diff --git a/eiam-audit/src/main/java/cn/topiam/employee/audit/context/AuditContext.java b/eiam-audit/src/main/java/cn/topiam/employee/audit/context/AuditContext.java
index 667113b4..aee7f92b 100644
--- a/eiam-audit/src/main/java/cn/topiam/employee/audit/context/AuditContext.java
+++ b/eiam-audit/src/main/java/cn/topiam/employee/audit/context/AuditContext.java
@@ -22,6 +22,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 
+import org.springframework.security.core.Authentication;
 import org.springframework.util.CollectionUtils;
 
 import com.alibaba.ttl.TransmittableThreadLocal;
@@ -41,6 +42,11 @@ public class AuditContext {
      */
     private static final TransmittableThreadLocal<String>              CONTENT         = new TransmittableThreadLocal<>();
 
+    /**
+     * Authentication
+     */
+    private static final TransmittableThreadLocal<Authentication>      AUTHENTICATION  = new TransmittableThreadLocal<>();
+
     /**
      * 目标对象
      */
@@ -122,6 +128,19 @@ public class AuditContext {
         ADDITIONAL_DATA.set(value);
     }
 
+    /**
+     * Get Authentication
+     *
+     * @return {@link Authentication}
+     */
+    public static Authentication getAuthorization() {
+        return AUTHENTICATION.get();
+    }
+
+    public static void setAuthorization(Authentication authorization) {
+        AUTHENTICATION.set(authorization);
+    }
+
     /**
      * Get Target
      *
@@ -156,6 +175,13 @@ public class AuditContext {
         TARGET_LIST.remove();
     }
 
+    /**
+     * Remove Authentication
+     */
+    public static void removeAuthentication() {
+        AUTHENTICATION.remove();
+    }
+
     /**
      * remove
      */
@@ -182,5 +208,7 @@ public class AuditContext {
         removeAdditionalData();
         removeContent();
         removeTarget();
+        removeAuthentication();
     }
+
 }
diff --git a/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Actor.java b/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Actor.java
index bbf4dd48..0935d4b4 100644
--- a/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Actor.java
+++ b/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Actor.java
@@ -40,6 +40,8 @@ public class Actor implements Serializable {
     public static final String ACTOR_ID         = "actor.id";
     public static final String ACTOR_TYPE       = "actor.type";
 
+    public static final String ACTOR_AUTH_TYPE  = "actor.auth_type.keyword";
+
     @Serial
     private static final long  serialVersionUID = -1144169992714000310L;
     /**
@@ -54,4 +56,10 @@ public class Actor implements Serializable {
     @Field(type = FieldType.Keyword, name = "type")
     private UserType           type;
 
+    /**
+     * 身份验证类型
+     */
+    @Field(type = FieldType.Keyword, name = "auth_type")
+    private String             authType;
+
 }
diff --git a/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/AuditEntity.java b/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/AuditEntity.java
index 1c2adfde..7da1b835 100644
--- a/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/AuditEntity.java
+++ b/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/AuditEntity.java
@@ -25,18 +25,23 @@ import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.Table;
 
+import org.hibernate.annotations.SQLDelete;
+import org.hibernate.annotations.SQLDeleteAll;
 import org.hibernate.annotations.Type;
+import org.hibernate.annotations.Where;
 
 import cn.topiam.employee.audit.enums.EventStatus;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.common.enums.UserType;
-import cn.topiam.employee.support.repository.domain.BaseEntity;
+import cn.topiam.employee.support.repository.domain.LogicDeleteEntity;
 
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import lombok.Setter;
 import lombok.ToString;
 import lombok.experimental.Accessors;
+import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET;
+import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE;
 
 /**
  * 审计
@@ -51,7 +56,10 @@ import lombok.experimental.Accessors;
 @Accessors(chain = true)
 @Entity
 @Table(name = "audit")
-public class AuditEntity extends BaseEntity<Long> {
+@SQLDelete(sql = "update audit set " + SOFT_DELETE_SET + " where id_ = ?")
+@SQLDeleteAll(sql = "update audit set " + SOFT_DELETE_SET + " where id_ = ?")
+@Where(clause = SOFT_DELETE_WHERE)
+public class AuditEntity extends LogicDeleteEntity<Long> {
 
     @Serial
     private static final long serialVersionUID = -3119319193111206582L;
@@ -136,4 +144,10 @@ public class AuditEntity extends BaseEntity<Long> {
      */
     @Column(name = "actor_type")
     private UserType          actorType;
+
+    /**
+     * 身份验证类型
+     */
+    @Column(name = "actor_auth_type")
+    private String            actorAuthType;
 }
diff --git a/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Event.java b/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Event.java
index 6b7b7787..f145df1a 100644
--- a/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Event.java
+++ b/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Event.java
@@ -64,7 +64,7 @@ public class Event implements Serializable {
     /**
      * 事件内容
      */
-    @Field(type = FieldType.Text, name = "content")
+    @Field(type = FieldType.Object, name = "content")
     private String             content;
 
     /**
diff --git a/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/GeoLocation.java b/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/GeoLocation.java
index 6d36b0fd..2d9ac4e4 100644
--- a/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/GeoLocation.java
+++ b/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/GeoLocation.java
@@ -41,7 +41,9 @@ import lombok.Data;
 public class GeoLocation implements Serializable {
 
     @Serial
-    private static final long   serialVersionUID = -1144169992714000310L;
+    private static final long   serialVersionUID           = -1144169992714000310L;
+
+    public static final String  GEO_LOCATION_PROVINCE_CODE = "geo_location.province_code.keyword";
 
     /**
      * IP
diff --git a/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Target.java b/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Target.java
index 054b1e64..9b143bec 100644
--- a/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Target.java
+++ b/eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Target.java
@@ -48,6 +48,12 @@ public class Target implements Serializable {
      */
     @Field(type = FieldType.Keyword, name = "id")
     private String             id;
+
+    /**
+     * 目标名称
+     */
+    @Field(type = FieldType.Keyword, name = "name")
+    private String             name;
     /**
      *
      * 目标类型
@@ -55,4 +61,9 @@ public class Target implements Serializable {
     @Field(type = FieldType.Keyword, name = "type")
     private TargetType         type;
 
+    /**
+     * 目标类型名称
+     */
+    @Field(type = FieldType.Keyword, name = "type_name")
+    private String             typeName;
 }
diff --git a/eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEvent.java b/eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEvent.java
index 93cce30b..138b1136 100644
--- a/eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEvent.java
+++ b/eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEvent.java
@@ -18,7 +18,7 @@
 package cn.topiam.employee.audit.event;
 
 import java.io.Serial;
-import java.util.*;
+import java.util.List;
 
 import org.springframework.context.ApplicationEvent;
 
diff --git a/eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEventListener.java b/eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEventListener.java
index 5410e82f..af91a912 100644
--- a/eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEventListener.java
+++ b/eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEventListener.java
@@ -30,7 +30,7 @@ import org.springframework.lang.NonNull;
 import org.springframework.stereotype.Component;
 
 import cn.topiam.employee.audit.entity.*;
-import cn.topiam.employee.audit.repository.*;
+import cn.topiam.employee.audit.repository.AuditRepository;
 import cn.topiam.employee.core.configuration.EiamSupportProperties;
 import static cn.topiam.employee.common.constants.AuditConstants.getAuditIndexPrefix;
 import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_FORMATTER_PATTERN;
diff --git a/eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEventPublish.java b/eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEventPublish.java
index f1ab28d9..20d2d3f6 100644
--- a/eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEventPublish.java
+++ b/eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEventPublish.java
@@ -35,6 +35,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 
 import com.alibaba.fastjson2.JSONObject;
+import com.google.common.collect.Maps;
 
 import cn.topiam.employee.audit.entity.*;
 import cn.topiam.employee.audit.enums.EventStatus;
@@ -92,12 +93,13 @@ public class AuditEventPublish {
      * @param eventType {@link EventType}
      */
     public void publish(EventType eventType, Authentication authentication, EventStatus eventStatus,
-                        List<Target> targets) {
+                        List<Target> targets, String result) {
         //@formatter:off
         //封装操作事件
         Event event = Event.builder()
                 .type(eventType)
                 .time(Instant.now())
+                .result(result)
                 .status(eventStatus).build();
         if (authentication.getPrincipal() instanceof UserDetails){
             String username = ((UserDetails) authentication.getPrincipal()).getUsername();
@@ -114,6 +116,37 @@ public class AuditEventPublish {
         //@formatter:on
     }
 
+    /**
+     * 发布 审计事件
+     *
+     * @param eventType {@link EventType}
+     */
+    public void publish(EventType eventType, Authentication authentication, EventStatus eventStatus,
+                        List<Target> targets) {
+        //@formatter:off
+        //封装操作事件
+        Event event = Event.builder()
+                .type(eventType)
+                .time(Instant.now())
+                .status(eventStatus).build();
+        if (authentication.getPrincipal() instanceof UserDetails principal){
+            String username = principal.getUsername();
+            Map<String,String> content= Maps.newConcurrentMap();
+            content.put("auth_type",principal.getAuthType());
+            content.put("desc",username+"："+event.getType().getDesc());
+            event.setContent(JSONObject.toJSONString(content));
+        }
+        //封装地理位置
+        GeoLocation geoLocationModal = getGeoLocation();
+        //封装用户代理
+        UserAgent userAgent = getUserAgent();
+        //封装操作人
+        Actor actor = getActor(authentication);
+        //Publish AuditEvent
+        applicationEventPublisher.publishEvent(new AuditEvent(TraceUtils.get(), ServletContextHelp.getSession().getId(), actor, event, userAgent, geoLocationModal, targets));
+        //@formatter:on
+    }
+
     /**
      * 发布 审计事件
      *
@@ -209,10 +242,16 @@ public class AuditEventPublish {
         //@formatter:off
         SecurityContext securityContext = SecurityContextHolder.getContext();
         Authentication authentication = securityContext.getAuthentication();
-        return Actor.builder()
+        Object principal = authentication.getPrincipal();
+
+        Actor actor = Actor.builder()
                 .id(getActorId(authentication))
                 .type(getActorType(authentication))
                 .build();
+        if (principal instanceof UserDetails){
+            actor.setAuthType(((UserDetails) principal).getAuthType());
+        }
+        return actor;
         //@formatter:on
     }
 
@@ -223,10 +262,15 @@ public class AuditEventPublish {
      */
     private Actor getActor(Authentication authentication) {
         //@formatter:off
-        return Actor.builder()
+        Actor actor = Actor.builder()
                 .id(getActorId(authentication))
                 .type(getActorType(authentication))
                 .build();
+        Object principal = authentication.getPrincipal();
+        if (principal instanceof UserDetails){
+            actor.setAuthType(((UserDetails) principal).getAuthType());
+        }
+        return actor;
         //@formatter:on
     }
 
diff --git a/eiam-audit/src/main/java/cn/topiam/employee/audit/repository/AuditRepository.java b/eiam-audit/src/main/java/cn/topiam/employee/audit/repository/AuditRepository.java
index 3b05e6cf..21615f80 100644
--- a/eiam-audit/src/main/java/cn/topiam/employee/audit/repository/AuditRepository.java
+++ b/eiam-audit/src/main/java/cn/topiam/employee/audit/repository/AuditRepository.java
@@ -21,11 +21,11 @@ import java.time.LocalDateTime;
 
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.querydsl.QuerydslPredicateExecutor;
-import org.springframework.data.repository.CrudRepository;
 import org.springframework.data.repository.query.Param;
 import org.springframework.stereotype.Repository;
 
 import cn.topiam.employee.audit.entity.AuditEntity;
+import cn.topiam.employee.support.repository.LogicDeleteRepository;
 
 /**
  * 行为审计repository
@@ -34,7 +34,7 @@ import cn.topiam.employee.audit.entity.AuditEntity;
  * Created by support@topiam.cn on  2021/9/11 22:32
  */
 @Repository
-public interface AuditRepository extends CrudRepository<AuditEntity, Long>,
+public interface AuditRepository extends LogicDeleteRepository<AuditEntity, Long>,
                                  QuerydslPredicateExecutor<AuditEntity> {
 
     /**
diff --git a/eiam-audit/src/main/java/cn/topiam/employee/audit/service/converter/AuditDataConverter.java b/eiam-audit/src/main/java/cn/topiam/employee/audit/service/converter/AuditDataConverter.java
index e23eebe9..ffef737d 100644
--- a/eiam-audit/src/main/java/cn/topiam/employee/audit/service/converter/AuditDataConverter.java
+++ b/eiam-audit/src/main/java/cn/topiam/employee/audit/service/converter/AuditDataConverter.java
@@ -40,13 +40,33 @@ import com.google.common.collect.Lists;
 
 import cn.topiam.employee.audit.controller.pojo.AuditListQuery;
 import cn.topiam.employee.audit.controller.pojo.AuditListResult;
-import cn.topiam.employee.audit.entity.*;
+import cn.topiam.employee.audit.entity.Actor;
+import cn.topiam.employee.audit.entity.AuditElasticSearchEntity;
+import cn.topiam.employee.audit.entity.Event;
+import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.EventType;
+import cn.topiam.employee.audit.enums.TargetType;
+import cn.topiam.employee.common.entity.account.OrganizationEntity;
 import cn.topiam.employee.common.entity.account.UserEntity;
+import cn.topiam.employee.common.entity.account.UserGroupEntity;
+import cn.topiam.employee.common.entity.app.AppEntity;
+import cn.topiam.employee.common.entity.app.AppPermissionResourceEntity;
+import cn.topiam.employee.common.entity.app.AppPermissionRoleEntity;
+import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity;
+import cn.topiam.employee.common.entity.identitysource.IdentitySourceEntity;
 import cn.topiam.employee.common.entity.setting.AdministratorEntity;
+import cn.topiam.employee.common.entity.setting.MailTemplateEntity;
 import cn.topiam.employee.common.enums.UserType;
+import cn.topiam.employee.common.repository.account.OrganizationRepository;
+import cn.topiam.employee.common.repository.account.UserGroupRepository;
 import cn.topiam.employee.common.repository.account.UserRepository;
+import cn.topiam.employee.common.repository.app.AppPermissionResourceRepository;
+import cn.topiam.employee.common.repository.app.AppPermissionRoleRepository;
+import cn.topiam.employee.common.repository.app.AppRepository;
+import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
+import cn.topiam.employee.common.repository.identitysource.IdentitySourceRepository;
 import cn.topiam.employee.common.repository.setting.AdministratorRepository;
+import cn.topiam.employee.common.repository.setting.MailTemplateRepository;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
@@ -69,7 +89,7 @@ public interface AuditDataConverter {
      * searchHits 转审计列表
      *
      * @param search {@link SearchHits}
-     * @param page {@link PageModel}
+     * @param page   {@link PageModel}
      * @return {@link Page}
      */
     default Page<AuditListResult> searchHitsConvertToAuditListResult(SearchHits<AuditElasticSearchEntity> search,
@@ -94,6 +114,14 @@ public interface AuditDataConverter {
             //用户类型
             result.setUserType(actor.getType().getCode());
             //操作对象
+            if (Objects.nonNull(content.getTargets())) {
+                for (Target target : content.getTargets()) {
+                    if (Objects.nonNull(target.getId())) {
+                        target.setName(getTargetName(target.getType(), target.getId()));
+                    }
+                    target.setTypeName(target.getType().getDesc());
+                }
+            }
             result.setTargets(content.getTargets());
             list.add(result);
         });
@@ -102,7 +130,7 @@ public interface AuditDataConverter {
         result.setPagination(Page.Pagination.builder()
                 .total(search.getTotalHits())
                 .totalPages(Math.toIntExact(search.getTotalHits() / page.getPageSize()))
-                .current(page.getCurrent()+1)
+                .current(page.getCurrent() + 1)
                 .build());
         result.setList(list);
         //@formatter:on
@@ -110,10 +138,9 @@ public interface AuditDataConverter {
     }
 
     /**
-     *
      * 获取用户名
      *
-     * @param actorId {@link String}
+     * @param actorId   {@link String}
      * @param actorType {@link UserType}
      * @return {@link String}
      */
@@ -140,7 +167,7 @@ public interface AuditDataConverter {
      * 审计列表请求到本机搜索查询
      *
      * @param query {@link AuditListQuery}
-     * @param page {@link PageModel}
+     * @param page  {@link PageModel}
      * @return {@link NativeSearchQuery}
      */
     default NativeSearchQuery auditListRequestConvertToNativeSearchQuery(AuditListQuery query,
@@ -201,4 +228,118 @@ public interface AuditDataConverter {
             //排序
             .withSorts(fieldSortBuilders).build();
     }
+
+    /**
+     * 获取目标名称
+     *
+     * @param targetType {@link TargetType}
+     * @param id         {@link String}
+     * @return
+     */
+    @SuppressWarnings("AlibabaMethodTooLong")
+    default String getTargetName(TargetType targetType, String id) {
+        String name = "";
+        if (TargetType.USER.equals(targetType) || TargetType.USER_DETAIL.equals(targetType)) {
+            UserRepository userRepository = ApplicationContextHelp.getBean(UserRepository.class);
+            Optional<UserEntity> user = userRepository.findByIdContainsDeleted(Long.valueOf(id));
+            if (user.isPresent()) {
+                name = user.get().getUsername();
+            }
+        }
+
+        if (TargetType.USER_GROUP.equals(targetType)) {
+            UserGroupRepository userGroupRepository = ApplicationContextHelp
+                .getBean(UserGroupRepository.class);
+            Optional<UserGroupEntity> userGroup = userGroupRepository
+                .findByIdContainsDeleted(Long.valueOf(id));
+            if (userGroup.isPresent()) {
+                name = userGroup.get().getName();
+            }
+        }
+
+        if (TargetType.IDENTITY_SOURCE.equals(targetType)) {
+            IdentitySourceRepository identitySourceRepository = ApplicationContextHelp
+                .getBean(IdentitySourceRepository.class);
+            Optional<IdentitySourceEntity> identitySource = identitySourceRepository
+                .findByIdContainsDeleted(Long.valueOf(id));
+            if (identitySource.isPresent()) {
+                name = identitySource.get().getName();
+            }
+        }
+
+        if (TargetType.ORGANIZATION.equals(targetType)) {
+            OrganizationRepository organizationRepository = ApplicationContextHelp
+                .getBean(OrganizationRepository.class);
+            Optional<OrganizationEntity> organizationEntity = organizationRepository
+                .findByIdContainsDeleted(id);
+            if (organizationEntity.isPresent()) {
+                name = organizationEntity.get().getName();
+            }
+        }
+
+        if (TargetType.APPLICATION.equals(targetType)) {
+            AppRepository appRepository = ApplicationContextHelp.getBean(AppRepository.class);
+            Optional<AppEntity> appEntity = appRepository.findByIdContainsDeleted(Long.valueOf(id));
+            if (appEntity.isPresent()) {
+                name = appEntity.get().getName();
+            }
+        }
+
+        if (TargetType.APP_PERMISSION_RESOURCE.equals(targetType)) {
+            AppPermissionResourceRepository appPermissionResourceRepository = ApplicationContextHelp
+                .getBean(AppPermissionResourceRepository.class);
+            Optional<AppPermissionResourceEntity> appPermissionResourceEntity = appPermissionResourceRepository
+                .findByIdContainsDeleted(Long.valueOf(id));
+            if (appPermissionResourceEntity.isPresent()) {
+                name = appPermissionResourceEntity.get().getName();
+            }
+        }
+
+        if (TargetType.APPLICATION_ACCOUNT.equals(targetType)) {
+            if (org.apache.commons.lang3.StringUtils.isNotBlank(id)) {
+                name = id;
+            }
+        }
+
+        if (TargetType.APP_PERMISSION_ROLE.equals(targetType)) {
+            AppPermissionRoleRepository appPermissionResourceRepository = ApplicationContextHelp
+                .getBean(AppPermissionRoleRepository.class);
+            Optional<AppPermissionRoleEntity> appPermissionRoleEntity = appPermissionResourceRepository
+                .findByIdContainsDeleted(Long.valueOf(id));
+            if (appPermissionRoleEntity.isPresent()) {
+                name = appPermissionRoleEntity.get().getName();
+            }
+        }
+
+        if (TargetType.ADMINISTRATOR.equals(targetType)) {
+            AdministratorRepository administratorRepository = ApplicationContextHelp
+                .getBean(AdministratorRepository.class);
+            Optional<AdministratorEntity> administratorEntity = administratorRepository
+                .findByIdContainsDeleted(Long.valueOf(id));
+            if (administratorEntity.isPresent()) {
+                name = administratorEntity.get().getUsername();
+            }
+        }
+
+        if (TargetType.MAIL_TEMPLATE.equals(targetType)) {
+            MailTemplateRepository mailTemplateRepository = ApplicationContextHelp
+                .getBean(MailTemplateRepository.class);
+            Optional<MailTemplateEntity> mailTemplateEntity = mailTemplateRepository
+                .findByIdContainsDeleted(Long.valueOf(id));
+            if (mailTemplateEntity.isPresent()) {
+                name = mailTemplateEntity.get().getSender();
+            }
+        }
+
+        if (TargetType.IDENTITY_PROVIDER.equals(targetType)) {
+            IdentityProviderRepository identityProviderRepository = ApplicationContextHelp
+                .getBean(IdentityProviderRepository.class);
+            Optional<IdentityProviderEntity> identityProviderEntity = identityProviderRepository
+                .findByIdContainsDeleted(Long.valueOf(id));
+            if (identityProviderEntity.isPresent()) {
+                name = identityProviderEntity.get().getName();
+            }
+        }
+        return name;
+    }
 }
diff --git a/eiam-audit/src/main/java/cn/topiam/employee/audit/service/impl/AuditServiceImpl.java b/eiam-audit/src/main/java/cn/topiam/employee/audit/service/impl/AuditServiceImpl.java
index 18ae85c9..61563148 100644
--- a/eiam-audit/src/main/java/cn/topiam/employee/audit/service/impl/AuditServiceImpl.java
+++ b/eiam-audit/src/main/java/cn/topiam/employee/audit/service/impl/AuditServiceImpl.java
@@ -17,7 +17,10 @@
  */
 package cn.topiam.employee.audit.service.impl;
 
-import java.util.*;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
 import java.util.stream.Collectors;
 
 import org.springframework.data.elasticsearch.core.ElasticsearchRestTemplate;
diff --git a/eiam-authentication/eiam-authentication-all/pom.xml b/eiam-authentication/eiam-authentication-all/pom.xml
index b861659c..940d36d0 100644
--- a/eiam-authentication/eiam-authentication-all/pom.xml
+++ b/eiam-authentication/eiam-authentication-all/pom.xml
@@ -63,6 +63,12 @@
             <artifactId>eiam-authentication-wechatwork</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <!-- captcha-->
+        <dependency>
+            <groupId>cn.topiam</groupId>
+            <artifactId>eiam-authentication-captcha</artifactId>
+            <version>${project.version}</version>
+        </dependency>
         <!-- sms-->
         <dependency>
             <groupId>cn.topiam</groupId>
diff --git a/eiam-authentication/eiam-authentication-captcha/pom.xml b/eiam-authentication/eiam-authentication-captcha/pom.xml
new file mode 100644
index 00000000..a0cf577e
--- /dev/null
+++ b/eiam-authentication/eiam-authentication-captcha/pom.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    eiam-authentication-captcha - Employee Identity and Access Management Program
+    Copyright © 2020-2023 TopIAM (support@topiam.cn)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>eiam-authentication</artifactId>
+        <groupId>cn.topiam</groupId>
+        <version>1.0.0-beta1</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>eiam-authentication-captcha</artifactId>
+    <packaging>jar</packaging>
+    <dependencies>
+        <!--   common     -->
+        <dependency>
+            <groupId>cn.topiam</groupId>
+            <artifactId>eiam-authentication-core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+</project>
\ No newline at end of file
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/SmsProviderValidator.java b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/CaptchaValidator.java
similarity index 60%
rename from eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/SmsProviderValidator.java
rename to eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/CaptchaValidator.java
index 3e9843c0..ddfb5f04 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/SmsProviderValidator.java
+++ b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/CaptchaValidator.java
@@ -1,5 +1,5 @@
 /*
- * eiam-portal - Employee Identity and Access Management Program
+ * eiam-authentication-captcha - Employee Identity and Access Management Program
  * Copyright © 2020-2023 TopIAM (support@topiam.cn)
  *
  * This program is free software: you can redistribute it and/or modify
@@ -15,24 +15,23 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package cn.topiam.employee.portal.mfa;
+package cn.topiam.employee.authentication.captcha;
 
