOKENBASED);
 		tokenBasedDetails.setSecret(ReciprocalUtils.generateKey(ReciprocalUtils.Algorithm.AES));
 		tokenBasedDetails.setAlgorithmKey(tokenBasedDetails.getSecret());
 		tokenBasedDetails.setUserPropertys("userPropertys");
-		modelAndView.addObject("model",tokenBasedDetails);
-		return modelAndView;
+		return new Message<AppsTokenBasedDetails>(tokenBasedDetails).buildResponse();
 	}
 	
+	@RequestMapping(value = { "/get/{id}" }, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> get(@PathVariable("id") String id) {
+		AppsTokenBasedDetails tokenBasedDetails=tokenBasedDetailsService.getAppDetails(id , false);
+		decoderSecret(tokenBasedDetails);
+		String algorithmKey=passwordReciprocal.decoder(tokenBasedDetails.getAlgorithmKey());
+		tokenBasedDetails.setAlgorithmKey(algorithmKey);
+		tokenBasedDetails.transIconBase64();
+		return new Message<AppsTokenBasedDetails>(tokenBasedDetails).buildResponse();
+	}
 	
-	@RequestMapping(value={"/add"})
-	public ModelAndView insert(@ModelAttribute("tokenBasedDetails") AppsTokenBasedDetails tokenBasedDetails) {
+	@ResponseBody
+	@RequestMapping(value={"/add"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> add(
+			@RequestBody AppsTokenBasedDetails tokenBasedDetails,
+			@CurrentUser UserInfo currentUser) {
 		_logger.debug("-Add  :" + tokenBasedDetails);
 		
 		transform(tokenBasedDetails);
 		
 		tokenBasedDetails.setAlgorithmKey(tokenBasedDetails.getSecret());
-		tokenBasedDetails.setInstId(WebContext.getUserInfo().getInstId());
-		if (tokenBasedDetailsService.insert(tokenBasedDetails)&&appsService.insertApp(tokenBasedDetails)) {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.success);
-			
+		tokenBasedDetails.setInstId(currentUser.getInstId());
+		if (tokenBasedDetailsService.insert(tokenBasedDetails)
+				&&appsService.insertApp(tokenBasedDetails)) {
+			return new Message<AppsJwtDetails>(Message.SUCCESS).buildResponse();
 		} else {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.error);
+			return new Message<AppsJwtDetails>(Message.FAIL).buildResponse();
 		}
-		return   WebContext.forward("forwardUpdate/"+tokenBasedDetails.getId());
 	}
 	
-	@RequestMapping(value = { "/forwardUpdate/{id}" })
-	public ModelAndView forwardUpdate(@PathVariable("id") String id) {
-		ModelAndView modelAndView=new ModelAndView("apps/tokenbased/appUpdate");
-		AppsTokenBasedDetails tokenBasedDetails=tokenBasedDetailsService.getAppDetails(id , false);
-		decoderSecret(tokenBasedDetails);
-		String algorithmKey=passwordReciprocal.decoder(tokenBasedDetails.getAlgorithmKey());
-		tokenBasedDetails.setAlgorithmKey(algorithmKey);
-		tokenBasedDetails.transIconBase64();
-
-		modelAndView.addObject("model",tokenBasedDetails);
-		return modelAndView;
-	}
-	/**
-	 * modify
-	 * @param application
-	 * @return
-	 */
-	@RequestMapping(value={"/update"})  
-	public ModelAndView update(@ModelAttribute("tokenBasedDetails") AppsTokenBasedDetails tokenBasedDetails) {
-		//
-		_logger.debug("-update  application :" + tokenBasedDetails);
+	@ResponseBody
+	@RequestMapping(value={"/update"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> update(
+			@RequestBody AppsTokenBasedDetails tokenBasedDetails,
+			@CurrentUser UserInfo currentUser) {
+		_logger.debug("-update  :" + tokenBasedDetails);
 		transform(tokenBasedDetails);
 		tokenBasedDetails.setAlgorithmKey(tokenBasedDetails.getSecret());
-		tokenBasedDetails.setInstId(WebContext.getUserInfo().getInstId());
-		if (tokenBasedDetailsService.update(tokenBasedDetails)&&appsService.updateApp(tokenBasedDetails)) {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_SUCCESS),MessageType.success);
-			
+		tokenBasedDetails.setInstId(currentUser.getInstId());
+		if (tokenBasedDetailsService.update(tokenBasedDetails)
+				&&appsService.updateApp(tokenBasedDetails)) {
+		    return new Message<AppsJwtDetails>(Message.SUCCESS).buildResponse();
 		} else {
-			  new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_ERROR),MessageType.error);
+			return new Message<AppsJwtDetails>(Message.FAIL).buildResponse();
 		}
-		return   WebContext.forward("forwardUpdate/"+tokenBasedDetails.getId());
 	}
 	
-
 	@ResponseBody
-	@RequestMapping(value={"/delete/{id}"})
-	public Message delete(@PathVariable("id") String id) {
-		_logger.debug("-delete  application :" + id);
-		if (tokenBasedDetailsService.remove(id)&&appsService.remove(id)) {
-			return  new Message(WebContext.getI18nValue(ConstsOperateMessage.DELETE_SUCCESS),MessageType.success);
-			
+	@RequestMapping(value={"/delete"}, produces = {MediaType.APPLICATION_JSON_VALUE})
+	public ResponseEntity<?> delete(
+			@RequestParam("ids") String ids,
+			@CurrentUser UserInfo currentUser) {
+		_logger.debug("-delete  ids : {} " , ids);
+		if (tokenBasedDetailsService.deleteBatch(ids)&&appsService.deleteBatch(ids)) {
+			 return new Message<AppsJwtDetails>(Message.SUCCESS).buildResponse();
 		} else {
-			return  new Message(WebContext.getI18nValue(ConstsOperateMessage.DELETE_SUCCESS),MessageType.error);
+			return new Message<AppsJwtDetails>(Message.FAIL).buildResponse();
 		}
 	}
 	
-	
 }
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/permissions/contorller/RolePrivilegesController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/permissions/contorller/RolePrivilegesController.java
@@ -35,6 +35,7 @@ import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseBody;

@@ -51,7 +52,7 @@ public class RolePrivilegesController {
 	@ResponseBody
 	@RequestMapping(value={"/update"}, produces = {MediaType.APPLICATION_JSON_VALUE})
 	public  ResponseEntity<?> update(
-			@ModelAttribute RolePrivileges rolePrivileges,
+			@RequestBody RolePrivileges rolePrivileges,
 			@CurrentUser UserInfo currentUser) {
 		_logger.debug("-update  : " + rolePrivileges);
 		//have