-import cn.topiam.employee.core.security.mfa.MfaProviderValidator;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 /**
- * Sms提供商验证
  *
  * @author TopIAM
- * Created by support@topiam.cn on  2022/7/31 20:50
+ * Created by support@topiam.cn on  2022/8/14 22:09
  */
-public class SmsProviderValidator implements MfaProviderValidator {
+public interface CaptchaValidator {
     /**
      * 验证
      *
-     * @param code {@link String}
+     * @param request {@link HttpServletRequest}
+     * @param response {@link HttpServletResponse}
+     * @return {@link Boolean}
      */
-    @Override
-    public boolean validate(String code) {
-        return true;
-    }
+    boolean validate(HttpServletRequest request, HttpServletResponse response);
 }
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/email/EmailOtpProviderValidator.java b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/NoneCaptchaProvider.java
similarity index 59%
rename from eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/email/EmailOtpProviderValidator.java
rename to eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/NoneCaptchaProvider.java
index 9f0779f0..e12e6ac9 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/email/EmailOtpProviderValidator.java
+++ b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/NoneCaptchaProvider.java
@@ -1,5 +1,5 @@
 /*
- * eiam-portal - Employee Identity and Access Management Program
+ * eiam-authentication-captcha - Employee Identity and Access Management Program
  * Copyright © 2020-2023 TopIAM (support@topiam.cn)
  *
  * This program is free software: you can redistribute it and/or modify
@@ -15,24 +15,28 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package cn.topiam.employee.portal.mfa.email;
+package cn.topiam.employee.authentication.captcha;
 
-import cn.topiam.employee.core.security.mfa.MfaProviderValidator;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 /**
- * OTP 提供商验证
+ * None
  *
  * @author TopIAM
- * Created by support@topiam.cn on  2022/7/31 20:50
+ * Created by support@topiam.cn on  2021/9/27 19:06
  */
-public class EmailOtpProviderValidator implements MfaProviderValidator {
+public class NoneCaptchaProvider implements CaptchaValidator {
+
     /**
      * 验证
      *
-     * @param code {@link String}
+     * @param request  {@link HttpServletRequest}
+     * @param response {@link HttpServletResponse}
+     * @return {@link Boolean}
      */
     @Override
-    public boolean validate(String code) {
+    public boolean validate(HttpServletRequest request, HttpServletResponse response) {
         return true;
     }
 }
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/handler/package-info.java b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/configurer/package-info.java
similarity index 77%
rename from eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/handler/package-info.java
rename to eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/configurer/package-info.java
index cc7f6a92..d30603cf 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/handler/package-info.java
+++ b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/configurer/package-info.java
@@ -1,5 +1,5 @@
 /*
- * eiam-protocol-oidc - Employee Identity and Access Management Program
+ * eiam-authentication-captcha - Employee Identity and Access Management Program
  * Copyright © 2020-2023 TopIAM (support@topiam.cn)
  *
  * This program is free software: you can redistribute it and/or modify
@@ -15,10 +15,4 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-/**
- * 处理器
- *
- * @author TopIAM
- * Created by support@topiam.cn on 2020/10/29 23:12
- */
-package cn.topiam.employee.protocol.oidc.handler;
+package cn.topiam.employee.authentication.captcha.configurer;
\ No newline at end of file
diff --git a/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/filter/CaptchaValidatorFilter.java b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/filter/CaptchaValidatorFilter.java
new file mode 100644
index 00000000..3027927a
--- /dev/null
+++ b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/filter/CaptchaValidatorFilter.java
@@ -0,0 +1,121 @@
+/*
+ * eiam-authentication-captcha - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.authentication.captcha.filter;
+
+import java.io.IOException;
+import java.util.Objects;
+import java.util.UUID;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.lang.NonNull;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.OrRequestMatcher;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import com.alibaba.fastjson2.JSONObject;
+
+import cn.topiam.employee.authentication.captcha.CaptchaValidator;
+import cn.topiam.employee.common.constants.AuthorizeConstants;
+import cn.topiam.employee.support.result.ApiRestResult;
+import cn.topiam.employee.support.trace.TraceUtils;
+import static cn.topiam.employee.common.constants.AuthorizeConstants.FORM_LOGIN;
+import static cn.topiam.employee.support.constant.EiamConstants.CAPTCHA_CODE_SESSION;
+import static cn.topiam.employee.support.exception.enums.ExceptionStatus.EX000102;
+import static cn.topiam.employee.support.util.HttpResponseUtils.flushResponse;
+
+/**
+ * 验证码过滤器
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on 2020/10/23 22:34
+ */
+public class CaptchaValidatorFilter extends OncePerRequestFilter {
+
+    @Override
+    protected void doFilterInternal(@NonNull HttpServletRequest request,
+                                    @NonNull HttpServletResponse response,
+                                    @NonNull FilterChain filterChain) throws ServletException,
+                                                                      IOException {
+        if (requiresAuthentication(request)) {
+            TraceUtils.put(UUID.randomUUID().toString());
+            boolean validate = captchaValidator.validate(request, response);
+            if (!validate) {
+                response.setStatus(HttpStatus.BAD_REQUEST.value());
+                flushResponse(response, JSONObject.toJSONString(ApiRestResult.builder()
+                    .status(EX000102.getCode()).message(EX000102.getMessage()).build()));
+                return;
+            }
+            filterChain.doFilter(request, response);
+            TraceUtils.remove();
+            return;
+        }
+        filterChain.doFilter(request, response);
+    }
+
+    /**
+     * 校验验证码
+     *
+     * @param captcha {@link String}
+     * @return boolean
+     */
+    public boolean validate(String captcha) {
+        ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder
+            .getRequestAttributes();
+        HttpServletRequest request = Objects.requireNonNull(attributes).getRequest();
+        String value = String.valueOf(request.getSession().getAttribute(CAPTCHA_CODE_SESSION));
+        return StringUtils.equals(value, captcha);
+    }
+
+    /**
+     * 需要认证
+     *
+     * @param request {@link HttpServletRequest}
+     * @return {@link Boolean}
+     */
+    protected boolean requiresAuthentication(HttpServletRequest request) {
+        OrRequestMatcher requestMatcher = new OrRequestMatcher(
+            //登录
+            new AntPathRequestMatcher(FORM_LOGIN, HttpMethod.POST.name()),
+            //发送OTP
+            new AntPathRequestMatcher(AuthorizeConstants.LOGIN_OTP_SEND, HttpMethod.POST.name()));
+        return requestMatcher.matches(request);
+    }
+
+    /**
+     * CaptchaValidator
+     */
+    private final CaptchaValidator captchaValidator;
+
+    /**
+     *
+     * @param captchaValidator {@link CaptchaValidator}
+     */
+    public CaptchaValidatorFilter(CaptchaValidator captchaValidator) {
+        this.captchaValidator = captchaValidator;
+    }
+
+}
diff --git a/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/filter/package-info.java b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/filter/package-info.java
new file mode 100644
index 00000000..0800dc3b
--- /dev/null
+++ b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/filter/package-info.java
@@ -0,0 +1,18 @@
+/*
+ * eiam-authentication-captcha - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.authentication.captcha.filter;
\ No newline at end of file
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/LoginMfaFactorResult.java b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/geetest/GeeTestCaptchaProviderConfig.java
similarity index 52%
rename from eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/LoginMfaFactorResult.java
rename to eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/geetest/GeeTestCaptchaProviderConfig.java
index 87308dcc..276bede4 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/LoginMfaFactorResult.java
+++ b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/geetest/GeeTestCaptchaProviderConfig.java
@@ -1,5 +1,5 @@
 /*
- * eiam-portal - Employee Identity and Access Management Program
+ * eiam-authentication-captcha - Employee Identity and Access Management Program
  * Copyright © 2020-2023 TopIAM (support@topiam.cn)
  *
  * This program is free software: you can redistribute it and/or modify
@@ -15,38 +15,37 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package cn.topiam.employee.portal.pojo.result;
+package cn.topiam.employee.authentication.captcha.geetest;
 
 import java.io.Serial;
-import java.io.Serializable;
 
-import cn.topiam.employee.common.enums.MfaFactor;
+import javax.validation.constraints.NotEmpty;
+
+import cn.topiam.employee.core.security.captcha.CaptchaProviderConfig;
 
-import lombok.Builder;
 import lombok.Data;
+import lombok.EqualsAndHashCode;
 
 /**
- * Mfa 登录方式
- *
+ * 极速验证码
  * @author TopIAM
- * Created by support@topiam.cn on  2022/8/13 21:29
+ * Created by support@topiam.cn on  2022/8/14 22:44
  */
-@Builder
 @Data
-public class LoginMfaFactorResult implements Serializable {
+@EqualsAndHashCode(callSuper = true)
+public class GeeTestCaptchaProviderConfig extends CaptchaProviderConfig {
 
     @Serial
-    private static final long serialVersionUID = 7255002979319970337L;
+    private static final long serialVersionUID = 3279601494863893521L;
     /**
-     * provider
+     * 验证码ID
      */
-    private MfaFactor         factor;
-    /**
-     * 可用
-     */
-    private Boolean           usable;
+    @NotEmpty(message = "验证码ID不能为空")
+    private String            captchaId;
+
     /**
-     * 目标
+     * 验证码KEY
      */
-    private String            target;
+    @NotEmpty(message = "验证码KEY不能为空")
+    private String            captchaKey;
 }
diff --git a/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/geetest/GeeTestCaptchaValidator.java b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/geetest/GeeTestCaptchaValidator.java
new file mode 100644
index 00000000..93fec7d9
--- /dev/null
+++ b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/geetest/GeeTestCaptchaValidator.java
@@ -0,0 +1,120 @@
+/*
+ * eiam-authentication-captcha - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.authentication.captcha.geetest;
+
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.codec.digest.HmacAlgorithms;
+import org.apache.commons.codec.digest.HmacUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.*;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.web.client.RestTemplate;
+
+import com.alibaba.fastjson2.JSONObject;
+
+import cn.topiam.employee.authentication.captcha.CaptchaValidator;
+import cn.topiam.employee.common.util.RequestUtils;
+
+/**
+ * 极速验证
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/8/14 19:11
+ */
+public class GeeTestCaptchaValidator implements CaptchaValidator {
+    private static final String RESULT  = "result";
+    private static final String SUCCESS = "success";
+
+    private final Logger        logger  = LoggerFactory.getLogger(GeeTestCaptchaValidator.class);
+
+    /**
+     * 验证
+     *
+     * @param request {@link HttpServletRequest}
+     * @param response {@link HttpServletResponse}
+     * @return {@link Boolean}
+     */
+    @Override
+    public boolean validate(HttpServletRequest request, HttpServletResponse response) {
+        Map<String, Object> getParams = RequestUtils.getParams(request);
+        // 1.初始化极验参数信息
+        String captchaId = config.getCaptchaId();
+        String captchaKey = config.getCaptchaKey();
+        String domain = "https://gcaptcha4.geetest.com";
+
+        // 2.获取用户验证后前端传过来的验证流水号等参数
+        String lotNumber = (String) getParams.get("lot_number");
+        String captchaOutput = (String) getParams.get("captcha_output");
+        String passToken = (String) getParams.get("pass_token");
+        String genTime = (String) getParams.get("gen_time");
+
+        // 3.生成签名
+        // 生成签名使用标准的hmac算法，使用用户当前完成验证的流水号lot_number作为原始消息message，使用客户验证私钥作为key
+        // 采用sha256散列算法将message和key进行单向散列生成最终的签名
+        String signToken = new HmacUtils(HmacAlgorithms.HMAC_SHA_256, captchaKey)
+            .hmacHex(lotNumber);
+
+        // 4.上传校验参数到极验二次验证接口, 校验用户验证状态
+        MultiValueMap<String, String> queryParams = new LinkedMultiValueMap<>();
+        queryParams.add("lot_number", lotNumber);
+        queryParams.add("captcha_output", captchaOutput);
+        queryParams.add("pass_token", passToken);
+        queryParams.add("gen_time", genTime);
+        queryParams.add("sign_token", signToken);
+        // captcha_id 参数建议放在 url 后面, 方便请求异常时可以在日志中根据id快速定位到异常请求
+        String url = String.format(domain + "/validate" + "?captcha_id=%s", captchaId);
+        HttpHeaders headers = new HttpHeaders();
+        HttpMethod method = HttpMethod.POST;
+        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+        JSONObject jsonObject;
+        //注意处理接口异常情况，当请求极验二次验证接口异常时做出相应异常处理
+        //保证不会因为接口请求超时或服务未响应而阻碍业务流程
+        try {
+            HttpEntity<MultiValueMap<String, String>> requestEntity = new HttpEntity<>(queryParams,
+                headers);
+            ResponseEntity<String> responseEntity = restTemplate.exchange(url, method,
+                requestEntity, String.class);
+            String resBody = responseEntity.getBody();
+            jsonObject = JSONObject.parseObject(resBody);
+        } catch (Exception e) {
+            logger.error("验证发生异常:  {}", e.getMessage());
+            return false;
+        }
+        // 5.根据极验返回的用户验证状态, 网站主进行自己的业务逻辑
+        if (SUCCESS.equals(jsonObject.getString(RESULT))) {
+            logger.info("验证成功:  {}", jsonObject.toJSONString());
+            return true;
+        }
+        logger.info("验证失败:  {}", jsonObject.toJSONString());
+        return true;
+    }
+
+    private final GeeTestCaptchaProviderConfig config;
+    private final RestTemplate                 restTemplate;
+
+    public GeeTestCaptchaValidator(GeeTestCaptchaProviderConfig config, RestTemplate restTemplate) {
+        this.config = config;
+        this.restTemplate = restTemplate;
+    }
+}
diff --git a/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/geetest/package-info.java b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/geetest/package-info.java
new file mode 100644
index 00000000..31ea649e
--- /dev/null
+++ b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/geetest/package-info.java
@@ -0,0 +1,18 @@
+/*
+ * eiam-authentication-captcha - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.authentication.captcha.geetest;
\ No newline at end of file
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/package-info.java b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/package-info.java
similarity index 85%
rename from eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/package-info.java
rename to eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/package-info.java
index 0522db3c..5824acb8 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/package-info.java
+++ b/eiam-authentication/eiam-authentication-captcha/src/main/java/cn/topiam/employee/authentication/captcha/package-info.java
@@ -1,5 +1,5 @@
 /*
- * eiam-portal - Employee Identity and Access Management Program
+ * eiam-authentication-captcha - Employee Identity and Access Management Program
  * Copyright © 2020-2023 TopIAM (support@topiam.cn)
  *
  * This program is free software: you can redistribute it and/or modify
@@ -15,4 +15,4 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package cn.topiam.employee.portal.mfa;
\ No newline at end of file
+package cn.topiam.employee.authentication.sms;
\ No newline at end of file
diff --git a/eiam-authentication/pom.xml b/eiam-authentication/pom.xml
index f0579201..34071125 100644
--- a/eiam-authentication/pom.xml
+++ b/eiam-authentication/pom.xml
@@ -40,6 +40,7 @@
         <module>eiam-authentication-wechatwork</module>
         <module>eiam-authentication-sms</module>
         <module>eiam-authentication-mfa</module>
+        <module>eiam-authentication-captcha</module>
         <module>eiam-authentication-all</module>
     </modules>
 
diff --git a/eiam-common/src/main/resources/db/1.0.0-changelog.xml b/eiam-common/src/main/resources/db/1.0.0-changelog.xml
index bc078d22..c6ff0feb 100644
--- a/eiam-common/src/main/resources/db/1.0.0-changelog.xml
+++ b/eiam-common/src/main/resources/db/1.0.0-changelog.xml
@@ -647,6 +647,39 @@
                 <constraints nullable="true"/>
             </column>
         </createTable>
+        <createTable remarks="TSA 应用配置" tableName="app_tsa_config">
+            <column name="id_" type="BIGINT" remarks="主键ID">
+                <constraints nullable="false" primaryKey="true"/>
+            </column>
+            <column name="app_id" remarks="应用ID" type="BIGINT">
+                <constraints nullable="false"/>
+            </column>
+            <column name="login_page" remarks="登录页面URL" type="VARCHAR(500)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="auto_login_steps" remarks="自动登录步骤" type="JSON">
+                <constraints nullable="false"/>
+            </column>
+            <column name="create_account_steps" remarks="创建账号步骤" type="JSON">
+                <constraints nullable="false"/>
+            </column>
+            <column name="create_by" remarks="创建者" type="VARCHAR(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column defaultValueComputed="CURRENT_TIMESTAMP" name="create_time" remarks="创建时间" type="datetime">
+                <constraints nullable="false"/>
+            </column>
+            <column name="update_by" remarks="修改者" type="VARCHAR(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column defaultValueComputed="CURRENT_TIMESTAMP" name="update_time" remarks="修改时间" type="datetime">
+                <constraints nullable="false"/>
+            </column>
+            <column name="remark_" remarks="备注" type="TEXT"/>
+            <column name="is_deleted" remarks="删除标记" type="TINYINT(1)" defaultValueNumeric="0">
+                <constraints nullable="true"/>
+            </column>
+        </createTable>
         <createTable remarks="应用权限角色表" tableName="app_permission_role">
             <column name="id_" remarks="主键ID" type="BIGINT" >
                 <constraints nullable="false" primaryKey="true"/>
diff --git a/eiam-common/src/main/resources/db/eiam-changelog-master.xml b/eiam-common/src/main/resources/db/eiam-changelog-master.xml
index 5f1bd94f..6710158c 100644
--- a/eiam-common/src/main/resources/db/eiam-changelog-master.xml
+++ b/eiam-common/src/main/resources/db/eiam-changelog-master.xml
@@ -24,4 +24,4 @@
         xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog https://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.3.xsd
           http://www.liquibase.org/xml/ns/dbchangelog https://www.liquibase.org/xml/ns/pro/liquibase-pro-4.3.xsd">
     <include file="db/1.0.0-changelog.xml" relativeToChangelogFile="false"/>
-</databaseChangeLog>
\ No newline at end of file
+</databaseChangeLog>
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleApiConfiguration.java b/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleApiConfiguration.java
index 2b630531..e0e42ff8 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleApiConfiguration.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleApiConfiguration.java
@@ -17,17 +17,18 @@
  */
 package cn.topiam.employee.console.configuration;
 
+import org.springdoc.core.GroupedOpenApi;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.env.Environment;
+
 import cn.topiam.employee.EiamConsoleApplication;
 import cn.topiam.employee.common.constants.AuthenticationConstants;
 import cn.topiam.employee.support.util.AppVersionUtils;
+
 import io.swagger.v3.oas.models.OpenAPI;
 import io.swagger.v3.oas.models.info.Contact;
 import io.swagger.v3.oas.models.info.Info;
-import org.springdoc.core.GroupedOpenApi;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.core.env.Environment;
-
 import static cn.topiam.employee.common.constants.AccountConstants.ACCOUNT_API_DOC_GROUP_NAME;
 import static cn.topiam.employee.common.constants.AccountConstants.ACCOUNT_API_PATHS;
 import static cn.topiam.employee.common.constants.AnalysisConstants.ANALYSIS_GROUP_NAME;
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleFrontendConfiguration.java b/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleFrontendConfiguration.java
index 37955ae4..a059ccfc 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleFrontendConfiguration.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleFrontendConfiguration.java
@@ -17,6 +17,8 @@
  */
 package cn.topiam.employee.console.configuration;
 
+import java.io.IOException;
+
 import org.jetbrains.annotations.NotNull;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.Resource;
@@ -24,8 +26,6 @@ import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import org.springframework.web.servlet.resource.PathResourceResolver;
 
-import java.io.IOException;
-
 /**
  * 控制台前端配置
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleSecurityConfiguration.java b/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleSecurityConfiguration.java
index da8b82c5..2c6686e0 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleSecurityConfiguration.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleSecurityConfiguration.java
@@ -17,18 +17,9 @@
  */
 package cn.topiam.employee.console.configuration;
 
-import cn.topiam.employee.common.constants.AuthorizeConstants;
-import cn.topiam.employee.common.entity.setting.SettingEntity;
-import cn.topiam.employee.common.geo.GeoLocationService;
-import cn.topiam.employee.common.repository.setting.SettingRepository;
-import cn.topiam.employee.console.security.handler.*;
-import cn.topiam.employee.console.security.listener.ConsoleAuthenticationFailureEventListener;
-import cn.topiam.employee.console.security.listener.ConsoleAuthenticationSuccessEventListener;
-import cn.topiam.employee.console.security.listener.ConsoleLogoutSuccessEventListener;
-import cn.topiam.employee.console.security.listener.ConsoleSessionInformationExpiredStrategy;
-import cn.topiam.employee.core.endpoint.security.PublicSecretEndpoint;
-import cn.topiam.employee.core.security.form.FormLoginSecretFilter;
-import lombok.RequiredArgsConstructor;
+import java.util.Objects;
+import java.util.stream.Collectors;
+
 import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.cloud.context.config.annotation.RefreshScope;
@@ -46,8 +37,21 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.session.security.web.authentication.SpringSessionRememberMeServices;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
-import java.util.Objects;
-import java.util.stream.Collectors;
+import cn.topiam.employee.common.constants.AuthorizeConstants;
+import cn.topiam.employee.common.entity.setting.SettingEntity;
+import cn.topiam.employee.common.geo.GeoLocationService;
+import cn.topiam.employee.common.repository.setting.SettingRepository;
+import cn.topiam.employee.console.security.handler.*;
+import cn.topiam.employee.console.security.listener.ConsoleAuthenticationFailureEventListener;
+import cn.topiam.employee.console.security.listener.ConsoleAuthenticationSuccessEventListener;
+import cn.topiam.employee.console.security.listener.ConsoleLogoutSuccessEventListener;
+import cn.topiam.employee.console.security.listener.ConsoleSessionInformationExpiredStrategy;
+import cn.topiam.employee.core.endpoint.security.PublicSecretEndpoint;
+import cn.topiam.employee.core.security.form.FormLoginSecretFilter;
+
+import lombok.RequiredArgsConstructor;
+import static org.springframework.boot.autoconfigure.security.StaticResourceLocation.*;
+import static org.springframework.security.config.Customizer.withDefaults;
 
 import static cn.topiam.employee.common.constants.AuthorizeConstants.FE_LOGIN;
 import static cn.topiam.employee.common.constants.AuthorizeConstants.LOGIN_PATH;
@@ -55,8 +59,6 @@ import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.DEFAUL
 import static cn.topiam.employee.common.constants.SessionConstants.CURRENT_STATUS;
 import static cn.topiam.employee.core.setting.constant.SecuritySettingConstants.*;
 import static cn.topiam.employee.support.constant.EiamConstants.*;
-import static org.springframework.boot.autoconfigure.security.StaticResourceLocation.*;
-import static org.springframework.security.config.Customizer.withDefaults;
 
 /**
  * ConsoleSecurityConfiguration
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/CurrentUserEndpoint.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/CurrentUserEndpoint.java
index bffa5ab2..39d4d005 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/CurrentUserEndpoint.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/CurrentUserEndpoint.java
@@ -17,6 +17,19 @@
  */
 package cn.topiam.employee.console.controller;
 
+import java.io.Serializable;
+import java.util.Optional;
+
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+
+import com.alibaba.fastjson2.JSON;
+
 import cn.topiam.employee.common.entity.setting.AdministratorEntity;
 import cn.topiam.employee.common.exception.UserNotFoundException;
 import cn.topiam.employee.common.repository.setting.AdministratorRepository;
@@ -25,20 +38,11 @@ import cn.topiam.employee.core.security.util.SecurityUtils;
 import cn.topiam.employee.support.result.ApiRestResult;
 import cn.topiam.employee.support.util.DesensitizationUtil;
 import cn.topiam.employee.support.util.HttpResponseUtils;
-import com.alibaba.fastjson2.JSON;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.Serializable;
-import java.util.Optional;
 
+import io.swagger.v3.oas.annotations.media.Schema;
 import static cn.topiam.employee.common.constants.SessionConstants.CURRENT_USER;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/OrganizationController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/OrganizationController.java
index 337c99b4..8ffff172 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/OrganizationController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/OrganizationController.java
@@ -17,6 +17,13 @@
  */
 package cn.topiam.employee.console.controller.account;
 
+import java.util.List;
+
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.common.constants.AccountConstants;
@@ -30,14 +37,9 @@ import cn.topiam.employee.console.service.account.OrganizationService;
 import cn.topiam.employee.support.lock.Lock;
 import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.result.ApiRestResult;
+
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
-
-import java.util.List;
 
 /**
  * 系统账户-组织架构
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserController.java
index 220ddb5e..a4387e1a 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserController.java
@@ -17,6 +17,19 @@
  */
 package cn.topiam.employee.console.controller.account;
 
+import java.io.Serializable;
+import java.util.List;
+
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.common.entity.account.query.UserListNotInGroupQuery;
@@ -39,23 +52,13 @@ import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.tags.Tag;
+
 import lombok.AllArgsConstructor;
 import lombok.Data;
-import org.springframework.http.MediaType;
-import org.springframework.http.ResponseEntity;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
-
-import javax.validation.constraints.NotBlank;
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
-import java.io.Serializable;
-import java.util.List;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.AccountConstants.USER_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserGroupController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserGroupController.java
index 03b9d9e4..33df5ca8 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserGroupController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserGroupController.java
@@ -17,6 +17,16 @@
  */
 package cn.topiam.employee.console.controller.account;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
+import com.google.common.collect.Lists;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.common.entity.account.UserGroupEntity;
@@ -36,19 +46,12 @@ import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.result.ApiRestResult;
-import com.google.common.collect.Lists;
+
+import lombok.AllArgsConstructor;
+
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.AllArgsConstructor;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
-
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
-
 import static cn.topiam.employee.common.constants.AccountConstants.USER_GROUP_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserIdpBindController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserIdpBindController.java
index ba3d88b1..076cc165 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserIdpBindController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserIdpBindController.java
@@ -17,13 +17,14 @@
  */
 package cn.topiam.employee.console.controller.account;
 
-import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.AllArgsConstructor;
 import org.springframework.http.MediaType;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import lombok.AllArgsConstructor;
+
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.AccountConstants.USER_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/analysis/AnalysisController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/analysis/AnalysisController.java
index f315e01c..cdc17ed2 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/analysis/AnalysisController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/analysis/AnalysisController.java
@@ -17,20 +17,21 @@
  */
 package cn.topiam.employee.console.controller.analysis;
 
-import cn.topiam.employee.console.pojo.query.analysis.AnalysisQuery;
-import cn.topiam.employee.console.pojo.result.analysis.*;
-import cn.topiam.employee.console.service.analysis.AnalysisService;
-import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
+import java.util.List;
+
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.List;
+import cn.topiam.employee.console.pojo.query.analysis.AnalysisQuery;
+import cn.topiam.employee.console.pojo.result.analysis.*;
+import cn.topiam.employee.console.service.analysis.AnalysisService;
+import cn.topiam.employee.support.result.ApiRestResult;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.AnalysisConstants.ANALYSIS_GROUP_NAME;
 import static cn.topiam.employee.common.constants.AnalysisConstants.ANALYSIS_PATH;
 
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccessPolicyController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccessPolicyController.java
index e0ef68b5..cedc8bf7 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccessPolicyController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccessPolicyController.java
@@ -17,6 +17,11 @@
  */
 package cn.topiam.employee.console.controller.app;
 
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.common.entity.app.query.AppAccessPolicyQuery;
@@ -30,14 +35,11 @@ import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
+
 import lombok.AllArgsConstructor;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.AppConstants.APP_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccountController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccountController.java
index 157fa262..6417d864 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccountController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccountController.java
@@ -17,6 +17,11 @@
  */
 package cn.topiam.employee.console.controller.app;
 
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.common.entity.app.query.AppAccountQuery;
@@ -28,14 +33,11 @@ import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
+
 import lombok.AllArgsConstructor;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.AppConstants.APP_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppCertController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppCertController.java
index 5aa4af48..1a11b6d8 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppCertController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppCertController.java
@@ -17,14 +17,8 @@
  */
 package cn.topiam.employee.console.controller.app;
 
-import cn.topiam.employee.application.saml2.pojo.AppSaml2StandardConfigGetResult;
-import cn.topiam.employee.console.pojo.query.app.AppCertQuery;
-import cn.topiam.employee.console.pojo.result.app.AppCertListResult;
-import cn.topiam.employee.console.service.app.AppCertService;
-import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.AllArgsConstructor;
+import java.util.List;
+
 import org.springframework.http.MediaType;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
@@ -32,8 +26,16 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.List;
+import cn.topiam.employee.application.saml2.pojo.AppSaml2StandardConfigGetResult;
+import cn.topiam.employee.console.pojo.query.app.AppCertQuery;
+import cn.topiam.employee.console.pojo.result.app.AppCertListResult;
+import cn.topiam.employee.console.service.app.AppCertService;
+import cn.topiam.employee.support.result.ApiRestResult;
+
+import lombok.AllArgsConstructor;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.AppConstants.APP_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppController.java
index c40eab46..18cddc76 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppController.java
@@ -17,6 +17,11 @@
  */
 package cn.topiam.employee.console.controller.app;
 
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.application.saml2.pojo.AppSaml2StandardConfigGetResult;
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
@@ -33,14 +38,11 @@ import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
+
 import lombok.AllArgsConstructor;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.AppConstants.APP_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionActionController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionActionController.java
index 1d067fb5..3a1c6dd2 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionActionController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionActionController.java
@@ -17,13 +17,8 @@
  */
 package cn.topiam.employee.console.controller.app;
 
-import cn.topiam.employee.console.pojo.query.app.AppPermissionActionListQuery;
-import cn.topiam.employee.console.pojo.result.app.AppPermissionActionListResult;
-import cn.topiam.employee.console.service.app.AppPermissionActionService;
-import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.RequiredArgsConstructor;
+import java.util.List;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.MediaType;
@@ -33,8 +28,15 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.List;
+import cn.topiam.employee.console.pojo.query.app.AppPermissionActionListQuery;
+import cn.topiam.employee.console.pojo.result.app.AppPermissionActionListResult;
+import cn.topiam.employee.console.service.app.AppPermissionActionService;
+import cn.topiam.employee.support.result.ApiRestResult;
 
+import lombok.RequiredArgsConstructor;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.AppConstants.APP_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionPolicyController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionPolicyController.java
index deff41fb..9e175cc6 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionPolicyController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionPolicyController.java
@@ -17,6 +17,11 @@
  */
 package cn.topiam.employee.console.controller.app;
 
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.common.entity.app.query.AppPolicyQuery;
 import cn.topiam.employee.console.pojo.result.app.AppPermissionPolicyGetResult;
 import cn.topiam.employee.console.pojo.result.app.AppPermissionPolicyListResult;
@@ -31,14 +36,11 @@ import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
+
 import lombok.RequiredArgsConstructor;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.AppConstants.APP_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionResourceController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionResourceController.java
index 57a2adbb..fc03a204 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionResourceController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionResourceController.java
@@ -17,6 +17,16 @@
  */
 package cn.topiam.employee.console.controller.app;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.common.enums.CheckValidityType;
@@ -34,20 +44,12 @@ import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.result.ApiRestResult;
+
+import lombok.RequiredArgsConstructor;
+
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.RequiredArgsConstructor;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
-
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
-
 import static cn.topiam.employee.common.constants.AppConstants.APP_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionRoleController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionRoleController.java
index 2afebcb6..1f55d047 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionRoleController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionRoleController.java
@@ -17,6 +17,16 @@
  */
 package cn.topiam.employee.console.controller.app;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.common.enums.CheckValidityType;
@@ -31,20 +41,12 @@ import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.result.ApiRestResult;
+
+import lombok.RequiredArgsConstructor;
+
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.RequiredArgsConstructor;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
-
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
-
 import static cn.topiam.employee.common.constants.AppConstants.APP_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppSaml2Controller.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppSaml2Controller.java
index f8debc69..582fa14b 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppSaml2Controller.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppSaml2Controller.java
@@ -17,24 +17,27 @@
  */
 package cn.topiam.employee.console.controller.app;
 
-import cn.topiam.employee.console.pojo.result.app.ParseSaml2MetadataResult;
-import cn.topiam.employee.console.service.app.AppSaml2Service;
-import cn.topiam.employee.support.lock.Lock;
-import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.AllArgsConstructor;
+import java.io.IOException;
+
+import javax.validation.Valid;
+import javax.validation.constraints.NotBlank;
+
 import org.springframework.http.MediaType;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
-import javax.validation.Valid;
-import javax.validation.constraints.NotBlank;
-import java.io.IOException;
+import cn.topiam.employee.console.pojo.result.app.ParseSaml2MetadataResult;
+import cn.topiam.employee.console.service.app.AppSaml2Service;
+import cn.topiam.employee.support.lock.Lock;
+import cn.topiam.employee.support.result.ApiRestResult;
+
+import lombok.AllArgsConstructor;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.AppConstants.APP_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppTemplateController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppTemplateController.java
index 0b1a0bf3..1fbae800 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppTemplateController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppTemplateController.java
@@ -17,14 +17,11 @@
  */
 package cn.topiam.employee.console.controller.app;
 
-import cn.topiam.employee.common.enums.app.AppType;
-import cn.topiam.employee.console.pojo.result.app.AppTemplateResult;
-import cn.topiam.employee.console.service.app.AppTemplateService;
-import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.RequiredArgsConstructor;
+import java.util.List;
+import java.util.Map;
+
+import javax.validation.constraints.NotEmpty;
+
 import org.springframework.http.MediaType;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
@@ -33,10 +30,16 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
-import javax.validation.constraints.NotEmpty;
-import java.util.List;
-import java.util.Map;
+import cn.topiam.employee.common.enums.app.AppType;
+import cn.topiam.employee.console.pojo.result.app.AppTemplateResult;
+import cn.topiam.employee.console.service.app.AppTemplateService;
+import cn.topiam.employee.support.result.ApiRestResult;
+
+import lombok.RequiredArgsConstructor;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.AppConstants.APP_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/authentication/IdentityProviderController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/authentication/IdentityProviderController.java
index 6ee38934..0e59b8fd 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/authentication/IdentityProviderController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/authentication/IdentityProviderController.java
@@ -17,6 +17,11 @@
  */
 package cn.topiam.employee.console.controller.authentication;
 
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.common.constants.AuthenticationConstants;
@@ -32,13 +37,11 @@ import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.result.ApiRestResult;
+
+import lombok.AllArgsConstructor;
+
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.AllArgsConstructor;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
 
 /**
  * 身份提供商
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceController.java
index 1ea7f4c8..180888b0 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceController.java
@@ -17,6 +17,11 @@
  */
 package cn.topiam.employee.console.controller.identitysource;
 
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.common.entity.identitysource.IdentitySourceEntity;
@@ -37,14 +42,11 @@ import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
+
 import lombok.AllArgsConstructor;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.AccountConstants.IDENTITY_SOURCE_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceEventController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceEventController.java
index 5819c6d3..f59be34c 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceEventController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceEventController.java
@@ -17,22 +17,24 @@
  */
 package cn.topiam.employee.console.controller.identitysource;
 
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
 import cn.topiam.employee.console.pojo.query.identity.IdentitySourceEventRecordListQuery;
 import cn.topiam.employee.console.pojo.result.identitysource.IdentitySourceEventRecordListResult;
 import cn.topiam.employee.console.service.identitysource.IdentitySourceEventRecordService;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
+
 import lombok.AllArgsConstructor;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.AccountConstants.IDENTITY_SOURCE_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceSyncController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceSyncController.java
index 8fa52729..652eedd6 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceSyncController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceSyncController.java
@@ -17,6 +17,11 @@
  */
 package cn.topiam.employee.console.controller.identitysource;
 
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.console.pojo.query.identity.IdentitySourceSyncHistoryListQuery;
@@ -29,14 +34,11 @@ import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
+
 import lombok.AllArgsConstructor;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.AccountConstants.IDENTITY_SOURCE_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/session/SessionManageEndpoint.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/session/SessionManageEndpoint.java
index b620a612..50864cc2 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/session/SessionManageEndpoint.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/session/SessionManageEndpoint.java
@@ -17,6 +17,28 @@
  */
 package cn.topiam.employee.console.controller.session;
 
+import java.io.Serial;
+import java.io.Serializable;
+import java.time.LocalDateTime;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.mapstruct.Mapper;
+import org.springframework.security.core.session.SessionRegistry;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.alibaba.fastjson2.JSON;
+import com.alibaba.fastjson2.annotation.JSONField;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.context.AuditContext;
 import cn.topiam.employee.audit.entity.Target;
@@ -33,33 +55,16 @@ import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.result.ApiRestResult;
 import cn.topiam.employee.support.util.HttpResponseUtils;
 import cn.topiam.employee.support.web.useragent.UserAgent;
-import com.alibaba.fastjson2.JSON;
-import com.alibaba.fastjson2.annotation.JSONField;
-import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
+
 import lombok.Data;
 import lombok.experimental.Accessors;
-import org.apache.commons.lang3.StringUtils;
-import org.mapstruct.Mapper;
-import org.springframework.security.core.session.SessionRegistry;
-import org.springframework.web.bind.annotation.DeleteMapping;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.Serial;
-import java.io.Serializable;
-import java.time.LocalDateTime;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.USERNAME;
 
 import static cn.topiam.employee.common.constants.SessionConstants.SESSION_PATH;
 import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN;
-import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.USERNAME;
 
 /**
  * 会话管理
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/AdministratorController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/AdministratorController.java
index ebce46d4..19d77932 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/AdministratorController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/AdministratorController.java
@@ -17,6 +17,14 @@
  */
 package cn.topiam.employee.console.controller.setting;
 
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.common.enums.CheckValidityType;
@@ -33,18 +41,12 @@ import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.result.ApiRestResult;
+
+import lombok.AllArgsConstructor;
+
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.AllArgsConstructor;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
-
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
-
 import static cn.topiam.employee.common.constants.SettingConstants.SETTING_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/GeoIpLibraryController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/GeoIpLibraryController.java
index 81726f0d..6fefe472 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/GeoIpLibraryController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/GeoIpLibraryController.java
@@ -17,6 +17,11 @@
  */
 package cn.topiam.employee.console.controller.setting;
 
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.common.geo.GeoLocation;
@@ -27,15 +32,12 @@ import cn.topiam.employee.support.context.ApplicationContextHelp;
 import cn.topiam.employee.support.lock.Lock;
 import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.result.ApiRestResult;
+
+import lombok.AllArgsConstructor;
+
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.AllArgsConstructor;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
-
 import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.GEO_LOCATION;
 import static cn.topiam.employee.common.constants.SettingConstants.SETTING_PATH;
 import static cn.topiam.employee.core.setting.constant.GeoIpProviderConstants.IPADDRESS_SETTING_NAME;
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailProviderController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailProviderController.java
index 03bc2442..f04b5429 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailProviderController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailProviderController.java
@@ -17,6 +17,13 @@
  */
 package cn.topiam.employee.console.controller.setting;
 
+import java.util.HashMap;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.common.enums.MailType;
@@ -29,16 +36,11 @@ import cn.topiam.employee.core.message.mail.MailMsgEventPublish;
 import cn.topiam.employee.support.lock.Lock;
 import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.AllArgsConstructor;
-import org.apache.commons.lang3.RandomStringUtils;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
 
-import java.util.HashMap;
+import lombok.AllArgsConstructor;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.SettingConstants.SETTING_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailTemplateController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailTemplateController.java
index 873becda..5475de17 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailTemplateController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailTemplateController.java
@@ -17,6 +17,14 @@
  */
 package cn.topiam.employee.console.controller.setting;
 
+import java.util.List;
+import java.util.Objects;
+
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.common.enums.MailType;
@@ -27,17 +35,11 @@ import cn.topiam.employee.console.service.setting.MailTemplateService;
 import cn.topiam.employee.support.lock.Lock;
 import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.AllArgsConstructor;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
 
-import java.util.List;
-import java.util.Objects;
+import lombok.AllArgsConstructor;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.SettingConstants.SETTING_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityController.java
index 88f1a2e0..6658268e 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityController.java
@@ -17,6 +17,13 @@
  */
 package cn.topiam.employee.console.controller.setting;
 
+import java.util.List;
+
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.console.pojo.result.setting.*;
@@ -29,16 +36,11 @@ import cn.topiam.employee.console.service.setting.SecuritySettingService;
 import cn.topiam.employee.support.lock.Lock;
 import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.AllArgsConstructor;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
 
-import java.util.List;
+import lombok.AllArgsConstructor;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.SettingConstants.SETTING_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsProviderController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsProviderController.java
index 98e16dc0..c532badd 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsProviderController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsProviderController.java
@@ -17,6 +17,12 @@
  */
 package cn.topiam.employee.console.controller.setting;
 
+import java.util.LinkedHashMap;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.common.enums.MailType;
@@ -29,15 +35,11 @@ import cn.topiam.employee.core.security.password.PasswordGenerator;
 import cn.topiam.employee.support.lock.Lock;
 import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.AllArgsConstructor;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
 
-import java.util.LinkedHashMap;
+import lombok.AllArgsConstructor;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.SettingConstants.SETTING_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsTemplateController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsTemplateController.java
index 80e4ba52..6acaf350 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsTemplateController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsTemplateController.java
@@ -17,14 +17,10 @@
  */
 package cn.topiam.employee.console.controller.setting;
 
-import cn.topiam.employee.common.enums.Language;
-import cn.topiam.employee.console.pojo.result.setting.SmsTemplateListResult;
-import cn.topiam.employee.console.service.setting.SmsTemplateService;
-import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.AllArgsConstructor;
+import java.util.List;
+
+import javax.validation.constraints.NotNull;
+
 import org.springframework.http.MediaType;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
@@ -32,9 +28,16 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import javax.validation.constraints.NotNull;
-import java.util.List;
+import cn.topiam.employee.common.enums.Language;
+import cn.topiam.employee.console.pojo.result.setting.SmsTemplateListResult;
+import cn.topiam.employee.console.service.setting.SmsTemplateService;
+import cn.topiam.employee.support.result.ApiRestResult;
 
+import lombok.AllArgsConstructor;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.SettingConstants.SETTING_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/StorageController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/StorageController.java
index d2160e48..1e7a4d9f 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/StorageController.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/StorageController.java
@@ -17,6 +17,11 @@
  */
 package cn.topiam.employee.console.controller.setting;
 
+import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.console.pojo.result.setting.StorageProviderConfigResult;
@@ -25,14 +30,11 @@ import cn.topiam.employee.console.service.setting.StorageSettingService;
 import cn.topiam.employee.support.lock.Lock;
 import cn.topiam.employee.support.preview.Preview;
 import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
+
 import lombok.AllArgsConstructor;
-import org.springframework.http.MediaType;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.SettingConstants.SETTING_PATH;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/OrganizationConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/OrganizationConverter.java
index 0a0ae46d..1db3ac19 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/OrganizationConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/OrganizationConverter.java
@@ -17,6 +17,14 @@
  */
 package cn.topiam.employee.console.converter.account;
 
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.springframework.util.CollectionUtils;
+
 import cn.topiam.employee.common.entity.account.OrganizationEntity;
 import cn.topiam.employee.console.pojo.result.account.OrganizationChildResult;
 import cn.topiam.employee.console.pojo.result.account.OrganizationResult;
@@ -24,13 +32,6 @@ import cn.topiam.employee.console.pojo.result.account.OrganizationRootResult;
 import cn.topiam.employee.console.pojo.result.account.OrganizationTreeResult;
 import cn.topiam.employee.console.pojo.save.account.OrganizationCreateParam;
 import cn.topiam.employee.console.pojo.update.account.OrganizationUpdateParam;
-import org.mapstruct.Mapper;
-import org.mapstruct.Mapping;
-import org.springframework.util.CollectionUtils;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Objects;
 
 /**
  * 组织架构数据映射
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserConverter.java
index 4781a3b5..ebdd887a 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserConverter.java
@@ -17,6 +17,31 @@
  */
 package cn.topiam.employee.console.converter.account;
 
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+import java.util.Set;
+
+import org.elasticsearch.index.query.BoolQueryBuilder;
+import org.elasticsearch.index.query.QueryBuilders;
+import org.elasticsearch.search.sort.FieldSortBuilder;
+import org.elasticsearch.search.sort.SortBuilder;
+import org.elasticsearch.search.sort.SortBuilders;
+import org.elasticsearch.search.sort.SortOrder;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.springframework.data.domain.PageRequest;
+import org.springframework.data.elasticsearch.core.SearchHits;
+import org.springframework.data.elasticsearch.core.query.NativeSearchQuery;
+import org.springframework.data.elasticsearch.core.query.NativeSearchQueryBuilder;
+import org.springframework.util.CollectionUtils;
+import org.springframework.util.StringUtils;
+
+import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
+
 import cn.topiam.employee.audit.entity.AuditElasticSearchEntity;
 import cn.topiam.employee.audit.entity.Event;
 import cn.topiam.employee.audit.enums.EventType;
@@ -35,30 +60,6 @@ import cn.topiam.employee.console.pojo.update.account.UserUpdateParam;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
-import com.google.common.collect.Lists;
-import com.google.common.collect.Sets;
-import org.elasticsearch.index.query.BoolQueryBuilder;
-import org.elasticsearch.index.query.QueryBuilders;
-import org.elasticsearch.search.sort.FieldSortBuilder;
-import org.elasticsearch.search.sort.SortBuilder;
-import org.elasticsearch.search.sort.SortBuilders;
-import org.elasticsearch.search.sort.SortOrder;
-import org.mapstruct.Mapper;
-import org.mapstruct.Mapping;
-import org.springframework.data.domain.PageRequest;
-import org.springframework.data.elasticsearch.core.SearchHits;
-import org.springframework.data.elasticsearch.core.query.NativeSearchQuery;
-import org.springframework.data.elasticsearch.core.query.NativeSearchQueryBuilder;
-import org.springframework.util.CollectionUtils;
-import org.springframework.util.StringUtils;
-
-import java.time.LocalDateTime;
-import java.time.ZoneId;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-import java.util.Set;
-
 import static cn.topiam.employee.audit.entity.Actor.ACTOR_ID;
 import static cn.topiam.employee.audit.entity.Event.EVENT_TIME;
 import static cn.topiam.employee.audit.entity.Event.EVENT_TYPE;
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserGroupConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserGroupConverter.java
index 9c48feec..035d8edb 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserGroupConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserGroupConverter.java
@@ -17,6 +17,18 @@
  */
 package cn.topiam.employee.console.converter.account;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.springframework.util.CollectionUtils;
+
+import com.google.common.collect.Lists;
+import com.querydsl.core.types.ExpressionUtils;
+import com.querydsl.core.types.Predicate;
+
 import cn.topiam.employee.common.entity.account.QUserGroupEntity;
 import cn.topiam.employee.common.entity.account.UserEntity;
 import cn.topiam.employee.common.entity.account.UserGroupEntity;
@@ -29,16 +41,6 @@ import cn.topiam.employee.console.pojo.save.account.UserGroupCreateParam;
 import cn.topiam.employee.console.pojo.update.account.UserGroupUpdateParam;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
 import cn.topiam.employee.support.repository.page.domain.Page;
-import com.google.common.collect.Lists;
-import com.querydsl.core.types.ExpressionUtils;
-import com.querydsl.core.types.Predicate;
-import org.apache.commons.lang3.StringUtils;
-import org.mapstruct.Mapper;
-import org.mapstruct.Mapping;
-import org.springframework.util.CollectionUtils;
-
-import java.util.ArrayList;
-import java.util.List;
 
 /**
  * 用户映射
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppAccessPolicyConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppAccessPolicyConverter.java
index ed582e01..e5769e01 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppAccessPolicyConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppAccessPolicyConverter.java
@@ -17,16 +17,17 @@
  */
 package cn.topiam.employee.console.converter.app;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import org.mapstruct.Mapper;
+import org.springframework.util.CollectionUtils;
+
 import cn.topiam.employee.common.entity.app.AppAccessPolicyEntity;
 import cn.topiam.employee.common.entity.app.po.AppAccessPolicyPO;
 import cn.topiam.employee.console.pojo.result.app.AppAccessPolicyResult;
 import cn.topiam.employee.console.pojo.save.app.AppAccessPolicyCreateParam;
 import cn.topiam.employee.support.repository.page.domain.Page;
-import org.mapstruct.Mapper;
-import org.springframework.util.CollectionUtils;
-
-import java.util.ArrayList;
-import java.util.List;
 
 /**
  * 应用授权策略 Converter
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppAccountConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppAccountConverter.java
index ed00604a..0bf236fc 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppAccountConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppAccountConverter.java
@@ -17,17 +17,18 @@
  */
 package cn.topiam.employee.console.converter.app;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.springframework.util.CollectionUtils;
+
 import cn.topiam.employee.common.entity.app.AppAccountEntity;
 import cn.topiam.employee.common.entity.app.po.AppAccountPO;
 import cn.topiam.employee.console.pojo.result.app.AppAccountListResult;
 import cn.topiam.employee.console.pojo.save.app.AppAccountCreateParam;
 import cn.topiam.employee.support.repository.page.domain.Page;
-import org.mapstruct.Mapper;
-import org.mapstruct.Mapping;
-import org.springframework.util.CollectionUtils;
-
-import java.util.ArrayList;
-import java.util.List;
 
 /**
  * 应用账户映射
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppCertConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppCertConverter.java
index c9d706f1..958c9504 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppCertConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppCertConverter.java
@@ -17,18 +17,20 @@
  */
 package cn.topiam.employee.console.converter.app;
 
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+
+import org.apache.commons.lang3.StringUtils;
+import org.mapstruct.Mapper;
+
+import com.querydsl.core.types.ExpressionUtils;
+import com.querydsl.core.types.Predicate;
+
 import cn.topiam.employee.common.entity.app.AppCertEntity;
 import cn.topiam.employee.common.entity.app.QAppCertEntity;
 import cn.topiam.employee.console.pojo.query.app.AppCertQuery;
 import cn.topiam.employee.console.pojo.result.app.AppCertListResult;
-import com.querydsl.core.types.ExpressionUtils;
-import com.querydsl.core.types.Predicate;
-import org.apache.commons.lang3.StringUtils;
-import org.mapstruct.Mapper;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Objects;
 
 /**
  * 应用证书Converter
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppConverter.java
index e82a13ca..13ed15a8 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppConverter.java
@@ -17,6 +17,19 @@
  */
 package cn.topiam.employee.console.converter.app;
 
+import java.util.List;
+import java.util.Objects;
+
+import org.apache.commons.lang3.StringUtils;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.springframework.util.AlternativeJdkIdGenerator;
+import org.springframework.util.IdGenerator;
+
+import com.google.common.collect.Lists;
+import com.querydsl.core.types.ExpressionUtils;
+import com.querydsl.core.types.Predicate;
+
 import cn.topiam.employee.application.ApplicationService;
 import cn.topiam.employee.application.ApplicationServiceLoader;
 import cn.topiam.employee.common.entity.app.AppEntity;
@@ -27,17 +40,6 @@ import cn.topiam.employee.console.pojo.result.app.AppListResult;
 import cn.topiam.employee.console.pojo.update.app.AppUpdateParam;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
 import cn.topiam.employee.support.repository.page.domain.Page;
-import com.google.common.collect.Lists;
-import com.querydsl.core.types.ExpressionUtils;
-import com.querydsl.core.types.Predicate;
-import org.apache.commons.lang3.StringUtils;
-import org.mapstruct.Mapper;
-import org.mapstruct.Mapping;
-import org.springframework.util.AlternativeJdkIdGenerator;
-import org.springframework.util.IdGenerator;
-
-import java.util.List;
-import java.util.Objects;
 
 /**
  * 应用映射
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionActionConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionActionConverter.java
index 76992fb4..bdfb9cd4 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionActionConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionActionConverter.java
@@ -17,21 +17,23 @@
  */
 package cn.topiam.employee.console.converter.app;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.springframework.util.ObjectUtils;
+
+import com.querydsl.core.types.ExpressionUtils;
+import com.querydsl.core.types.Predicate;
+
 import cn.topiam.employee.common.entity.app.AppPermissionActionEntity;
 import cn.topiam.employee.common.entity.app.AppPermissionResourceEntity;
 import cn.topiam.employee.common.entity.app.QAppPermissionResourceEntity;
 import cn.topiam.employee.common.enums.PermissionActionType;
 import cn.topiam.employee.console.pojo.query.app.AppPermissionActionListQuery;
 import cn.topiam.employee.console.pojo.result.app.AppPermissionActionListResult;
-import com.querydsl.core.types.ExpressionUtils;
-import com.querydsl.core.types.Predicate;
-import org.apache.commons.lang3.StringUtils;
-import org.mapstruct.Mapper;
-import org.mapstruct.Mapping;
-import org.springframework.util.ObjectUtils;
-
-import java.util.ArrayList;
-import java.util.List;
 
 /**
  * 权限映射
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionPolicyConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionPolicyConverter.java
index 4ae16b32..1797d095 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionPolicyConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionPolicyConverter.java
@@ -17,18 +17,19 @@
  */
 package cn.topiam.employee.console.converter.app;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.springframework.util.CollectionUtils;
+
 import cn.topiam.employee.common.entity.app.AppPermissionPolicyEntity;
 import cn.topiam.employee.common.entity.app.po.AppPermissionPolicyPO;
 import cn.topiam.employee.console.pojo.result.app.AppPermissionPolicyListResult;
 import cn.topiam.employee.console.pojo.save.app.AppPermissionPolicyCreateParam;
 import cn.topiam.employee.console.pojo.update.app.AppPermissionPolicyUpdateParam;
 import cn.topiam.employee.support.repository.page.domain.Page;
-import org.mapstruct.Mapper;
-import org.mapstruct.Mapping;
-import org.springframework.util.CollectionUtils;
-
-import java.util.ArrayList;
-import java.util.List;
 
 /**
  * 策略映射
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionResourceConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionResourceConverter.java
index f9c4c3db..9d09c161 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionResourceConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionResourceConverter.java
@@ -17,6 +17,18 @@
  */
 package cn.topiam.employee.console.converter.app;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.springframework.util.CollectionUtils;
+import org.springframework.util.ObjectUtils;
+
+import com.querydsl.core.types.ExpressionUtils;
+import com.querydsl.core.types.Predicate;
+
 import cn.topiam.employee.common.entity.app.AppPermissionResourceEntity;
 import cn.topiam.employee.common.entity.app.QAppPermissionResourceEntity;
 import cn.topiam.employee.console.pojo.query.app.AppResourceListQuery;
@@ -25,16 +37,6 @@ import cn.topiam.employee.console.pojo.result.app.AppPermissionResourceListResul
 import cn.topiam.employee.console.pojo.save.app.AppPermissionResourceCreateParam;
 import cn.topiam.employee.console.pojo.update.app.AppPermissionResourceUpdateParam;
 import cn.topiam.employee.support.repository.page.domain.Page;
-import com.querydsl.core.types.ExpressionUtils;
-import com.querydsl.core.types.Predicate;
-import org.apache.commons.lang3.StringUtils;
-import org.mapstruct.Mapper;
-import org.mapstruct.Mapping;
-import org.springframework.util.CollectionUtils;
-import org.springframework.util.ObjectUtils;
-
-import java.util.ArrayList;
-import java.util.List;
 
 /**
  * 资源映射
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionRoleConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionRoleConverter.java
index ea503a57..2cc39295 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionRoleConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionRoleConverter.java
@@ -17,6 +17,18 @@
  */
 package cn.topiam.employee.console.converter.app;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.springframework.util.CollectionUtils;
+import org.springframework.util.ObjectUtils;
+
+import com.querydsl.core.types.ExpressionUtils;
+import com.querydsl.core.types.Predicate;
+
 import cn.topiam.employee.common.entity.app.AppPermissionRoleEntity;
 import cn.topiam.employee.common.entity.app.QAppPermissionRoleEntity;
 import cn.topiam.employee.console.pojo.query.app.AppPermissionRoleListQuery;
@@ -25,16 +37,6 @@ import cn.topiam.employee.console.pojo.result.app.AppPermissionRoleResult;
 import cn.topiam.employee.console.pojo.save.app.AppPermissionRoleCreateParam;
 import cn.topiam.employee.console.pojo.update.app.PermissionRoleUpdateParam;
 import cn.topiam.employee.support.repository.page.domain.Page;
-import com.querydsl.core.types.ExpressionUtils;
-import com.querydsl.core.types.Predicate;
-import org.apache.commons.lang3.StringUtils;
-import org.mapstruct.Mapper;
-import org.mapstruct.Mapping;
-import org.springframework.util.CollectionUtils;
-import org.springframework.util.ObjectUtils;
-
-import java.util.ArrayList;
-import java.util.List;
 
 /**
  * 角色映射
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/UserIdpBindConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/UserIdpBindConverter.java
index b2fbe605..710d2dd6 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/UserIdpBindConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/UserIdpBindConverter.java
@@ -17,13 +17,14 @@
  */
 package cn.topiam.employee.console.converter.app;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import org.mapstruct.Mapper;
+
 import cn.topiam.employee.common.entity.account.po.UserIdpBindPo;
 import cn.topiam.employee.console.pojo.result.app.UserIdpBindListResult;
 import cn.topiam.employee.support.repository.page.domain.Page;
-import org.mapstruct.Mapper;
-
-import java.util.ArrayList;
-import java.util.List;
 
 /**
  * 用户身份提供商绑定
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/authentication/IdentityProviderConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/authentication/IdentityProviderConverter.java
index 01f2a460..e3e62d9c 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/authentication/IdentityProviderConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/authentication/IdentityProviderConverter.java
@@ -17,6 +17,24 @@
  */
 package cn.topiam.employee.console.converter.authentication;
 
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+
+import javax.validation.ConstraintViolationException;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.springframework.data.querydsl.QPageRequest;
+
+import com.alibaba.fastjson2.JSONObject;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.querydsl.core.types.ExpressionUtils;
+import com.querydsl.core.types.Predicate;
+
 import cn.topiam.employee.authentication.common.IdentityProviderCategory;
 import cn.topiam.employee.authentication.common.IdentityProviderType;
 import cn.topiam.employee.authentication.common.config.IdentityProviderConfig;
@@ -39,22 +57,6 @@ import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.repository.page.domain.QueryDslRequest;
 import cn.topiam.employee.support.validation.ValidationHelp;
-import com.alibaba.fastjson2.JSONObject;
-import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.querydsl.core.types.ExpressionUtils;
-import com.querydsl.core.types.Predicate;
-import org.apache.commons.lang3.RandomStringUtils;
-import org.mapstruct.Mapper;
-import org.mapstruct.Mapping;
-import org.springframework.data.querydsl.QPageRequest;
-
-import javax.validation.ConstraintViolationException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Objects;
-
 import static cn.topiam.employee.authentication.common.IdentityProviderType.*;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceConverter.java
index 4aeccc6d..56a7f73c 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceConverter.java
@@ -17,6 +17,25 @@
  */
 package cn.topiam.employee.console.converter.identitysource;
 
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+
+import javax.validation.ConstraintViolationException;
+
+import org.apache.commons.lang3.StringUtils;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.springframework.data.domain.Page;
+import org.springframework.data.querydsl.QPageRequest;
+import org.springframework.util.CollectionUtils;
+
+import com.alibaba.fastjson2.JSONObject;
+import com.alibaba.fastjson2.JSONWriter;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.querydsl.core.types.ExpressionUtils;
+import com.querydsl.core.types.Predicate;
+
 import cn.topiam.employee.common.constants.CommonConstants;
 import cn.topiam.employee.common.entity.identitysource.IdentitySourceEntity;
 import cn.topiam.employee.common.entity.identitysource.QIdentitySourceEntity;
@@ -31,28 +50,12 @@ import cn.topiam.employee.console.pojo.update.identity.IdentitySourceUpdateParam
 import cn.topiam.employee.core.context.ServerContextHelp;
 import cn.topiam.employee.identitysource.core.IdentitySourceConfig;
 import cn.topiam.employee.identitysource.dingtalk.DingTalkConfig;
-import cn.topiam.employee.identitysource.ldap.LdapConfig;
+import cn.topiam.employee.identitysource.feishu.FeiShuConfig;
 import cn.topiam.employee.identitysource.wechatwork.WeChatWorkConfig;
 import cn.topiam.employee.support.exception.TopIamException;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.repository.page.domain.QueryDslRequest;
 import cn.topiam.employee.support.validation.ValidationHelp;
-import com.alibaba.fastjson2.JSONObject;
-import com.alibaba.fastjson2.JSONWriter;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.querydsl.core.types.ExpressionUtils;
-import com.querydsl.core.types.Predicate;
-import org.apache.commons.lang3.StringUtils;
-import org.mapstruct.Mapper;
-import org.mapstruct.Mapping;
-import org.springframework.data.domain.Page;
-import org.springframework.data.querydsl.QPageRequest;
-import org.springframework.util.CollectionUtils;
-
-import javax.validation.ConstraintViolationException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Objects;
 
 /**
  * 身份源转换器
@@ -204,7 +207,7 @@ public interface IdentitySourceConverter {
         }
         //飞书
         if (Objects.equals(provider, IdentitySourceProvider.FEISHU)) {
-            clientConfig = param.getBasicConfig().to(LdapConfig.class);
+            clientConfig = param.getBasicConfig().to(FeiShuConfig.class);
         }
         //放置参数，并验证参数
         if (!Objects.nonNull(clientConfig)) {
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceEventRecordConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceEventRecordConverter.java
index f5b62ba0..1275ceb6 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceEventRecordConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceEventRecordConverter.java
@@ -17,6 +17,17 @@
  */
 package cn.topiam.employee.console.converter.identitysource;
 
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+
+import org.apache.commons.lang3.StringUtils;
+import org.mapstruct.Mapper;
+import org.springframework.util.CollectionUtils;
+
+import com.querydsl.core.types.ExpressionUtils;
+import com.querydsl.core.types.Predicate;
+
 import cn.topiam.employee.common.entity.account.UserGroupEntity;
 import cn.topiam.employee.common.entity.identitysource.IdentitySourceEventRecordEntity;
 import cn.topiam.employee.common.entity.identitysource.QIdentitySourceEventRecordEntity;
@@ -25,15 +36,6 @@ import cn.topiam.employee.console.pojo.result.account.UserGroupListResult;
 import cn.topiam.employee.console.pojo.result.identitysource.IdentitySourceEventRecordListResult;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
 import cn.topiam.employee.support.repository.page.domain.Page;
-import com.querydsl.core.types.ExpressionUtils;
-import com.querydsl.core.types.Predicate;
-import org.apache.commons.lang3.StringUtils;
-import org.mapstruct.Mapper;
-import org.springframework.util.CollectionUtils;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Objects;
 
 /**
  * 身份源事件记录转换器
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceSyncConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceSyncConverter.java
index f4f8efa1..4be08506 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceSyncConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceSyncConverter.java
@@ -17,6 +17,18 @@
  */
 package cn.topiam.employee.console.converter.identitysource;
 
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+
+import org.apache.commons.lang3.StringUtils;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.springframework.util.CollectionUtils;
+
+import com.querydsl.core.types.ExpressionUtils;
+import com.querydsl.core.types.Predicate;
+
 import cn.topiam.employee.common.entity.account.UserGroupEntity;
 import cn.topiam.employee.common.entity.identitysource.IdentitySourceSyncHistoryEntity;
 import cn.topiam.employee.common.entity.identitysource.IdentitySourceSyncRecordEntity;
@@ -28,16 +40,6 @@ import cn.topiam.employee.console.pojo.result.account.UserGroupListResult;
 import cn.topiam.employee.console.pojo.result.identitysource.IdentitySourceSyncHistoryListResult;
 import cn.topiam.employee.console.pojo.result.identitysource.IdentitySourceSyncRecordListResult;
 import cn.topiam.employee.support.repository.page.domain.Page;
-import com.querydsl.core.types.ExpressionUtils;
-import com.querydsl.core.types.Predicate;
-import org.apache.commons.lang3.StringUtils;
-import org.mapstruct.Mapper;
-import org.mapstruct.Mapping;
-import org.springframework.util.CollectionUtils;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Objects;
 
 /**
  * 身份源转换器
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/AdministratorConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/AdministratorConverter.java
index fbd9b885..40187a65 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/AdministratorConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/AdministratorConverter.java
@@ -17,6 +17,17 @@
  */
 package cn.topiam.employee.console.converter.setting;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.springframework.util.CollectionUtils;
+
+import com.querydsl.core.types.ExpressionUtils;
+import com.querydsl.core.types.Predicate;
+
 import cn.topiam.employee.common.entity.account.query.UserListQuery;
 import cn.topiam.employee.common.entity.setting.AdministratorEntity;
 import cn.topiam.employee.common.entity.setting.QAdministratorEntity;
@@ -26,15 +37,6 @@ import cn.topiam.employee.console.pojo.result.setting.AdministratorResult;
 import cn.topiam.employee.console.pojo.save.setting.AdministratorCreateParam;
 import cn.topiam.employee.console.pojo.update.setting.AdministratorUpdateParam;
 import cn.topiam.employee.support.repository.page.domain.Page;
-import com.querydsl.core.types.ExpressionUtils;
-import com.querydsl.core.types.Predicate;
-import org.apache.commons.lang3.StringUtils;
-import org.mapstruct.Mapper;
-import org.mapstruct.Mapping;
-import org.springframework.util.CollectionUtils;
-
-import java.util.ArrayList;
-import java.util.List;
 
 /**
  * 管理员映射
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/GeoLocationSettingConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/GeoLocationSettingConverter.java
index 018679c0..ed5fb140 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/GeoLocationSettingConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/GeoLocationSettingConverter.java
@@ -17,6 +17,16 @@
  */
 package cn.topiam.employee.console.converter.setting;
 
+import java.util.Objects;
+
+import javax.validation.ValidationException;
+
+import org.mapstruct.Mapper;
+
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
 import cn.topiam.employee.common.crypto.EncryptionModule;
 import cn.topiam.employee.common.entity.setting.SettingEntity;
 import cn.topiam.employee.common.geo.GeoLocationProviderConfig;
@@ -27,14 +37,6 @@ import cn.topiam.employee.console.pojo.result.setting.GeoIpProviderResult;
 import cn.topiam.employee.console.pojo.save.setting.GeoIpProviderSaveParam;
 import cn.topiam.employee.console.pojo.save.setting.MailProviderSaveParam;
 import cn.topiam.employee.support.validation.ValidationHelp;
-import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import org.mapstruct.Mapper;
-
-import javax.validation.ValidationException;
-import java.util.Objects;
-
 import static cn.topiam.employee.core.setting.constant.GeoIpProviderConstants.IPADDRESS_SETTING_NAME;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/MailTemplateConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/MailTemplateConverter.java
index d82bc1f7..ad3cd948 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/MailTemplateConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/MailTemplateConverter.java
@@ -17,19 +17,20 @@
  */
 package cn.topiam.employee.console.converter.setting;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+
 import cn.topiam.employee.common.entity.setting.MailTemplateEntity;
 import cn.topiam.employee.common.enums.MailType;
 import cn.topiam.employee.console.pojo.result.setting.EmailTemplateListResult;
 import cn.topiam.employee.console.pojo.result.setting.EmailTemplateResult;
 import cn.topiam.employee.console.pojo.save.setting.EmailCustomTemplateSaveParam;
-import org.mapstruct.Mapper;
-import org.mapstruct.Mapping;
-
-import java.util.ArrayList;
-import java.util.List;
+import static org.springframework.web.util.HtmlUtils.htmlUnescape;
 
 import static cn.topiam.employee.core.message.mail.MailUtils.readEmailContent;
-import static org.springframework.web.util.HtmlUtils.htmlUnescape;
 
 /**
  * 消息服务数据映射
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/MessageSettingConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/MessageSettingConverter.java
index fea04195..55c5e904 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/MessageSettingConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/MessageSettingConverter.java
@@ -17,6 +17,18 @@
  */
 package cn.topiam.employee.console.converter.setting;
 
+import java.util.Objects;
+
+import javax.validation.ValidationException;
+
+import org.mapstruct.Mapper;
+
+import com.alibaba.fastjson2.JSONObject;
+import com.alibaba.fastjson2.JSONWriter;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
 import cn.topiam.employee.common.crypto.EncryptContextHelp;
 import cn.topiam.employee.common.crypto.EncryptionModule;
 import cn.topiam.employee.common.entity.setting.SettingEntity;
@@ -35,16 +47,6 @@ import cn.topiam.employee.console.pojo.save.setting.MailProviderSaveParam;
 import cn.topiam.employee.console.pojo.save.setting.SmsProviderSaveParam;
 import cn.topiam.employee.console.pojo.setting.SmsProviderConfigResult;
 import cn.topiam.employee.support.validation.ValidationHelp;
-import com.alibaba.fastjson2.JSONObject;
-import com.alibaba.fastjson2.JSONWriter;
-import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import org.mapstruct.Mapper;
-
-import javax.validation.ValidationException;
-import java.util.Objects;
-
 import static cn.topiam.employee.core.context.SettingContextHelp.getSmsProviderConfig;
 import static cn.topiam.employee.core.setting.constant.MessageSettingConstants.MESSAGE_PROVIDER_EMAIL;
 import static cn.topiam.employee.core.setting.constant.MessageSettingConstants.MESSAGE_SMS_PROVIDER;
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/PasswordPolicyConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/PasswordPolicyConverter.java
index 8acd4589..a147cd7e 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/PasswordPolicyConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/PasswordPolicyConverter.java
@@ -17,17 +17,17 @@
  */
 package cn.topiam.employee.console.converter.setting;
 
-import cn.topiam.employee.common.entity.setting.SettingEntity;
-import cn.topiam.employee.console.pojo.result.setting.PasswordPolicyConfigResult;
-import cn.topiam.employee.console.pojo.save.setting.PasswordPolicySaveParam;
-import cn.topiam.employee.core.security.password.enums.PasswordComplexityRule;
+import java.util.*;
+import java.util.stream.Collectors;
+
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.mapstruct.Mapper;
 
-import java.util.*;
-import java.util.stream.Collectors;
-
+import cn.topiam.employee.common.entity.setting.SettingEntity;
+import cn.topiam.employee.console.pojo.result.setting.PasswordPolicyConfigResult;
+import cn.topiam.employee.console.pojo.save.setting.PasswordPolicySaveParam;
+import cn.topiam.employee.core.security.password.enums.PasswordComplexityRule;
 import static cn.topiam.employee.core.setting.constant.PasswordPolicySettingConstants.*;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/SecuritySettingConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/SecuritySettingConverter.java
index d4d01d0f..7a80a980 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/SecuritySettingConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/SecuritySettingConverter.java
@@ -17,6 +17,21 @@
  */
 package cn.topiam.employee.console.converter.setting;
 
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.stream.Collectors;
+
+import javax.validation.ValidationException;
+
+import org.apache.commons.lang3.ObjectUtils;
+import org.mapstruct.Mapper;
+
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
 import cn.topiam.employee.authentication.captcha.geetest.GeeTestCaptchaProviderConfig;
 import cn.topiam.employee.common.entity.setting.SettingEntity;
 import cn.topiam.employee.common.enums.CaptchaProviderType;
@@ -30,21 +45,9 @@ import cn.topiam.employee.console.pojo.save.setting.SecurityCaptchaSaveParam;
 import cn.topiam.employee.console.pojo.save.setting.SecurityMfaSaveParam;
 import cn.topiam.employee.core.security.captcha.CaptchaProviderConfig;
 import cn.topiam.employee.support.validation.ValidationHelp;
-import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import org.apache.commons.lang3.ObjectUtils;
-import org.mapstruct.Mapper;
-
-import javax.validation.ValidationException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.stream.Collectors;
-
 import static cn.topiam.employee.core.setting.constant.MfaSettingConstants.*;
 import static cn.topiam.employee.core.setting.constant.SecuritySettingConstants.*;
+
 import static liquibase.sqlgenerator.core.MarkChangeSetRanGenerator.COMMA;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/StorageSettingConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/StorageSettingConverter.java
index 8f849c95..2613062e 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/StorageSettingConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/StorageSettingConverter.java
@@ -17,6 +17,16 @@
  */
 package cn.topiam.employee.console.converter.setting;
 
+import java.util.Objects;
+
+import javax.validation.ValidationException;
+
+import org.mapstruct.Mapper;
+
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
 import cn.topiam.employee.common.crypto.EncryptionModule;
 import cn.topiam.employee.common.entity.setting.SettingEntity;
 import cn.topiam.employee.common.storage.StorageConfig;
@@ -28,14 +38,6 @@ import cn.topiam.employee.common.storage.impl.QiNiuKodoStorage;
 import cn.topiam.employee.console.pojo.result.setting.StorageProviderConfigResult;
 import cn.topiam.employee.console.pojo.save.setting.StorageConfigSaveParam;
 import cn.topiam.employee.support.validation.ValidationHelp;
-import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import org.mapstruct.Mapper;
-
-import javax.validation.ValidationException;
-import java.util.Objects;
-
 import static cn.topiam.employee.core.setting.constant.StorageProviderSettingConstants.STORAGE_PROVIDER_KEY;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/listener/ConsoleAdminPasswordInitializeListener.java b/eiam-console/src/main/java/cn/topiam/employee/console/listener/ConsoleAdminPasswordInitializeListener.java
index f5637cf5..c54c9ff7 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/listener/ConsoleAdminPasswordInitializeListener.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/listener/ConsoleAdminPasswordInitializeListener.java
@@ -17,10 +17,13 @@
  */
 package cn.topiam.employee.console.listener;
 
-import cn.topiam.employee.common.entity.setting.AdministratorEntity;
-import cn.topiam.employee.common.enums.UserStatus;
-import cn.topiam.employee.common.repository.setting.AdministratorRepository;
-import cn.topiam.employee.support.trace.TraceUtils;
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileWriter;
+import java.util.Locale;
+import java.util.Optional;
+import java.util.concurrent.TimeUnit;
+
 import org.redisson.api.RLock;
 import org.redisson.api.RedissonClient;
 import org.slf4j.Logger;
@@ -34,13 +37,10 @@ import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.JdkIdGenerator;
 
-import java.io.BufferedWriter;
-import java.io.File;
-import java.io.FileWriter;
-import java.util.Locale;
-import java.util.Optional;
-import java.util.concurrent.TimeUnit;
-
+import cn.topiam.employee.common.entity.setting.AdministratorEntity;
+import cn.topiam.employee.common.enums.UserStatus;
+import cn.topiam.employee.common.repository.setting.AdministratorRepository;
+import cn.topiam.employee.support.trace.TraceUtils;
 import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_ADMIN_USERNAME;
 import static cn.topiam.employee.support.lock.LockAspect.getTopiamLockKeyPrefix;
 import static cn.topiam.employee.support.util.CreateFileUtil.createFile;
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/listener/ConsoleAesSecretInitializeListener.java b/eiam-console/src/main/java/cn/topiam/employee/console/listener/ConsoleAesSecretInitializeListener.java
index 643425bc..77af6e72 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/listener/ConsoleAesSecretInitializeListener.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/listener/ConsoleAesSecretInitializeListener.java
@@ -17,10 +17,9 @@
  */
 package cn.topiam.employee.console.listener;
 
-import cn.topiam.employee.common.entity.setting.SettingEntity;
-import cn.topiam.employee.common.repository.setting.SettingRepository;
-import cn.topiam.employee.support.trace.TraceUtils;
-import cn.topiam.employee.support.util.AesUtils;
+import java.util.Objects;
+import java.util.concurrent.TimeUnit;
+
 import org.redisson.api.RLock;
 import org.redisson.api.RedissonClient;
 import org.springframework.boot.SpringApplication;
@@ -31,9 +30,10 @@ import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.JdkIdGenerator;
 
-import java.util.Objects;
-import java.util.concurrent.TimeUnit;
-
+import cn.topiam.employee.common.entity.setting.SettingEntity;
+import cn.topiam.employee.common.repository.setting.SettingRepository;
+import cn.topiam.employee.support.trace.TraceUtils;
+import cn.topiam.employee.support.util.AesUtils;
 import static cn.topiam.employee.common.constants.SettingConstants.AES_SECRET;
 import static cn.topiam.employee.support.constant.EiamConstants.COLON;
 import static cn.topiam.employee.support.lock.LockAspect.getTopiamLockKeyPrefix;
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/other/IdentitySourceConfigValidatorParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/other/IdentitySourceConfigValidatorParam.java
index 4b17118d..961e3ffc 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/other/IdentitySourceConfigValidatorParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/other/IdentitySourceConfigValidatorParam.java
@@ -17,16 +17,21 @@
  */
 package cn.topiam.employee.console.pojo.other;
 
-import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider;
+import java.io.Serial;
+import java.io.Serializable;
+
+import javax.validation.constraints.NotNull;
+
+import org.springdoc.api.annotations.ParameterObject;
+
 import com.alibaba.fastjson2.JSONObject;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
+import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider;
+
 import lombok.Data;
-import org.springdoc.api.annotations.ParameterObject;
 
-import javax.validation.constraints.NotNull;
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 身份源配置验证器入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/other/OrganizationExcelData.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/other/OrganizationExcelData.java
index 1c427d4d..070bfb7c 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/other/OrganizationExcelData.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/other/OrganizationExcelData.java
@@ -17,15 +17,19 @@
  */
 package cn.topiam.employee.console.pojo.other;
 
-import cn.topiam.employee.common.enums.OrganizationType;
+import java.io.Serial;
+import java.io.Serializable;
+
+import javax.validation.constraints.NotNull;
+
+import org.hibernate.validator.constraints.Length;
+
 import com.alibaba.excel.annotation.ExcelProperty;
 import com.alibaba.excel.annotation.write.style.ColumnWidth;
-import lombok.Data;
-import org.hibernate.validator.constraints.Length;
 
-import javax.validation.constraints.NotNull;
-import java.io.Serial;
-import java.io.Serializable;
+import cn.topiam.employee.common.enums.OrganizationType;
+
+import lombok.Data;
 
 /**
  * 组织架构Excel
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/account/UserGroupListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/account/UserGroupListQuery.java
index 2be6c9ab..568a739d 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/account/UserGroupListQuery.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/account/UserGroupListQuery.java
@@ -17,14 +17,16 @@
  */
 package cn.topiam.employee.console.pojo.query.account;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-import org.springdoc.api.annotations.ParameterObject;
-
 import java.io.Serial;
 import java.io.Serializable;
 
+import org.springdoc.api.annotations.ParameterObject;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 查询用户列表入参
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/analysis/AnalysisQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/analysis/AnalysisQuery.java
index 6ba9bca9..bec2a93c 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/analysis/AnalysisQuery.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/analysis/AnalysisQuery.java
@@ -17,17 +17,19 @@
  */
 package cn.topiam.employee.console.pojo.query.analysis;
 
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-import lombok.Getter;
-import org.elasticsearch.search.aggregations.bucket.histogram.DateHistogramInterval;
-import org.springframework.format.annotation.DateTimeFormat;
-
-import javax.validation.constraints.NotNull;
 import java.io.Serializable;
 import java.time.LocalDateTime;
 import java.time.Period;
 
+import javax.validation.constraints.NotNull;
+
+import org.elasticsearch.search.aggregations.bucket.histogram.DateHistogramInterval;
+import org.springframework.format.annotation.DateTimeFormat;
+
+import lombok.Data;
+import lombok.Getter;
+
+import io.swagger.v3.oas.annotations.media.Schema;
 import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppCertQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppCertQuery.java
index 59cac4e1..4098aa57 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppCertQuery.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppCertQuery.java
@@ -17,14 +17,18 @@
  */
 package cn.topiam.employee.console.pojo.query.app;
 
+import java.io.Serializable;
+
+import javax.validation.constraints.NotBlank;
+
+import org.springdoc.api.annotations.ParameterObject;
+
 import cn.topiam.employee.common.enums.app.AppCertUsingType;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
-import org.springdoc.api.annotations.ParameterObject;
 
-import javax.validation.constraints.NotBlank;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 查询应用证书列表入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionActionListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionActionListQuery.java
index 6822403f..554ea08a 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionActionListQuery.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionActionListQuery.java
@@ -17,15 +17,18 @@
  */
 package cn.topiam.employee.console.pojo.query.app;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-import org.springdoc.api.annotations.ParameterObject;
-
-import javax.validation.constraints.NotEmpty;
 import java.io.Serial;
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+
+import org.springdoc.api.annotations.ParameterObject;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 查询权限列表入参
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionRoleListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionRoleListQuery.java
index f3b9835a..f274045c 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionRoleListQuery.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionRoleListQuery.java
@@ -17,13 +17,16 @@
  */
 package cn.topiam.employee.console.pojo.query.app;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-import org.springdoc.api.annotations.ParameterObject;
+import java.io.Serializable;
 
 import javax.validation.constraints.NotNull;
-import java.io.Serializable;
+
+import org.springdoc.api.annotations.ParameterObject;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 分页查询角色入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppQuery.java
index 164e2a62..a5fd4d81 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppQuery.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppQuery.java
@@ -17,13 +17,16 @@
  */
 package cn.topiam.employee.console.pojo.query.app;
 
+import java.io.Serializable;
+
+import org.springdoc.api.annotations.ParameterObject;
+
 import cn.topiam.employee.common.enums.app.AppProtocol;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
-import org.springdoc.api.annotations.ParameterObject;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 查询应用列表入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppResourceListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppResourceListQuery.java
index 96bb49a4..e7c706ff 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppResourceListQuery.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppResourceListQuery.java
@@ -17,13 +17,16 @@
  */
 package cn.topiam.employee.console.pojo.query.app;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-import org.springdoc.api.annotations.ParameterObject;
+import java.io.Serializable;
 
 import javax.validation.constraints.NotNull;
-import java.io.Serializable;
+
+import org.springdoc.api.annotations.ParameterObject;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 分页查询资源入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/authentication/IdentityProviderListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/authentication/IdentityProviderListQuery.java
index 02cc739e..01989573 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/authentication/IdentityProviderListQuery.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/authentication/IdentityProviderListQuery.java
@@ -17,15 +17,18 @@
  */
 package cn.topiam.employee.console.pojo.query.authentication;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-import org.springdoc.api.annotations.ParameterObject;
-
-import javax.validation.constraints.NotNull;
 import java.io.Serial;
 import java.io.Serializable;
 
+import javax.validation.constraints.NotNull;
+
+import org.springdoc.api.annotations.ParameterObject;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * @author TopIAM
  * Created by support@topiam.cn on  2022/3/21 20:52
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceEventRecordListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceEventRecordListQuery.java
index 334dc26c..1b7826ea 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceEventRecordListQuery.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceEventRecordListQuery.java
@@ -17,16 +17,19 @@
  */
 package cn.topiam.employee.console.pojo.query.identity;
 
+import java.io.Serial;
+import java.io.Serializable;
+
+import org.springdoc.api.annotations.ParameterObject;
+
 import cn.topiam.employee.common.enums.SyncStatus;
 import cn.topiam.employee.common.enums.identitysource.IdentitySourceActionType;
 import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
-import org.springdoc.api.annotations.ParameterObject;
 
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 查询身份源事件记录列表入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceListQuery.java
index 3c4ccd5e..acdd4b50 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceListQuery.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceListQuery.java
@@ -17,14 +17,16 @@
  */
 package cn.topiam.employee.console.pojo.query.identity;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-import org.springdoc.api.annotations.ParameterObject;
-
 import java.io.Serial;
 import java.io.Serializable;
 
+import org.springdoc.api.annotations.ParameterObject;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 查询身份源列表入参
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceSyncHistoryListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceSyncHistoryListQuery.java
index 7b7bb3fc..7875ed40 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceSyncHistoryListQuery.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceSyncHistoryListQuery.java
@@ -17,17 +17,21 @@
  */
 package cn.topiam.employee.console.pojo.query.identity;
 
+import java.io.Serial;
+import java.io.Serializable;
+
+import javax.validation.constraints.NotBlank;
+
+import org.springdoc.api.annotations.ParameterObject;
+
 import cn.topiam.employee.common.enums.SyncStatus;
 import cn.topiam.employee.common.enums.TriggerType;
 import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
-import org.springdoc.api.annotations.ParameterObject;
 
-import javax.validation.constraints.NotBlank;
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 查询身份源列表入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceSyncRecordListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceSyncRecordListQuery.java
index ece5523e..990cd980 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceSyncRecordListQuery.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceSyncRecordListQuery.java
@@ -17,17 +17,21 @@
  */
 package cn.topiam.employee.console.pojo.query.identity;
 
+import java.io.Serial;
+import java.io.Serializable;
+
+import javax.validation.constraints.NotBlank;
+
+import org.springdoc.api.annotations.ParameterObject;
+
 import cn.topiam.employee.common.enums.SyncStatus;
 import cn.topiam.employee.common.enums.identitysource.IdentitySourceActionType;
 import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
-import org.springdoc.api.annotations.ParameterObject;
 
-import javax.validation.constraints.NotBlank;
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 查询身份源同步详情入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/setting/AdministratorListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/setting/AdministratorListQuery.java
index 0cfde8ea..0df35661 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/setting/AdministratorListQuery.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/setting/AdministratorListQuery.java
@@ -17,10 +17,12 @@
  */
 package cn.topiam.employee.console.pojo.query.setting;
 
+import org.springdoc.api.annotations.ParameterObject;
+
+import lombok.Data;
+
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-import org.springdoc.api.annotations.ParameterObject;
 
 /**
  * @author TopIAM
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationChildResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationChildResult.java
index 5897d0f5..84b10b06 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationChildResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationChildResult.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.result.account;
 
+import java.io.Serial;
+import java.io.Serializable;
+
 import com.fasterxml.jackson.annotation.JsonProperty;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 获取子组织
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationResult.java
index fb8d1ed2..7be8b617 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationResult.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.result.account;
 
+import java.io.Serial;
+import java.io.Serializable;
+
 import cn.topiam.employee.common.enums.OrganizationType;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 获取组织
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationRootResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationRootResult.java
index 2ce3b684..d8443a5a 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationRootResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationRootResult.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.result.account;
 
+import java.io.Serial;
+import java.io.Serializable;
+
 import com.fasterxml.jackson.annotation.JsonProperty;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 获取根组织
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationTreeResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationTreeResult.java
index 1bb15ed7..86f26cce 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationTreeResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationTreeResult.java
@@ -17,15 +17,17 @@
  */
 package cn.topiam.employee.console.pojo.result.account;
 
-import com.fasterxml.jackson.annotation.JsonProperty;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
 import java.io.Serial;
 import java.io.Serializable;
 import java.util.List;
 
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 查询组织架构树结果
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupListResult.java
index a1cfefc3..5b820eea 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupListResult.java
@@ -17,13 +17,14 @@
  */
 package cn.topiam.employee.console.pojo.result.account;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serial;
+import java.io.Serializable;
+
 import lombok.Data;
 import lombok.experimental.Accessors;
 
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 用户分页查询结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupMemberListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupMemberListResult.java
index 87d8f014..58aa2152 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupMemberListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupMemberListResult.java
@@ -17,13 +17,14 @@
  */
 package cn.topiam.employee.console.pojo.result.account;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
 import java.io.Serial;
 import java.io.Serializable;
 
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 查询用户详情结果
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupResult.java
index b34ff118..1e3ec2ec 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupResult.java
@@ -17,13 +17,14 @@
  */
 package cn.topiam.employee.console.pojo.result.account;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
 import java.io.Serial;
 import java.io.Serializable;
 
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 查询用户分组详情
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserListResult.java
index 57341b48..a4c80d65 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserListResult.java
@@ -17,16 +17,17 @@
  */
 package cn.topiam.employee.console.pojo.result.account;
 
-import com.fasterxml.jackson.annotation.JsonFormat;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-import lombok.experimental.Accessors;
-
 import java.io.Serial;
 import java.io.Serializable;
 import java.time.LocalDateTime;
 
+import com.fasterxml.jackson.annotation.JsonFormat;
+
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserLoginAuditListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserLoginAuditListResult.java
index ba1bdbe5..f9791adb 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserLoginAuditListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserLoginAuditListResult.java
@@ -17,12 +17,14 @@
  */
 package cn.topiam.employee.console.pojo.result.account;
 
+import java.time.LocalDateTime;
+
 import cn.topiam.employee.audit.enums.EventStatus;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.time.LocalDateTime;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 用户登录日志返回结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserResult.java
index 91be82b1..708f5f05 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserResult.java
@@ -17,16 +17,17 @@
  */
 package cn.topiam.employee.console.pojo.result.account;
 
-import com.fasterxml.jackson.annotation.JsonFormat;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
 import java.io.Serial;
 import java.io.Serializable;
 import java.time.LocalDate;
 import java.time.LocalDateTime;
 
+import com.fasterxml.jackson.annotation.JsonFormat;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AppVisitRankResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AppVisitRankResult.java
index 92c44d71..23d1516a 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AppVisitRankResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AppVisitRankResult.java
@@ -17,11 +17,12 @@
  */
 package cn.topiam.employee.console.pojo.result.analysis;
 
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serializable;
+
 import lombok.AllArgsConstructor;
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 应用热点访问结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnHotProviderResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnHotProviderResult.java
index f63a03db..a21a19ad 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnHotProviderResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnHotProviderResult.java
@@ -17,11 +17,12 @@
  */
 package cn.topiam.employee.console.pojo.result.analysis;
 
-import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 热点认证方式结果
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnQuantityResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnQuantityResult.java
index ad596eaa..191a4c0b 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnQuantityResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnQuantityResult.java
@@ -17,11 +17,12 @@
  */
 package cn.topiam.employee.console.pojo.result.analysis;
 
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serializable;
+
 import lombok.AllArgsConstructor;
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 认证量统计结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnZoneResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnZoneResult.java
index 86ce2e78..13cbe992 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnZoneResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnZoneResult.java
@@ -17,11 +17,12 @@
  */
 package cn.topiam.employee.console.pojo.result.analysis;
 
-import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 登录区域结果
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/OverviewResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/OverviewResult.java
index e5452377..428172c0 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/OverviewResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/OverviewResult.java
@@ -17,10 +17,11 @@
  */
 package cn.topiam.employee.console.pojo.result.analysis;
 
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serializable;
+
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 概述总计结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppAccessPolicyResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppAccessPolicyResult.java
index c12389a1..a5d06ce8 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppAccessPolicyResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppAccessPolicyResult.java
@@ -17,11 +17,13 @@
  */
 package cn.topiam.employee.console.pojo.result.app;
 
+import java.time.LocalDateTime;
+
 import cn.topiam.employee.common.enums.PolicySubjectType;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.time.LocalDateTime;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 应用访问授权策略结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppAccountListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppAccountListResult.java
index 94eecb71..7742cd2e 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppAccountListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppAccountListResult.java
@@ -17,10 +17,11 @@
  */
 package cn.topiam.employee.console.pojo.result.app;
 
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.time.LocalDateTime;
+
 import lombok.Data;
 
-import java.time.LocalDateTime;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * AppAccountCreateParam 应用账户查询结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppCertListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppCertListResult.java
index d2cf3414..00080a03 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppCertListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppCertListResult.java
@@ -18,11 +18,13 @@
 package cn.topiam.employee.console.pojo.result.app;
 
 import cn.topiam.employee.common.enums.app.AppCertUsingType;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.AllArgsConstructor;
 import lombok.Data;
 
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 获取应用证书列表结果
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppCreateResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppCreateResult.java
index d9f3ed0b..6aa6d725 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppCreateResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppCreateResult.java
@@ -17,12 +17,13 @@
  */
 package cn.topiam.employee.console.pojo.result.app;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serializable;
+
 import lombok.AllArgsConstructor;
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 应用创建返回结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppGetResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppGetResult.java
index ea0e8183..2b81c5a6 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppGetResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppGetResult.java
@@ -17,14 +17,16 @@
  */
 package cn.topiam.employee.console.pojo.result.app;
 
+import java.io.Serializable;
+import java.time.LocalDateTime;
+
 import cn.topiam.employee.common.enums.app.AppProtocol;
 import cn.topiam.employee.common.enums.app.AppType;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serializable;
-import java.time.LocalDateTime;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 获取应用返回
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppListResult.java
index 2ff4cf33..c779299f 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppListResult.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.result.app;
 
+import java.io.Serializable;
+
 import cn.topiam.employee.common.enums.app.AppProtocol;
 import cn.topiam.employee.common.enums.app.AppType;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 应用列表返回
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionActionListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionActionListResult.java
index 2334d404..c6264ab3 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionActionListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionActionListResult.java
@@ -17,15 +17,16 @@
  */
 package cn.topiam.employee.console.pojo.result.app;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-import lombok.experimental.Accessors;
-
 import java.io.Serial;
 import java.io.Serializable;
 import java.util.List;
 
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 获取应用资源权限列表
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyGetResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyGetResult.java
index e9bc662c..0a906557 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyGetResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyGetResult.java
@@ -17,14 +17,16 @@
  */
 package cn.topiam.employee.console.pojo.result.app;
 
+import java.io.Serializable;
+
 import cn.topiam.employee.common.enums.PolicyEffect;
 import cn.topiam.employee.common.enums.PolicyObjectType;
 import cn.topiam.employee.common.enums.PolicySubjectType;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 获取资源
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyListResult.java
index 2add59cb..4c51fd9f 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyListResult.java
@@ -20,9 +20,11 @@ package cn.topiam.employee.console.pojo.result.app;
 import cn.topiam.employee.common.enums.PolicyEffect;
 import cn.topiam.employee.common.enums.PolicyObjectType;
 import cn.topiam.employee.common.enums.PolicySubjectType;
+
+import lombok.Data;
+
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
 
 /**
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceGetResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceGetResult.java
index b9292f07..36e0a7ae 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceGetResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceGetResult.java
@@ -17,15 +17,17 @@
  */
 package cn.topiam.employee.console.pojo.result.app;
 
-import cn.topiam.employee.common.enums.PermissionActionType;
-import io.swagger.v3.oas.annotations.Hidden;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
 import java.io.Serial;
 import java.io.Serializable;
 import java.util.List;
 
+import cn.topiam.employee.common.enums.PermissionActionType;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Hidden;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 获取资源
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceListResult.java
index ea704be8..444b737c 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceListResult.java
@@ -17,13 +17,14 @@
  */
 package cn.topiam.employee.console.pojo.result.app;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serial;
+import java.io.Serializable;
+
 import lombok.Data;
 import lombok.experimental.Accessors;
 
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 资源分页查询结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleListResult.java
index 512d1b9f..64fe1136 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleListResult.java
@@ -17,13 +17,14 @@
  */
 package cn.topiam.employee.console.pojo.result.app;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serial;
+import java.io.Serializable;
+
 import lombok.Data;
 import lombok.experimental.Accessors;
 
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 角色分页查询结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleResult.java
index 34ee6fd6..48868e80 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleResult.java
@@ -17,11 +17,12 @@
  */
 package cn.topiam.employee.console.pojo.result.app;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serializable;
+
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 获取角色
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppTemplateResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppTemplateResult.java
index a34e2f38..4492969f 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppTemplateResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppTemplateResult.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.result.app;
 
+import java.io.Serializable;
+
 import cn.topiam.employee.common.enums.app.AppProtocol;
 import cn.topiam.employee.common.enums.app.AppType;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 应用模板返回
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/ParseSaml2MetadataResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/ParseSaml2MetadataResult.java
index 5f1e342f..518caad3 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/ParseSaml2MetadataResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/ParseSaml2MetadataResult.java
@@ -17,11 +17,12 @@
  */
 package cn.topiam.employee.console.pojo.result.app;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serializable;
+
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 解析SAML2 元数据
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/UserIdpBindListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/UserIdpBindListResult.java
index a37de037..b94a562c 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/UserIdpBindListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/UserIdpBindListResult.java
@@ -17,10 +17,11 @@
  */
 package cn.topiam.employee.console.pojo.result.app;
 
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.time.LocalDateTime;
+
 import lombok.Data;
 
-import java.time.LocalDateTime;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 用户身份提供商绑定列表查询结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderCreateResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderCreateResult.java
index 7185c1fd..e7056bd3 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderCreateResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderCreateResult.java
@@ -17,12 +17,13 @@
  */
 package cn.topiam.employee.console.pojo.result.authentication;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serializable;
+
 import lombok.Builder;
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 身份源创建返回
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderListResult.java
index f82324b5..63f780a7 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderListResult.java
@@ -17,11 +17,12 @@
  */
 package cn.topiam.employee.console.pojo.result.authentication;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serializable;
+
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 社交认证源平台列表，带有元素字段，避免前端重复画页面，基本都是input
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderResult.java
index 42df8e1f..84670064 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderResult.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.result.authentication;
 
+import java.io.Serial;
+import java.io.Serializable;
+
 import cn.topiam.employee.authentication.common.config.IdentityProviderConfig;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 认证源详情
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceConfigGetResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceConfigGetResult.java
index 23c762f8..6869d90b 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceConfigGetResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceConfigGetResult.java
@@ -17,14 +17,16 @@
  */
 package cn.topiam.employee.console.pojo.result.identitysource;
 
+import java.io.Serial;
+import java.io.Serializable;
+
 import cn.topiam.employee.common.entity.identitysource.config.JobConfig;
 import cn.topiam.employee.common.entity.identitysource.config.StrategyConfig;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 获取身份源配置
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceEventRecordListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceEventRecordListResult.java
index 27a8bc7d..35dca40a 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceEventRecordListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceEventRecordListResult.java
@@ -17,17 +17,19 @@
  */
 package cn.topiam.employee.console.pojo.result.identitysource;
 
+import java.io.Serializable;
+import java.time.LocalDateTime;
+
+import com.fasterxml.jackson.annotation.JsonFormat;
+
 import cn.topiam.employee.common.enums.SyncStatus;
 import cn.topiam.employee.common.enums.identitysource.IdentitySourceActionType;
 import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType;
-import com.fasterxml.jackson.annotation.JsonFormat;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
 
-import java.io.Serializable;
-import java.time.LocalDateTime;
+import lombok.Data;
 
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceGetResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceGetResult.java
index 571ba21e..754af50d 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceGetResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceGetResult.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.result.identitysource;
 
+import java.io.Serial;
+import java.io.Serializable;
+
 import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 身份源源详情
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceListResult.java
index 97b3a803..0e8623b5 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceListResult.java
@@ -17,11 +17,12 @@
  */
 package cn.topiam.employee.console.pojo.result.identitysource;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serializable;
+
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 身份源列表
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceSyncHistoryListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceSyncHistoryListResult.java
index c3f43c0f..01026141 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceSyncHistoryListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceSyncHistoryListResult.java
@@ -17,16 +17,18 @@
  */
 package cn.topiam.employee.console.pojo.result.identitysource;
 
+import java.io.Serializable;
+import java.time.LocalDateTime;
+
+import com.fasterxml.jackson.annotation.JsonFormat;
+
 import cn.topiam.employee.common.enums.TriggerType;
 import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType;
-import com.fasterxml.jackson.annotation.JsonFormat;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
 
-import java.io.Serializable;
-import java.time.LocalDateTime;
+import lombok.Data;
 
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceSyncRecordListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceSyncRecordListResult.java
index 35a67095..7e052d60 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceSyncRecordListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceSyncRecordListResult.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.result.identitysource;
 
+import java.io.Serializable;
+
 import cn.topiam.employee.common.enums.identitysource.IdentitySourceActionType;
 import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 身份源同步详情列表
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/AdministratorListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/AdministratorListResult.java
index 8137cf02..339629c6 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/AdministratorListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/AdministratorListResult.java
@@ -17,16 +17,17 @@
  */
 package cn.topiam.employee.console.pojo.result.setting;
 
-import com.fasterxml.jackson.annotation.JsonFormat;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-import lombok.experimental.Accessors;
-
 import java.io.Serial;
 import java.io.Serializable;
 import java.time.LocalDateTime;
 
+import com.fasterxml.jackson.annotation.JsonFormat;
+
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/AdministratorResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/AdministratorResult.java
index 950002bf..dc85009b 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/AdministratorResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/AdministratorResult.java
@@ -17,14 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.result.setting;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
 import java.io.Serial;
 import java.io.Serializable;
 import java.time.LocalDateTime;
 
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 管理员详情
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailProviderConfigResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailProviderConfigResult.java
index 1e3315f2..fc354379 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailProviderConfigResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailProviderConfigResult.java
@@ -17,15 +17,17 @@
  */
 package cn.topiam.employee.console.pojo.result.setting;
 
+import java.io.Serial;
+import java.io.Serializable;
+
 import cn.topiam.employee.common.message.enums.MailProvider;
 import cn.topiam.employee.common.message.enums.MailSafetyType;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Builder;
 import lombok.Data;
 
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 邮件服务商配置查询结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailTemplateListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailTemplateListResult.java
index dd0bd58a..ef74ea3f 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailTemplateListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailTemplateListResult.java
@@ -17,13 +17,14 @@
  */
 package cn.topiam.employee.console.pojo.result.setting;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
 import java.io.Serial;
 import java.io.Serializable;
 
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 邮件模板类型返回值
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailTemplateResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailTemplateResult.java
index 0ef7a22d..1726cec1 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailTemplateResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailTemplateResult.java
@@ -17,13 +17,14 @@
  */
 package cn.topiam.employee.console.pojo.result.setting;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
 import java.io.Serial;
 import java.io.Serializable;
 
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 邮件模板配置结果
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/GeoIpProviderResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/GeoIpProviderResult.java
index c69829f6..d9ab6ecf 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/GeoIpProviderResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/GeoIpProviderResult.java
@@ -17,15 +17,18 @@
  */
 package cn.topiam.employee.console.pojo.result.setting;
 
+import java.io.Serial;
+import java.io.Serializable;
+
+import javax.validation.constraints.NotNull;
+
 import cn.topiam.employee.common.geo.GeoLocationProviderConfig;
 import cn.topiam.employee.common.geo.maxmind.enums.GeoLocationProvider;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Builder;
 import lombok.Data;
 
-import javax.validation.constraints.NotNull;
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 获取地理位置服务商配置信息
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/PasswordPolicyConfigResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/PasswordPolicyConfigResult.java
index 3d566442..04e07166 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/PasswordPolicyConfigResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/PasswordPolicyConfigResult.java
@@ -17,11 +17,13 @@
  */
 package cn.topiam.employee.console.pojo.result.setting;
 
+import java.io.Serializable;
+
 import cn.topiam.employee.core.security.password.enums.PasswordComplexityRule;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 设置密码策略配置结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityBasicConfigResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityBasicConfigResult.java
index 0db62bdb..2ed2dd03 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityBasicConfigResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityBasicConfigResult.java
@@ -17,11 +17,12 @@
  */
 package cn.topiam.employee.console.pojo.result.setting;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serializable;
+
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 安全高级配置结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityCaptchaConfigResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityCaptchaConfigResult.java
index b86d29f2..e4540a23 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityCaptchaConfigResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityCaptchaConfigResult.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.result.setting;
 
+import java.io.Serializable;
+
 import cn.topiam.employee.common.enums.CaptchaProviderType;
 import cn.topiam.employee.core.security.captcha.CaptchaProviderConfig;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 行为验证码配置结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityMfaConfigResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityMfaConfigResult.java
index 24c98434..a81e71a9 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityMfaConfigResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityMfaConfigResult.java
@@ -17,14 +17,16 @@
  */
 package cn.topiam.employee.console.pojo.result.setting;
 
+import java.io.Serializable;
+import java.util.List;
+
 import cn.topiam.employee.common.enums.MfaFactor;
 import cn.topiam.employee.common.enums.MfaMode;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serializable;
-import java.util.List;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 安全MFA配置结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SmsTemplateListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SmsTemplateListResult.java
index aacdd854..bd382c72 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SmsTemplateListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SmsTemplateListResult.java
@@ -17,14 +17,16 @@
  */
 package cn.topiam.employee.console.pojo.result.setting;
 
+import java.io.Serial;
+import java.io.Serializable;
+
 import cn.topiam.employee.common.enums.Language;
 import cn.topiam.employee.common.enums.MessageCategory;
 import cn.topiam.employee.common.enums.SmsType;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 短信配置结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/StorageProviderConfigResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/StorageProviderConfigResult.java
index d926c888..8b2cf1da 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/StorageProviderConfigResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/StorageProviderConfigResult.java
@@ -17,15 +17,17 @@
  */
 package cn.topiam.employee.console.pojo.result.setting;
 
+import java.io.Serial;
+import java.io.Serializable;
+
 import cn.topiam.employee.common.storage.StorageConfig;
 import cn.topiam.employee.common.storage.enums.StorageProvider;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Builder;
 import lombok.Data;
 
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 存储配置查询结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/WeakPasswordLibListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/WeakPasswordLibListResult.java
index 4b551523..7bd466f4 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/WeakPasswordLibListResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/WeakPasswordLibListResult.java
@@ -17,12 +17,13 @@
  */
 package cn.topiam.employee.console.pojo.result.setting;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serializable;
+
 import lombok.Data;
 import lombok.RequiredArgsConstructor;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 弱密码列表查询结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/OrganizationCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/OrganizationCreateParam.java
index 014ae0ae..e36d95f4 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/OrganizationCreateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/OrganizationCreateParam.java
@@ -17,15 +17,18 @@
  */
 package cn.topiam.employee.console.pojo.save.account;
 
-import cn.topiam.employee.common.enums.OrganizationType;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
+import java.io.Serial;
+import java.io.Serializable;
 
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
-import java.io.Serial;
-import java.io.Serializable;
+
+import cn.topiam.employee.common.enums.OrganizationType;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 创建组织架构入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/UserCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/UserCreateParam.java
index 35343b15..f13bbcd6 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/UserCreateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/UserCreateParam.java
@@ -17,19 +17,23 @@
  */
 package cn.topiam.employee.console.pojo.save.account;
 
-import cn.topiam.employee.common.enums.ListEnumDeserializer;
-import cn.topiam.employee.common.enums.MessageNoticeChannel;
-import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.Email;
-import javax.validation.constraints.NotBlank;
 import java.io.Serial;
 import java.io.Serializable;
 import java.time.LocalDate;
 import java.util.List;
 
+import javax.validation.constraints.Email;
+import javax.validation.constraints.NotBlank;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+
+import cn.topiam.employee.common.enums.ListEnumDeserializer;
+import cn.topiam.employee.common.enums.MessageNoticeChannel;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 用户创建请求入参
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/UserGroupCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/UserGroupCreateParam.java
index d2575e92..d0ebb545 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/UserGroupCreateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/UserGroupCreateParam.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.save.account;
 
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotBlank;
 import java.io.Serial;
 import java.io.Serializable;
 
+import javax.validation.constraints.NotBlank;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 用户创建请求入参
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppAccessPolicyCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppAccessPolicyCreateParam.java
index 0f8cdd66..9a36165f 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppAccessPolicyCreateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppAccessPolicyCreateParam.java
@@ -17,12 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.save.app;
 
+import java.util.List;
+
+import javax.validation.constraints.NotNull;
+
 import cn.topiam.employee.common.enums.PolicySubjectType;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import javax.validation.constraints.NotNull;
-import java.util.List;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 应用访问授权策略添加参数
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppAccountCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppAccountCreateParam.java
index 2a3d6c49..65977cd0 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppAccountCreateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppAccountCreateParam.java
@@ -17,12 +17,13 @@
  */
 package cn.topiam.employee.console.pojo.save.app;
 
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
 
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * AppAccountCreateParam 应用账户新增入参
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppCreateParam.java
index b1cc5904..2af065ad 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppCreateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppCreateParam.java
@@ -17,12 +17,14 @@
  */
 package cn.topiam.employee.console.pojo.save.app;
 
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
+import java.io.Serializable;
 
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
-import java.io.Serializable;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 应用保存入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionPolicyCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionPolicyCreateParam.java
index 34fb2fde..6af28719 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionPolicyCreateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionPolicyCreateParam.java
@@ -17,15 +17,18 @@
  */
 package cn.topiam.employee.console.pojo.save.app;
 
+import java.io.Serializable;
+
+import javax.validation.constraints.NotNull;
+
 import cn.topiam.employee.common.enums.PolicyEffect;
 import cn.topiam.employee.common.enums.PolicyObjectType;
 import cn.topiam.employee.common.enums.PolicySubjectType;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import javax.validation.constraints.NotNull;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 创建策略入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionResourceCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionResourceCreateParam.java
index a8d882b7..205f671c 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionResourceCreateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionResourceCreateParam.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.save.app;
 
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
+import java.io.Serializable;
+import java.util.List;
 
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
-import java.io.Serializable;
-import java.util.List;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 资源创建参数
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionRoleCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionRoleCreateParam.java
index ead34107..6a0ab79c 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionRoleCreateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionRoleCreateParam.java
@@ -17,12 +17,14 @@
  */
 package cn.topiam.employee.console.pojo.save.app;
 
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
+import java.io.Serializable;
 
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
-import java.io.Serializable;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 角色创建参数
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionsActionParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionsActionParam.java
index 0f58cb49..d1ed3d8d 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionsActionParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionsActionParam.java
@@ -17,14 +17,16 @@
  */
 package cn.topiam.employee.console.pojo.save.app;
 
-import cn.topiam.employee.common.enums.PermissionActionType;
-import lombok.Data;
+import java.io.Serial;
+import java.io.Serializable;
 
 import javax.validation.Valid;
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
-import java.io.Serial;
-import java.io.Serializable;
+
+import cn.topiam.employee.common.enums.PermissionActionType;
+
+import lombok.Data;
 
 /**
  * AppPermissionsActionParam
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppSaveConfigParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppSaveConfigParam.java
index 0e96ecff..a48c8114 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppSaveConfigParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppSaveConfigParam.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.save.app;
 
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotNull;
 import java.io.Serializable;
 import java.util.Map;
 
+import javax.validation.constraints.NotNull;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 更新应用配置入参
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/authentication/IdentityProviderCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/authentication/IdentityProviderCreateParam.java
index 4064af99..f3fb5563 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/authentication/IdentityProviderCreateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/authentication/IdentityProviderCreateParam.java
@@ -17,14 +17,17 @@
  */
 package cn.topiam.employee.console.pojo.save.authentication;
 
-import com.alibaba.fastjson2.JSONObject;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
+import java.io.Serial;
+import java.io.Serializable;
 
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
-import java.io.Serial;
-import java.io.Serializable;
+
+import com.alibaba.fastjson2.JSONObject;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 源创建参数入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/authentication/InitializeAdminSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/authentication/InitializeAdminSaveParam.java
index f2cfbfae..0604fed8 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/authentication/InitializeAdminSaveParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/authentication/InitializeAdminSaveParam.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.save.authentication;
 
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
+import java.io.Serial;
+import java.io.Serializable;
 
 import javax.validation.constraints.Email;
 import javax.validation.constraints.NotBlank;
-import java.io.Serial;
-import java.io.Serializable;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 初始化管理员入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceConfigSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceConfigSaveParam.java
index 8a988c96..b4865786 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceConfigSaveParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceConfigSaveParam.java
@@ -17,18 +17,22 @@
  */
 package cn.topiam.employee.console.pojo.save.identitysource;
 
-import cn.topiam.employee.common.entity.identitysource.config.JobConfig;
-import cn.topiam.employee.common.entity.identitysource.config.StrategyConfig;
-import com.alibaba.fastjson2.JSONObject;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
+import java.io.Serial;
+import java.io.Serializable;
 
 import javax.validation.Valid;
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
-import java.io.Serial;
-import java.io.Serializable;
+
+import com.alibaba.fastjson2.JSONObject;
+
+import cn.topiam.employee.common.entity.identitysource.config.JobConfig;
+import cn.topiam.employee.common.entity.identitysource.config.StrategyConfig;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 身份源保存配置入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceCreateParam.java
index 369f0c77..2e6650f5 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceCreateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceCreateParam.java
@@ -17,15 +17,18 @@
  */
 package cn.topiam.employee.console.pojo.save.identitysource;
 
-import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
+import java.io.Serial;
+import java.io.Serializable;
 
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
-import java.io.Serial;
-import java.io.Serializable;
+
+import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 身份源保存入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceCreateResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceCreateResult.java
index 55da553d..54e72046 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceCreateResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceCreateResult.java
@@ -17,12 +17,13 @@
  */
 package cn.topiam.employee.console.pojo.save.identitysource;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serializable;
+
 import lombok.AllArgsConstructor;
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 身份源创建返回结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/AdministratorCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/AdministratorCreateParam.java
index 0d945584..fc1ea449 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/AdministratorCreateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/AdministratorCreateParam.java
@@ -17,10 +17,11 @@
  */
 package cn.topiam.employee.console.pojo.save.setting;
 
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serializable;
+
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 权限创建参数
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/EmailCustomTemplateSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/EmailCustomTemplateSaveParam.java
index 6ecb50e6..b09cca1c 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/EmailCustomTemplateSaveParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/EmailCustomTemplateSaveParam.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.save.setting;
 
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotBlank;
 import java.io.Serial;
 import java.io.Serializable;
 
+import javax.validation.constraints.NotBlank;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 邮件模板配置更新参数
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/GeoIpProviderSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/GeoIpProviderSaveParam.java
index 90a2e7ad..8a405701 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/GeoIpProviderSaveParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/GeoIpProviderSaveParam.java
@@ -17,14 +17,18 @@
  */
 package cn.topiam.employee.console.pojo.save.setting;
 
-import cn.topiam.employee.common.geo.maxmind.enums.GeoLocationProvider;
+import java.io.Serial;
+import java.io.Serializable;
+
+import javax.validation.constraints.NotNull;
+
 import com.alibaba.fastjson2.JSONObject;
-import io.swagger.v3.oas.annotations.media.Schema;
+
+import cn.topiam.employee.common.geo.maxmind.enums.GeoLocationProvider;
+
 import lombok.Data;
 
-import javax.validation.constraints.NotNull;
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 保存地理位置服务商配置入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/MailProviderSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/MailProviderSaveParam.java
index 0bd6933a..7f6ac829 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/MailProviderSaveParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/MailProviderSaveParam.java
@@ -17,14 +17,17 @@
  */
 package cn.topiam.employee.console.pojo.save.setting;
 
+import java.io.Serial;
+import java.io.Serializable;
+
+import javax.validation.constraints.NotNull;
+
 import cn.topiam.employee.common.message.enums.MailProvider;
 import cn.topiam.employee.common.message.enums.MailSafetyType;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import javax.validation.constraints.NotNull;
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 保存邮件服务商配置入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/PasswordPolicySaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/PasswordPolicySaveParam.java
index b6298ae9..8834d0ee 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/PasswordPolicySaveParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/PasswordPolicySaveParam.java
@@ -17,11 +17,13 @@
  */
 package cn.topiam.employee.console.pojo.save.setting;
 
+import java.io.Serializable;
+
 import cn.topiam.employee.core.security.password.enums.PasswordComplexityRule;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 设置密码策略保存参数
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityBasicSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityBasicSaveParam.java
index ea906e80..5926a960 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityBasicSaveParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityBasicSaveParam.java
@@ -17,11 +17,12 @@
  */
 package cn.topiam.employee.console.pojo.save.setting;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serializable;
+
 import lombok.Data;
 
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 安全高级保存参数
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityCaptchaSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityCaptchaSaveParam.java
index 9ec7925c..dc2fdd09 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityCaptchaSaveParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityCaptchaSaveParam.java
@@ -17,14 +17,18 @@
  */
 package cn.topiam.employee.console.pojo.save.setting;
 
-import cn.topiam.employee.common.enums.CaptchaProviderType;
+import java.io.Serializable;
+
+import javax.validation.constraints.NotNull;
+
 import com.alibaba.fastjson2.JSONObject;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
+import cn.topiam.employee.common.enums.CaptchaProviderType;
+
 import lombok.Data;
 
-import javax.validation.constraints.NotNull;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 行为验证码保存入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityMfaSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityMfaSaveParam.java
index ff1fc51b..27ee74cb 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityMfaSaveParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityMfaSaveParam.java
@@ -17,15 +17,18 @@
  */
 package cn.topiam.employee.console.pojo.save.setting;
 
+import java.io.Serializable;
+import java.util.List;
+
+import javax.validation.constraints.NotNull;
+
 import cn.topiam.employee.common.enums.MfaFactor;
 import cn.topiam.employee.common.enums.MfaMode;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import javax.validation.constraints.NotNull;
-import java.io.Serializable;
-import java.util.List;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 安全MFA配置保存入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SmsProviderSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SmsProviderSaveParam.java
index 4c890ccb..32e499f0 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SmsProviderSaveParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SmsProviderSaveParam.java
@@ -17,17 +17,21 @@
  */
 package cn.topiam.employee.console.pojo.save.setting;
 
+import java.io.Serial;
+import java.io.Serializable;
+import java.util.List;
+
+import javax.validation.constraints.NotNull;
+
+import com.alibaba.fastjson2.JSONObject;
+
 import cn.topiam.employee.common.entity.setting.config.SmsConfig;
 import cn.topiam.employee.common.enums.Language;
 import cn.topiam.employee.common.message.enums.SmsProvider;
-import com.alibaba.fastjson2.JSONObject;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import javax.validation.constraints.NotNull;
-import java.io.Serial;
-import java.io.Serializable;
-import java.util.List;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 保存短信服务商创建请求入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/StorageConfigSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/StorageConfigSaveParam.java
index e212a789..afdec428 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/StorageConfigSaveParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/StorageConfigSaveParam.java
@@ -17,14 +17,18 @@
  */
 package cn.topiam.employee.console.pojo.save.setting;
 
-import cn.topiam.employee.common.storage.enums.StorageProvider;
+import java.io.Serial;
+import java.io.Serializable;
+
+import javax.validation.constraints.NotNull;
+
 import com.alibaba.fastjson2.JSONObject;
-import io.swagger.v3.oas.annotations.media.Schema;
+
+import cn.topiam.employee.common.storage.enums.StorageProvider;
+
 import lombok.Data;
 
-import javax.validation.constraints.NotNull;
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 保存存储配置入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/setting/SmsProviderConfigResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/setting/SmsProviderConfigResult.java
index 9a77d334..f9c66153 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/setting/SmsProviderConfigResult.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/setting/SmsProviderConfigResult.java
@@ -17,17 +17,19 @@
  */
 package cn.topiam.employee.console.pojo.setting;
 
+import java.io.Serial;
+import java.io.Serializable;
+import java.util.List;
+
 import cn.topiam.employee.common.entity.setting.config.SmsConfig;
 import cn.topiam.employee.common.message.enums.SmsProvider;
 import cn.topiam.employee.common.message.sms.SmsProviderConfig;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Builder;
 import lombok.Data;
 
-import java.io.Serial;
-import java.io.Serializable;
-import java.util.List;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 短信服务商配置查询结果
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/OrganizationUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/OrganizationUpdateParam.java
index ae16ee3c..2b914e61 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/OrganizationUpdateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/OrganizationUpdateParam.java
@@ -17,14 +17,17 @@
  */
 package cn.topiam.employee.console.pojo.update.account;
 
-import cn.topiam.employee.common.enums.OrganizationType;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
+import java.io.Serial;
+import java.io.Serializable;
 
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
-import java.io.Serial;
-import java.io.Serializable;
+
+import cn.topiam.employee.common.enums.OrganizationType;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 编辑组织架构入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/ResetPasswordParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/ResetPasswordParam.java
index b8c36cf0..a1bdaf59 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/ResetPasswordParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/ResetPasswordParam.java
@@ -17,16 +17,20 @@
  */
 package cn.topiam.employee.console.pojo.update.account;
 
+import java.io.Serial;
+import java.io.Serializable;
+import java.util.List;
+
+import javax.validation.constraints.NotBlank;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+
 import cn.topiam.employee.common.enums.ListEnumDeserializer;
 import cn.topiam.employee.common.enums.MessageNoticeChannel;
-import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import javax.validation.constraints.NotBlank;
-import java.io.Serial;
-import java.io.Serializable;
-import java.util.List;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 重置密码入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/UserGroupUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/UserGroupUpdateParam.java
index 0813be15..596d186c 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/UserGroupUpdateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/UserGroupUpdateParam.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.update.account;
 
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotBlank;
 import java.io.Serial;
 import java.io.Serializable;
 
+import javax.validation.constraints.NotBlank;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 编辑用户入参
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/UserUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/UserUpdateParam.java
index d1eccf92..711765f2 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/UserUpdateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/UserUpdateParam.java
@@ -17,15 +17,18 @@
  */
 package cn.topiam.employee.console.pojo.update.account;
 
-import cn.topiam.employee.common.enums.UserStatus;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotBlank;
 import java.io.Serial;
 import java.io.Serializable;
 import java.time.LocalDate;
 
+import javax.validation.constraints.NotBlank;
+
+import cn.topiam.employee.common.enums.UserStatus;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 编辑用户入参
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionPolicyUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionPolicyUpdateParam.java
index 5d36b6d1..849c57a9 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionPolicyUpdateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionPolicyUpdateParam.java
@@ -17,15 +17,18 @@
  */
 package cn.topiam.employee.console.pojo.update.app;
 
+import java.io.Serializable;
+
+import javax.validation.constraints.NotNull;
+
 import cn.topiam.employee.common.enums.PolicyEffect;
 import cn.topiam.employee.common.enums.PolicyObjectType;
 import cn.topiam.employee.common.enums.PolicySubjectType;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import javax.validation.constraints.NotNull;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 修改策略入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionResourceUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionResourceUpdateParam.java
index db8b3f3a..ccba0893 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionResourceUpdateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionResourceUpdateParam.java
@@ -17,16 +17,18 @@
  */
 package cn.topiam.employee.console.pojo.update.app;
 
-import cn.topiam.employee.console.pojo.save.app.AppPermissionsActionParam;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotBlank;
-import javax.validation.constraints.NotNull;
 import java.io.Serial;
 import java.io.Serializable;
 import java.util.List;
 
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotNull;
+
+import cn.topiam.employee.console.pojo.save.app.AppPermissionsActionParam;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
 import static io.swagger.v3.oas.annotations.media.Schema.AccessMode.READ_ONLY;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppSaveConfigParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppSaveConfigParam.java
index 01f3691b..5fff2680 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppSaveConfigParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppSaveConfigParam.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.console.pojo.update.app;
 
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotNull;
 import java.io.Serializable;
 import java.util.Map;
 
+import javax.validation.constraints.NotNull;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 更新应用配置入参
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppUpdateParam.java
index a42cbb89..e42dbd73 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppUpdateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppUpdateParam.java
@@ -17,11 +17,13 @@
  */
 package cn.topiam.employee.console.pojo.update.app;
 
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
+import java.io.Serializable;
 
 import javax.validation.constraints.NotNull;
-import java.io.Serializable;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 应用修改入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/PermissionRoleUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/PermissionRoleUpdateParam.java
index 9cd3c4c3..8ec61065 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/PermissionRoleUpdateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/PermissionRoleUpdateParam.java
@@ -17,13 +17,14 @@
  */
 package cn.topiam.employee.console.pojo.update.app;
 
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotBlank;
 import java.io.Serial;
 import java.io.Serializable;
 
+import javax.validation.constraints.NotBlank;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
 import static io.swagger.v3.oas.annotations.media.Schema.AccessMode.READ_ONLY;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/authentication/IdpUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/authentication/IdpUpdateParam.java
index aa08084b..e1557902 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/authentication/IdpUpdateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/authentication/IdpUpdateParam.java
@@ -17,14 +17,17 @@
  */
 package cn.topiam.employee.console.pojo.update.authentication;
 
-import com.alibaba.fastjson2.JSONObject;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
+import java.io.Serial;
+import java.io.Serializable;
 
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
-import java.io.Serial;
-import java.io.Serializable;
+
+import com.alibaba.fastjson2.JSONObject;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 认证源修改参数入参
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/identity/IdentitySourceUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/identity/IdentitySourceUpdateParam.java
index f3ded15c..017d1374 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/identity/IdentitySourceUpdateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/identity/IdentitySourceUpdateParam.java
@@ -17,14 +17,16 @@
  */
 package cn.topiam.employee.console.pojo.update.identity;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotEmpty;
 import java.io.Serial;
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 身份源修改参数入参
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/setting/AdministratorUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/setting/AdministratorUpdateParam.java
index ae716ec4..7e7e93d2 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/setting/AdministratorUpdateParam.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/setting/AdministratorUpdateParam.java
@@ -17,13 +17,14 @@
  */
 package cn.topiam.employee.console.pojo.update.setting;
 
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotBlank;
 import java.io.Serial;
 import java.io.Serializable;
 
+import javax.validation.constraints.NotBlank;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
 import static io.swagger.v3.oas.annotations.media.Schema.AccessMode.READ_ONLY;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAccessDeniedHandler.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAccessDeniedHandler.java
index 2f7098ac..43761efd 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAccessDeniedHandler.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAccessDeniedHandler.java
@@ -17,17 +17,20 @@
  */
 package cn.topiam.employee.console.security.handler;
 
-import cn.topiam.employee.core.security.util.SecurityUtils;
-import lombok.AllArgsConstructor;
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.access.AccessDeniedHandler;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
+import cn.topiam.employee.core.security.util.SecurityUtils;
+
+import lombok.AllArgsConstructor;
 
 /**
  * 访问拒绝处理程序
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationEntryPoint.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationEntryPoint.java
index 79dd46a2..abdf021d 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationEntryPoint.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationEntryPoint.java
@@ -17,17 +17,17 @@
  */
 package cn.topiam.employee.console.security.handler;
 
-import cn.topiam.employee.support.result.ApiRestResult;
-import cn.topiam.employee.support.util.HttpResponseUtils;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
+import cn.topiam.employee.support.result.ApiRestResult;
+import cn.topiam.employee.support.util.HttpResponseUtils;
 import static org.springframework.http.HttpStatus.UNAUTHORIZED;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationFailureHandler.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationFailureHandler.java
index db8211e0..29b7d0c4 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationFailureHandler.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationFailureHandler.java
@@ -17,18 +17,18 @@
  */
 package cn.topiam.employee.console.security.handler;
 
-import cn.topiam.employee.common.enums.SecretType;
-import cn.topiam.employee.support.exception.enums.ExceptionStatus;
-import cn.topiam.employee.support.result.ApiRestResult;
-import cn.topiam.employee.support.util.HttpResponseUtils;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
+import cn.topiam.employee.common.enums.SecretType;
+import cn.topiam.employee.support.exception.enums.ExceptionStatus;
+import cn.topiam.employee.support.result.ApiRestResult;
+import cn.topiam.employee.support.util.HttpResponseUtils;
 import static cn.topiam.employee.support.constant.EiamConstants.CAPTCHA_CODE_SESSION;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationSuccessHandler.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationSuccessHandler.java
index 8ba75011..1557aef8 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationSuccessHandler.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationSuccessHandler.java
@@ -17,18 +17,18 @@
  */
 package cn.topiam.employee.console.security.handler;
 
-import cn.topiam.employee.common.enums.SecretType;
-import cn.topiam.employee.support.result.ApiRestResult;
-import cn.topiam.employee.support.util.HttpResponseUtils;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
+import cn.topiam.employee.common.enums.SecretType;
+import cn.topiam.employee.support.result.ApiRestResult;
+import cn.topiam.employee.support.util.HttpResponseUtils;
 import static cn.topiam.employee.support.constant.EiamConstants.CAPTCHA_CODE_SESSION;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleLogoutSuccessHandler.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleLogoutSuccessHandler.java
index 0efd0c52..88fa28ff 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleLogoutSuccessHandler.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleLogoutSuccessHandler.java
@@ -17,20 +17,21 @@
  */
 package cn.topiam.employee.console.security.handler;
 
-import cn.topiam.employee.core.context.ServerContextHelp;
-import cn.topiam.employee.support.result.ApiRestResult;
-import cn.topiam.employee.support.util.HttpResponseUtils;
-import cn.topiam.employee.support.util.HttpUrlUtils;
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
+import cn.topiam.employee.core.context.ServerContextHelp;
+import cn.topiam.employee.support.result.ApiRestResult;
+import cn.topiam.employee.support.util.HttpResponseUtils;
+import cn.topiam.employee.support.util.HttpUrlUtils;
 import static cn.topiam.employee.common.constants.AuthorizeConstants.FE_LOGIN;
 import static cn.topiam.employee.support.context.ServletContextHelp.acceptIncludeTextHtml;
 import static cn.topiam.employee.support.result.ApiRestResult.SUCCESS;
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleAuthenticationFailureEventListener.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleAuthenticationFailureEventListener.java
index e88f9dfb..06d3c14c 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleAuthenticationFailureEventListener.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleAuthenticationFailureEventListener.java
@@ -17,6 +17,15 @@
  */
 package cn.topiam.employee.console.security.listener;
 
+import java.util.Optional;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationListener;
+import org.springframework.lang.NonNull;
+import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
+
 import cn.topiam.employee.audit.entity.Actor;
 import cn.topiam.employee.audit.enums.EventStatus;
 import cn.topiam.employee.audit.enums.EventType;
@@ -26,15 +35,6 @@ import cn.topiam.employee.common.enums.UserType;
 import cn.topiam.employee.common.repository.setting.AdministratorRepository;
 import cn.topiam.employee.core.security.userdetails.UserDetails;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.context.ApplicationListener;
-import org.springframework.lang.NonNull;
-import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
-
-import java.util.Optional;
-
 import static cn.topiam.employee.core.security.util.SecurityUtils.getFailureMessage;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleAuthenticationSuccessEventListener.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleAuthenticationSuccessEventListener.java
index 6fa0b3b0..1852141e 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleAuthenticationSuccessEventListener.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleAuthenticationSuccessEventListener.java
@@ -17,6 +17,16 @@
  */
 package cn.topiam.employee.console.security.listener;
 
+import java.time.LocalDateTime;
+import java.util.List;
+
+import org.springframework.context.ApplicationListener;
+import org.springframework.lang.NonNull;
+import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
+import org.springframework.security.core.Authentication;
+
+import com.google.common.collect.Lists;
+
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.EventStatus;
 import cn.topiam.employee.audit.enums.TargetType;
@@ -28,16 +38,8 @@ import cn.topiam.employee.core.security.userdetails.UserDetails;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
 import cn.topiam.employee.support.context.ServletContextHelp;
 import cn.topiam.employee.support.util.IpUtils;
-import com.google.common.collect.Lists;
-import lombok.AllArgsConstructor;
-import org.springframework.context.ApplicationListener;
-import org.springframework.lang.NonNull;
-import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
-import org.springframework.security.core.Authentication;
-
-import java.time.LocalDateTime;
-import java.util.List;
 
+import lombok.AllArgsConstructor;
 import static cn.topiam.employee.audit.enums.EventType.LOGIN_CONSOLE;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleLogoutSuccessEventListener.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleLogoutSuccessEventListener.java
index 3fbf6e4a..b55f372e 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleLogoutSuccessEventListener.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleLogoutSuccessEventListener.java
@@ -17,18 +17,19 @@
  */
 package cn.topiam.employee.console.security.listener;
 
-import cn.topiam.employee.audit.entity.Target;
-import cn.topiam.employee.audit.enums.EventStatus;
-import cn.topiam.employee.audit.enums.TargetType;
-import cn.topiam.employee.audit.event.AuditEventPublish;
-import cn.topiam.employee.support.context.ApplicationContextHelp;
-import com.google.common.collect.Lists;
+import java.util.List;
+
 import org.springframework.context.ApplicationListener;
 import org.springframework.lang.NonNull;
 import org.springframework.security.authentication.event.LogoutSuccessEvent;
 
-import java.util.List;
+import com.google.common.collect.Lists;
 
+import cn.topiam.employee.audit.entity.Target;
+import cn.topiam.employee.audit.enums.EventStatus;
+import cn.topiam.employee.audit.enums.TargetType;
+import cn.topiam.employee.audit.event.AuditEventPublish;
+import cn.topiam.employee.support.context.ApplicationContextHelp;
 import static cn.topiam.employee.audit.enums.EventType.LOGOUT_CONSOLE;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleSessionInformationExpiredStrategy.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleSessionInformationExpiredStrategy.java
index 526b956f..44dfa115 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleSessionInformationExpiredStrategy.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleSessionInformationExpiredStrategy.java
@@ -17,15 +17,16 @@
  */
 package cn.topiam.employee.console.security.listener;
 
-import cn.topiam.employee.support.result.ApiRestResult;
-import cn.topiam.employee.support.util.HttpResponseUtils;
-import com.alibaba.fastjson2.JSONObject;
+import javax.servlet.http.HttpServletResponse;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.security.web.session.SessionInformationExpiredEvent;
 import org.springframework.security.web.session.SessionInformationExpiredStrategy;
 
-import javax.servlet.http.HttpServletResponse;
+import com.alibaba.fastjson2.JSONObject;
 
+import cn.topiam.employee.support.result.ApiRestResult;
+import cn.topiam.employee.support.util.HttpResponseUtils;
 import static cn.topiam.employee.support.exception.enums.ExceptionStatus.EX000203;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/OrganizationService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/OrganizationService.java
index 46921bd2..7036a205 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/OrganizationService.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/OrganizationService.java
@@ -17,6 +17,8 @@
  */
 package cn.topiam.employee.console.service.account;
 
+import java.util.List;
+
 import cn.topiam.employee.common.entity.account.OrganizationEntity;
 import cn.topiam.employee.common.enums.DataOrigin;
 import cn.topiam.employee.console.pojo.result.account.OrganizationChildResult;
@@ -26,8 +28,6 @@ import cn.topiam.employee.console.pojo.result.account.OrganizationTreeResult;
 import cn.topiam.employee.console.pojo.save.account.OrganizationCreateParam;
 import cn.topiam.employee.console.pojo.update.account.OrganizationUpdateParam;
 
-import java.util.List;
-
 /**
  * <p>
  * 组织架构 服务类
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/UserGroupService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/UserGroupService.java
index 9a675f56..13a2750c 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/UserGroupService.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/UserGroupService.java
@@ -17,6 +17,8 @@
  */
 package cn.topiam.employee.console.service.account;
 
+import java.util.List;
+
 import cn.topiam.employee.common.entity.account.UserGroupEntity;
 import cn.topiam.employee.common.entity.account.query.UserGroupMemberListQuery;
 import cn.topiam.employee.console.pojo.query.account.UserGroupListQuery;
@@ -27,8 +29,6 @@ import cn.topiam.employee.console.pojo.update.account.UserGroupUpdateParam;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 
-import java.util.List;
-
 /**
  * 用户组service
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/UserService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/UserService.java
index f545120d..7926b3af 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/UserService.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/UserService.java
@@ -17,6 +17,9 @@
  */
 package cn.topiam.employee.console.service.account;
 
+import java.io.Serializable;
+import java.util.List;
+
 import cn.topiam.employee.common.entity.account.UserEntity;
 import cn.topiam.employee.common.entity.account.query.UserListNotInGroupQuery;
 import cn.topiam.employee.common.entity.account.query.UserListQuery;
@@ -31,9 +34,6 @@ import cn.topiam.employee.console.pojo.update.account.UserUpdateParam;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 
-import java.io.Serializable;
-import java.util.List;
-
 /**
  * <p>
  * 用户表 服务类
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/OrganizationServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/OrganizationServiceImpl.java
index 1cb35641..152ef2fe 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/OrganizationServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/OrganizationServiceImpl.java
@@ -17,6 +17,21 @@
  */
 package cn.topiam.employee.console.service.account.impl;
 
+import java.util.*;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.CollectionUtils;
+
+import com.google.common.collect.Lists;
+import com.querydsl.core.types.ExpressionUtils;
+import com.querydsl.core.types.Predicate;
+import com.querydsl.core.types.dsl.BooleanExpression;
+import com.querydsl.core.types.dsl.Expressions;
+import com.querydsl.jpa.impl.JPAQuery;
+import com.querydsl.jpa.impl.JPAQueryFactory;
+
 import cn.topiam.employee.audit.context.AuditContext;
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.TargetType;
@@ -35,22 +50,9 @@ import cn.topiam.employee.console.pojo.save.account.OrganizationCreateParam;
 import cn.topiam.employee.console.pojo.update.account.OrganizationUpdateParam;
 import cn.topiam.employee.console.service.account.OrganizationService;
 import cn.topiam.employee.support.util.BeanUtils;
-import com.google.common.collect.Lists;
-import com.querydsl.core.types.ExpressionUtils;
-import com.querydsl.core.types.Predicate;
-import com.querydsl.core.types.dsl.BooleanExpression;
-import com.querydsl.core.types.dsl.Expressions;
-import com.querydsl.jpa.impl.JPAQuery;
-import com.querydsl.jpa.impl.JPAQueryFactory;
+
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-import org.springframework.util.CollectionUtils;
-
-import java.util.*;
-
 import static cn.topiam.employee.support.constant.EiamConstants.ROOT_NODE;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME;
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserAccountAssociateServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserAccountAssociateServiceImpl.java
index 32d6dff2..44a65a54 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserAccountAssociateServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserAccountAssociateServiceImpl.java
@@ -17,9 +17,11 @@
  */
 package cn.topiam.employee.console.service.account.impl;
 
+import org.springframework.stereotype.Service;
+
 import cn.topiam.employee.console.service.account.UserAccountAssociateService;
+
 import lombok.AllArgsConstructor;
-import org.springframework.stereotype.Service;
 
 /**
  * @author TopIAM
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserGroupServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserGroupServiceImpl.java
index 258e9726..a22fed17 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserGroupServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserGroupServiceImpl.java
@@ -17,6 +17,21 @@
  */
 package cn.topiam.employee.console.service.account.impl;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
+
+import org.springframework.data.domain.PageRequest;
+import org.springframework.data.querydsl.QPageRequest;
+import org.springframework.stereotype.Service;
+
+import com.google.common.collect.Lists;
+import com.querydsl.core.types.ExpressionUtils;
+import com.querydsl.core.types.Predicate;
+import com.querydsl.jpa.impl.JPAQuery;
+import com.querydsl.jpa.impl.JPAQueryFactory;
+
 import cn.topiam.employee.audit.context.AuditContext;
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.TargetType;
@@ -36,22 +51,9 @@ import cn.topiam.employee.support.exception.TopIamException;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.util.BeanUtils;
-import com.google.common.collect.Lists;
-import com.querydsl.core.types.ExpressionUtils;
-import com.querydsl.core.types.Predicate;
-import com.querydsl.jpa.impl.JPAQuery;
-import com.querydsl.jpa.impl.JPAQueryFactory;
+
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.data.domain.PageRequest;
-import org.springframework.data.querydsl.QPageRequest;
-import org.springframework.stereotype.Service;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Optional;
-
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME;
 
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserServiceImpl.java
index 29d1af73..8d44803b 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserServiceImpl.java
@@ -17,6 +17,29 @@
  */
 package cn.topiam.employee.console.service.account.impl;
 
+import java.io.Serializable;
+import java.nio.charset.StandardCharsets;
+import java.time.LocalDate;
+import java.time.LocalDateTime;
+import java.util.*;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.data.domain.PageRequest;
+import org.springframework.data.elasticsearch.core.ElasticsearchRestTemplate;
+import org.springframework.data.elasticsearch.core.SearchHits;
+import org.springframework.data.elasticsearch.core.mapping.IndexCoordinates;
+import org.springframework.data.elasticsearch.core.query.NativeSearchQuery;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.CollectionUtils;
+import org.springframework.util.ObjectUtils;
+
+import com.google.i18n.phonenumbers.NumberParseException;
+import com.google.i18n.phonenumbers.PhoneNumberUtil;
+import com.google.i18n.phonenumbers.Phonenumber;
+import com.querydsl.core.types.dsl.BooleanExpression;
+
 import cn.topiam.employee.audit.context.AuditContext;
 import cn.topiam.employee.audit.entity.AuditElasticSearchEntity;
 import cn.topiam.employee.audit.entity.Target;
@@ -46,30 +69,9 @@ import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.util.BeanUtils;
 import cn.topiam.employee.support.validation.annotation.ValidationPhone;
-import com.google.i18n.phonenumbers.NumberParseException;
-import com.google.i18n.phonenumbers.PhoneNumberUtil;
-import com.google.i18n.phonenumbers.Phonenumber;
-import com.querydsl.core.types.dsl.BooleanExpression;
+
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.data.domain.PageRequest;
-import org.springframework.data.elasticsearch.core.ElasticsearchRestTemplate;
-import org.springframework.data.elasticsearch.core.SearchHits;
-import org.springframework.data.elasticsearch.core.mapping.IndexCoordinates;
-import org.springframework.data.elasticsearch.core.query.NativeSearchQuery;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-import org.springframework.util.CollectionUtils;
-import org.springframework.util.ObjectUtils;
-
-import java.io.Serializable;
-import java.nio.charset.StandardCharsets;
-import java.time.LocalDate;
-import java.time.LocalDateTime;
-import java.util.*;
-
 import static cn.topiam.employee.audit.enums.TargetType.USER;
 import static cn.topiam.employee.audit.enums.TargetType.USER_DETAIL;
 import static cn.topiam.employee.common.constants.AuditConstants.getAuditIndexPrefix;
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserSocialBindServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserSocialBindServiceImpl.java
index 1d698300..c812fa26 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserSocialBindServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserSocialBindServiceImpl.java
@@ -17,9 +17,11 @@
  */
 package cn.topiam.employee.console.service.account.impl;
 
+import org.springframework.stereotype.Service;
+
 import cn.topiam.employee.console.service.account.UserSocialBindService;
+
 import lombok.AllArgsConstructor;
-import org.springframework.stereotype.Service;
 
 /**
  * @author TopIAM
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/userdetail/UserDetailsServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/userdetail/UserDetailsServiceImpl.java
index 914f3b06..dadfe055 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/userdetail/UserDetailsServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/userdetail/UserDetailsServiceImpl.java
@@ -17,13 +17,10 @@
  */
 package cn.topiam.employee.console.service.account.userdetail;
 
-import cn.topiam.employee.common.entity.setting.AdministratorEntity;
-import cn.topiam.employee.common.enums.UserStatus;
-import cn.topiam.employee.common.enums.UserType;
-import cn.topiam.employee.common.repository.setting.AdministratorRepository;
-import cn.topiam.employee.core.security.authorization.Roles;
-import cn.topiam.employee.core.security.userdetails.UserDetails;
-import cn.topiam.employee.core.security.userdetails.UserDetailsService;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Optional;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.AccountExpiredException;
@@ -32,9 +29,13 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Component;
 import org.springframework.util.ObjectUtils;
 
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Optional;
+import cn.topiam.employee.common.entity.setting.AdministratorEntity;
+import cn.topiam.employee.common.enums.UserStatus;
+import cn.topiam.employee.common.enums.UserType;
+import cn.topiam.employee.common.repository.setting.AdministratorRepository;
+import cn.topiam.employee.core.security.authorization.Roles;
+import cn.topiam.employee.core.security.userdetails.UserDetails;
+import cn.topiam.employee.core.security.userdetails.UserDetailsService;
 
 /**
  * FortressUserDetailsService
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/analysis/AnalysisService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/analysis/AnalysisService.java
index 7b0afbf3..443cc3b6 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/analysis/AnalysisService.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/analysis/AnalysisService.java
@@ -17,11 +17,11 @@
  */
 package cn.topiam.employee.console.service.analysis;
 
+import java.util.List;
+
 import cn.topiam.employee.console.pojo.query.analysis.AnalysisQuery;
 import cn.topiam.employee.console.pojo.result.analysis.*;
 
-import java.util.List;
-
 /**
  * 统计 service
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/analysis/impl/AnalysisServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/analysis/impl/AnalysisServiceImpl.java
index 02124f31..981b9969 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/analysis/impl/AnalysisServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/analysis/impl/AnalysisServiceImpl.java
@@ -17,20 +17,15 @@
  */
 package cn.topiam.employee.console.service.analysis.impl;
 
-import cn.topiam.employee.audit.entity.AuditElasticSearchEntity;
-import cn.topiam.employee.audit.enums.EventStatus;
-import cn.topiam.employee.audit.enums.EventType;
-import cn.topiam.employee.authentication.common.IdentityProviderType;
-import cn.topiam.employee.common.entity.app.AppEntity;
-import cn.topiam.employee.common.repository.account.UserRepository;
-import cn.topiam.employee.common.repository.app.AppRepository;
-import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
-import cn.topiam.employee.console.pojo.query.analysis.AnalysisQuery;
-import cn.topiam.employee.console.pojo.result.analysis.*;
-import cn.topiam.employee.console.service.analysis.AnalysisService;
-import cn.topiam.employee.core.configuration.EiamSupportProperties;
-import lombok.RequiredArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
+import java.time.LocalDate;
+import java.time.LocalDateTime;
+import java.time.LocalTime;
+import java.time.ZoneId;
+import java.time.format.DateTimeFormatter;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+
 import org.elasticsearch.index.query.BoolQueryBuilder;
 import org.elasticsearch.index.query.QueryBuilders;
 import org.elasticsearch.index.query.RangeQueryBuilder;
@@ -56,15 +51,21 @@ import org.springframework.stereotype.Service;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
-import java.time.LocalDate;
-import java.time.LocalDateTime;
-import java.time.LocalTime;
-import java.time.ZoneId;
-import java.time.format.DateTimeFormatter;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Objects;
+import cn.topiam.employee.audit.entity.AuditElasticSearchEntity;
+import cn.topiam.employee.audit.enums.EventStatus;
+import cn.topiam.employee.audit.enums.EventType;
+import cn.topiam.employee.authentication.common.IdentityProviderType;
+import cn.topiam.employee.common.entity.app.AppEntity;
+import cn.topiam.employee.common.repository.account.UserRepository;
+import cn.topiam.employee.common.repository.app.AppRepository;
+import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
+import cn.topiam.employee.console.pojo.query.analysis.AnalysisQuery;
+import cn.topiam.employee.console.pojo.result.analysis.*;
+import cn.topiam.employee.console.service.analysis.AnalysisService;
+import cn.topiam.employee.core.configuration.EiamSupportProperties;
 
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import static cn.topiam.employee.audit.entity.Actor.ACTOR_AUTH_TYPE;
 import static cn.topiam.employee.audit.entity.Event.*;
 import static cn.topiam.employee.audit.entity.GeoLocation.GEO_LOCATION_PROVINCE_CODE;
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppCertService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppCertService.java
index bbe8fbe8..d4c364ad 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppCertService.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppCertService.java
@@ -17,11 +17,11 @@
  */
 package cn.topiam.employee.console.service.app;
 
+import java.util.List;
+
 import cn.topiam.employee.console.pojo.query.app.AppCertQuery;
 import cn.topiam.employee.console.pojo.result.app.AppCertListResult;
 
-import java.util.List;
-
 /**
  * APP 证书
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionActionService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionActionService.java
index bcc2ac6f..f8fbea59 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionActionService.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionActionService.java
@@ -17,11 +17,11 @@
  */
 package cn.topiam.employee.console.service.app;
 
+import java.util.List;
+
 import cn.topiam.employee.console.pojo.query.app.AppPermissionActionListQuery;
 import cn.topiam.employee.console.pojo.result.app.AppPermissionActionListResult;
 
-import java.util.List;
-
 /**
  * <p>
  * 权限 服务类
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppSaml2Service.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppSaml2Service.java
index f095d36c..ee1cf29e 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppSaml2Service.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppSaml2Service.java
@@ -17,11 +17,11 @@
  */
 package cn.topiam.employee.console.service.app;
 
-import cn.topiam.employee.console.pojo.result.app.ParseSaml2MetadataResult;
-
 import java.io.IOException;
 import java.io.InputStream;
 
+import cn.topiam.employee.console.pojo.result.app.ParseSaml2MetadataResult;
+
 /**
  * 应用 Saml2 详情
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppService.java
index 1b020b78..aa53de0e 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppService.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppService.java
@@ -17,6 +17,8 @@
  */
 package cn.topiam.employee.console.service.app;
 
+import java.util.Map;
+
 import cn.topiam.employee.console.pojo.query.app.AppQuery;
 import cn.topiam.employee.console.pojo.result.app.AppCreateResult;
 import cn.topiam.employee.console.pojo.result.app.AppGetResult;
@@ -27,8 +29,6 @@ import cn.topiam.employee.console.pojo.update.app.AppUpdateParam;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 
-import java.util.Map;
-
 /**
  * <p>
  * 应用管理 服务类
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppTemplateService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppTemplateService.java
index c1c6414a..413fade9 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppTemplateService.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppTemplateService.java
@@ -17,12 +17,12 @@
  */
 package cn.topiam.employee.console.service.app;
 
-import cn.topiam.employee.common.enums.app.AppType;
-import cn.topiam.employee.console.pojo.result.app.AppTemplateResult;
-
 import java.util.List;
 import java.util.Map;
 
+import cn.topiam.employee.common.enums.app.AppType;
+import cn.topiam.employee.console.pojo.result.app.AppTemplateResult;
+
 /**
  * 应用模板服务
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/UserIdpBindService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/UserIdpBindService.java
index 7ee0a17d..a530b17f 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/UserIdpBindService.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/UserIdpBindService.java
@@ -17,10 +17,10 @@
  */
 package cn.topiam.employee.console.service.app;
 
-import cn.topiam.employee.console.pojo.result.app.UserIdpBindListResult;
-
 import java.util.List;
 
+import cn.topiam.employee.console.pojo.result.app.UserIdpBindListResult;
+
 /**
  * 用户身份提供商绑定
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppAccessPolicyServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppAccessPolicyServiceImpl.java
index 7a595fdf..428a5e2f 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppAccessPolicyServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppAccessPolicyServiceImpl.java
@@ -17,6 +17,13 @@
  */
 package cn.topiam.employee.console.service.app.impl;
 
+import java.util.List;
+import java.util.Optional;
+
+import org.springframework.data.querydsl.QPageRequest;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
 import cn.topiam.employee.audit.context.AuditContext;
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.TargetType;
@@ -32,15 +39,9 @@ import cn.topiam.employee.support.exception.TopIamException;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.util.BeanUtils;
+
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.data.querydsl.QPageRequest;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.util.List;
-import java.util.Optional;
-
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME;
 
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppAccountServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppAccountServiceImpl.java
index b741bb12..f046166f 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppAccountServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppAccountServiceImpl.java
@@ -17,6 +17,16 @@
  */
 package cn.topiam.employee.console.service.app.impl;
 
+import java.nio.charset.StandardCharsets;
+import java.util.Optional;
+
+import org.springframework.data.querydsl.QPageRequest;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.Base64Utils;
+
+import com.alibaba.excel.util.StringUtils;
+
 import cn.topiam.employee.audit.context.AuditContext;
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.TargetType;
@@ -33,16 +43,9 @@ import cn.topiam.employee.console.service.app.AppAccountService;
 import cn.topiam.employee.support.exception.TopIamException;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
-import com.alibaba.excel.util.StringUtils;
+
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.data.querydsl.QPageRequest;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-import org.springframework.util.Base64Utils;
-
-import java.nio.charset.StandardCharsets;
-import java.util.Optional;
 
 /**
  * 应用账户
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppCertServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppCertServiceImpl.java
index 0838db2a..77e71f7d 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppCertServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppCertServiceImpl.java
@@ -17,16 +17,18 @@
  */
 package cn.topiam.employee.console.service.app.impl;
 
+import java.util.List;
+
+import org.springframework.stereotype.Service;
+
 import cn.topiam.employee.common.entity.app.AppCertEntity;
 import cn.topiam.employee.common.repository.app.AppCertRepository;
 import cn.topiam.employee.console.converter.app.AppCertConverter;
 import cn.topiam.employee.console.pojo.query.app.AppCertQuery;
 import cn.topiam.employee.console.pojo.result.app.AppCertListResult;
 import cn.topiam.employee.console.service.app.AppCertService;
-import lombok.AllArgsConstructor;
-import org.springframework.stereotype.Service;
 
-import java.util.List;
+import lombok.AllArgsConstructor;
 
 /**
  * 应用证书
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionActionServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionActionServiceImpl.java
index 94fa42c4..2430bc4c 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionActionServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionActionServiceImpl.java
@@ -17,17 +17,20 @@
  */
 package cn.topiam.employee.console.service.app.impl;
 
+import java.util.List;
+
+import org.springframework.stereotype.Service;
+
+import com.querydsl.core.types.Predicate;
+
 import cn.topiam.employee.common.entity.app.AppPermissionResourceEntity;
 import cn.topiam.employee.common.repository.app.AppPermissionResourceRepository;
 import cn.topiam.employee.console.converter.app.AppPermissionActionConverter;
 import cn.topiam.employee.console.pojo.query.app.AppPermissionActionListQuery;
 import cn.topiam.employee.console.pojo.result.app.AppPermissionActionListResult;
 import cn.topiam.employee.console.service.app.AppPermissionActionService;
-import com.querydsl.core.types.Predicate;
-import lombok.RequiredArgsConstructor;
-import org.springframework.stereotype.Service;
 
-import java.util.List;
+import lombok.RequiredArgsConstructor;
 
 /**
  * <p>
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionPolicyServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionPolicyServiceImpl.java
index 5ea522a7..2a31d7cf 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionPolicyServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionPolicyServiceImpl.java
@@ -17,6 +17,10 @@
  */
 package cn.topiam.employee.console.service.app.impl;
 
+import org.springframework.data.querydsl.QPageRequest;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
 import cn.topiam.employee.common.entity.app.AppPermissionPolicyEntity;
 import cn.topiam.employee.common.entity.app.po.AppPermissionPolicyPO;
 import cn.topiam.employee.common.entity.app.query.AppPolicyQuery;
@@ -30,10 +34,8 @@ import cn.topiam.employee.console.pojo.update.app.AppPermissionPolicyUpdateParam
 import cn.topiam.employee.console.service.app.AppPermissionPolicyService;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
+
 import lombok.RequiredArgsConstructor;
-import org.springframework.data.querydsl.QPageRequest;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
 
 /**
  * <p>
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionResourceServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionResourceServiceImpl.java
index 79cce90d..86dcae57 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionResourceServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionResourceServiceImpl.java
@@ -17,6 +17,20 @@
  */
 package cn.topiam.employee.console.service.app.impl;
 
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.data.querydsl.QPageRequest;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.querydsl.core.types.Predicate;
+import com.querydsl.core.types.dsl.BooleanExpression;
+
 import cn.topiam.employee.audit.context.AuditContext;
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.TargetType;
@@ -40,20 +54,8 @@ import cn.topiam.employee.support.exception.BadParamsException;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.util.BeanUtils;
-import com.querydsl.core.types.Predicate;
-import com.querydsl.core.types.dsl.BooleanExpression;
-import lombok.RequiredArgsConstructor;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.data.querydsl.QPageRequest;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Objects;
-import java.util.Set;
-import java.util.stream.Collectors;
 
+import lombok.RequiredArgsConstructor;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME;
 
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionRoleServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionRoleServiceImpl.java
index 116825ab..dfe9a780 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionRoleServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionRoleServiceImpl.java
@@ -17,6 +17,19 @@
  */
 package cn.topiam.employee.console.service.app.impl;
 
+import java.util.Arrays;
+import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.data.querydsl.QPageRequest;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.querydsl.core.types.Predicate;
+import com.querydsl.core.types.dsl.BooleanExpression;
+
 import cn.topiam.employee.audit.context.AuditContext;
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.TargetType;
@@ -36,19 +49,8 @@ import cn.topiam.employee.console.service.app.AppPermissionRoleService;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.util.BeanUtils;
-import com.querydsl.core.types.Predicate;
-import com.querydsl.core.types.dsl.BooleanExpression;
-import lombok.RequiredArgsConstructor;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.data.querydsl.QPageRequest;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.util.Arrays;
-import java.util.List;
-import java.util.Objects;
-import java.util.Optional;
 
+import lombok.RequiredArgsConstructor;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME;
 
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppSaml2ServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppSaml2ServiceImpl.java
index 4c00072e..3a3a2bef 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppSaml2ServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppSaml2ServiceImpl.java
@@ -17,6 +17,27 @@
  */
 package cn.topiam.employee.console.service.app.impl;
 
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.opensaml.saml.saml2.metadata.*;
+import org.opensaml.xmlsec.signature.KeyInfo;
+import org.opensaml.xmlsec.signature.X509Data;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
 import cn.topiam.employee.application.ApplicationService;
 import cn.topiam.employee.application.ApplicationServiceLoader;
 import cn.topiam.employee.application.exception.AppNotExistException;
@@ -31,33 +52,15 @@ import cn.topiam.employee.console.service.app.AppSaml2Service;
 import cn.topiam.employee.protocol.saml2.idp.util.Saml2Utils;
 import cn.topiam.employee.support.context.ServletContextHelp;
 import cn.topiam.employee.support.util.CertUtils;
-import lombok.AllArgsConstructor;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.http.client.methods.CloseableHttpResponse;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
-import org.opensaml.saml.saml2.metadata.*;
-import org.opensaml.xmlsec.signature.KeyInfo;
-import org.opensaml.xmlsec.signature.X509Data;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
 
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.cert.X509Certificate;
-import java.util.List;
-import java.util.Objects;
-import java.util.Optional;
-
-import static cn.topiam.employee.common.util.SamlKeyStoreProvider.getEntityDescriptors;
-import static cn.topiam.employee.common.util.SamlUtils.transformSamlObject2String;
+import lombok.AllArgsConstructor;
 import static org.opensaml.saml.common.xml.SAMLConstants.SAML20P_NS;
 import static org.opensaml.security.credential.UsageType.SIGNING;
 import static org.springframework.http.HttpHeaders.CONTENT_DISPOSITION;
 
+import static cn.topiam.employee.common.util.SamlKeyStoreProvider.getEntityDescriptors;
+import static cn.topiam.employee.common.util.SamlUtils.transformSamlObject2String;
+
 /**
  * 应用SAML详情
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppServiceImpl.java
index 479a4ec5..4f377d96 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppServiceImpl.java
@@ -17,6 +17,17 @@
  */
 package cn.topiam.employee.console.service.app.impl;
 
+import java.time.LocalDateTime;
+import java.util.Map;
+import java.util.Optional;
+
+import org.springframework.data.querydsl.QPageRequest;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.querydsl.core.types.OrderSpecifier;
+import com.querydsl.core.types.Predicate;
+
 import cn.topiam.employee.application.ApplicationService;
 import cn.topiam.employee.application.ApplicationServiceLoader;
 import cn.topiam.employee.application.exception.AppNotExistException;
@@ -42,18 +53,9 @@ import cn.topiam.employee.support.exception.TopIamException;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.util.BeanUtils;
-import com.querydsl.core.types.OrderSpecifier;
-import com.querydsl.core.types.Predicate;
+
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.data.querydsl.QPageRequest;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.time.LocalDateTime;
-import java.util.Map;
-import java.util.Optional;
-
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME;
 
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppTemplateServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppTemplateServiceImpl.java
index 18a10ac6..41f113f3 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppTemplateServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppTemplateServiceImpl.java
@@ -17,17 +17,19 @@
  */
 package cn.topiam.employee.console.service.app.impl;
 
+import java.util.*;
+import java.util.stream.Collectors;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.stereotype.Service;
+
 import cn.topiam.employee.application.ApplicationService;
 import cn.topiam.employee.application.ApplicationServiceLoader;
 import cn.topiam.employee.common.enums.app.AppType;
 import cn.topiam.employee.console.pojo.result.app.AppTemplateResult;
 import cn.topiam.employee.console.service.app.AppTemplateService;
-import lombok.AllArgsConstructor;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.stereotype.Service;
 
-import java.util.*;
-import java.util.stream.Collectors;
+import lombok.AllArgsConstructor;
 
 /**
  * ApplicationTemplateServiceImpl
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/UserIdpBindServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/UserIdpBindServiceImpl.java
index b0fba1e0..2d7d09bc 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/UserIdpBindServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/UserIdpBindServiceImpl.java
@@ -17,6 +17,12 @@
  */
 package cn.topiam.employee.console.service.app.impl;
 
+import java.util.List;
+import java.util.Optional;
+
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Transactional;
+
 import cn.topiam.employee.audit.context.AuditContext;
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.TargetType;
@@ -27,13 +33,9 @@ import cn.topiam.employee.console.pojo.result.app.UserIdpBindListResult;
 import cn.topiam.employee.console.service.app.UserIdpBindService;
 import cn.topiam.employee.support.exception.TopIamException;
 import cn.topiam.employee.support.repository.page.domain.Page;
+
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.stereotype.Component;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.util.List;
-import java.util.Optional;
 
 /**
  * 用户身份提供商绑定
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/authentication/IdentityProviderService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/authentication/IdentityProviderService.java
index 37a8b8c0..ebdc5d1a 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/authentication/IdentityProviderService.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/authentication/IdentityProviderService.java
@@ -17,6 +17,8 @@
  */
 package cn.topiam.employee.console.service.authentication;
 
+import java.util.List;
+
 import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity;
 import cn.topiam.employee.console.pojo.query.authentication.IdentityProviderListQuery;
 import cn.topiam.employee.console.pojo.result.authentication.IdentityProviderCreateResult;
@@ -27,8 +29,6 @@ import cn.topiam.employee.console.pojo.update.authentication.IdpUpdateParam;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 
-import java.util.List;
-
 /**
  * <p>
  * 身份认证源配置 服务类
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/authentication/impl/IdentityProviderServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/authentication/impl/IdentityProviderServiceImpl.java
index c789bd13..7ebba99f 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/authentication/impl/IdentityProviderServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/authentication/impl/IdentityProviderServiceImpl.java
@@ -17,6 +17,12 @@
  */
 package cn.topiam.employee.console.service.authentication.impl;
 
+import java.util.List;
+import java.util.Optional;
+
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
 import cn.topiam.employee.audit.context.AuditContext;
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.TargetType;
@@ -36,14 +42,9 @@ import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.repository.page.domain.QueryDslRequest;
 import cn.topiam.employee.support.util.BeanUtils;
+
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.util.List;
-import java.util.Optional;
-
 import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.DEFAULT_SECURITY_FILTER_CHAIN;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/IdentitySourceService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/IdentitySourceService.java
index 4ff1b704..f2b51d12 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/IdentitySourceService.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/IdentitySourceService.java
@@ -17,6 +17,8 @@
  */
 package cn.topiam.employee.console.service.identitysource;
 
+import java.util.List;
+
 import cn.topiam.employee.common.entity.identitysource.IdentitySourceEntity;
 import cn.topiam.employee.console.pojo.other.IdentitySourceConfigValidatorParam;
 import cn.topiam.employee.console.pojo.query.identity.IdentitySourceListQuery;
@@ -28,8 +30,6 @@ import cn.topiam.employee.console.pojo.update.identity.IdentitySourceUpdateParam
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 
-import java.util.List;
-
 /**
  * <p>
  * 身份源配置 服务类
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceEventRecordServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceEventRecordServiceImpl.java
index 9f47527b..eaad562f 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceEventRecordServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceEventRecordServiceImpl.java
@@ -17,6 +17,14 @@
  */
 package cn.topiam.employee.console.service.identitysource.impl;
 
+import java.time.LocalDateTime;
+
+import org.springframework.data.querydsl.QPageRequest;
+import org.springframework.stereotype.Service;
+
+import com.querydsl.core.types.OrderSpecifier;
+import com.querydsl.core.types.Predicate;
+
 import cn.topiam.employee.common.entity.identitysource.IdentitySourceEventRecordEntity;
 import cn.topiam.employee.common.entity.identitysource.QIdentitySourceEventRecordEntity;
 import cn.topiam.employee.common.repository.identitysource.IdentitySourceEventRecordRepository;
@@ -26,13 +34,8 @@ import cn.topiam.employee.console.pojo.result.identitysource.IdentitySourceEvent
 import cn.topiam.employee.console.service.identitysource.IdentitySourceEventRecordService;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
-import com.querydsl.core.types.OrderSpecifier;
-import com.querydsl.core.types.Predicate;
-import lombok.AllArgsConstructor;
-import org.springframework.data.querydsl.QPageRequest;
-import org.springframework.stereotype.Service;
 
-import java.time.LocalDateTime;
+import lombok.AllArgsConstructor;
 
 /**
  * 身份源事件记录
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceServiceImpl.java
index d52b8bd7..5d75537f 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceServiceImpl.java
@@ -17,6 +17,15 @@
  */
 package cn.topiam.employee.console.service.identitysource.impl;
 
+import java.util.List;
+import java.util.Optional;
+
+import org.springframework.cache.annotation.CacheConfig;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.alibaba.fastjson2.JSONObject;
+
 import cn.topiam.employee.audit.context.AuditContext;
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.TargetType;
@@ -43,16 +52,9 @@ import cn.topiam.employee.support.exception.TopIamException;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.repository.page.domain.QueryDslRequest;
 import cn.topiam.employee.support.util.BeanUtils;
-import com.alibaba.fastjson2.JSONObject;
+
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.cache.annotation.CacheConfig;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.util.List;
-import java.util.Optional;
-
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME;
 
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceSyncServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceSyncServiceImpl.java
index 6bf61efb..58e61bac 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceSyncServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceSyncServiceImpl.java
@@ -17,6 +17,16 @@
  */
 package cn.topiam.employee.console.service.identitysource.impl;
 
+import java.time.LocalDateTime;
+import java.util.Objects;
+
+import org.apache.commons.lang3.ObjectUtils;
+import org.springframework.data.querydsl.QPageRequest;
+import org.springframework.stereotype.Service;
+
+import com.querydsl.core.types.OrderSpecifier;
+import com.querydsl.core.types.Predicate;
+
 import cn.topiam.employee.audit.context.AuditContext;
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.common.entity.identitysource.IdentitySourceEntity;
@@ -36,17 +46,9 @@ import cn.topiam.employee.identitysource.core.event.IdentitySourceEventUtils;
 import cn.topiam.employee.identitysource.core.exception.IdentitySourceNotExistException;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
-import com.querydsl.core.types.OrderSpecifier;
-import com.querydsl.core.types.Predicate;
+
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.ObjectUtils;
-import org.springframework.data.querydsl.QPageRequest;
-import org.springframework.stereotype.Service;
-
-import java.time.LocalDateTime;
-import java.util.Objects;
-
 import static cn.topiam.employee.audit.enums.TargetType.IDENTITY_SOURCE;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/AdministratorService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/AdministratorService.java
index b4bbd60c..3684d5c2 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/AdministratorService.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/AdministratorService.java
@@ -17,6 +17,8 @@
  */
 package cn.topiam.employee.console.service.setting;
 
+import java.time.LocalDateTime;
+
 import cn.topiam.employee.common.enums.CheckValidityType;
 import cn.topiam.employee.common.enums.UserStatus;
 import cn.topiam.employee.console.pojo.query.setting.AdministratorListQuery;
@@ -27,8 +29,6 @@ import cn.topiam.employee.console.pojo.update.setting.AdministratorUpdateParam;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 
-import java.time.LocalDateTime;
-
 /**
  * 管理员
  *
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/MailTemplateService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/MailTemplateService.java
index ee13c1fd..e0226817 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/MailTemplateService.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/MailTemplateService.java
@@ -17,14 +17,14 @@
  */
 package cn.topiam.employee.console.service.setting;
 
+import java.util.List;
+
 import cn.topiam.employee.common.entity.setting.MailTemplateEntity;
 import cn.topiam.employee.common.enums.MailType;
 import cn.topiam.employee.console.pojo.result.setting.EmailTemplateListResult;
 import cn.topiam.employee.console.pojo.result.setting.EmailTemplateResult;
 import cn.topiam.employee.console.pojo.save.setting.EmailCustomTemplateSaveParam;
 
-import java.util.List;
-
 /**
  * <p>
  * 邮件模板 服务类
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/PasswordPolicyService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/PasswordPolicyService.java
index e9079176..d90c3e64 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/PasswordPolicyService.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/PasswordPolicyService.java
@@ -17,12 +17,12 @@
  */
 package cn.topiam.employee.console.service.setting;
 
+import java.util.List;
+
 import cn.topiam.employee.console.pojo.result.setting.PasswordPolicyConfigResult;
 import cn.topiam.employee.console.pojo.result.setting.WeakPasswordLibListResult;
 import cn.topiam.employee.console.pojo.save.setting.PasswordPolicySaveParam;
 
-import java.util.List;
-
 /**
  * <p>
  * 密码策略 服务类
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/SettingService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/SettingService.java
index 6d57f493..8d32d701 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/SettingService.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/SettingService.java
@@ -17,10 +17,10 @@
  */
 package cn.topiam.employee.console.service.setting;
 
-import cn.topiam.employee.common.entity.setting.SettingEntity;
-
 import java.util.List;
 
+import cn.topiam.employee.common.entity.setting.SettingEntity;
+
 /**
  * @author TopIAM
  * Created by support@topiam.cn on  2021/11/9 22:30
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/SmsTemplateService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/SmsTemplateService.java
index ca555c9e..a75d581b 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/SmsTemplateService.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/SmsTemplateService.java
@@ -17,11 +17,11 @@
  */
 package cn.topiam.employee.console.service.setting;
 
+import java.util.List;
+
 import cn.topiam.employee.common.enums.Language;
 import cn.topiam.employee.console.pojo.result.setting.SmsTemplateListResult;
 
-import java.util.List;
-
 /**
  * <p>
  * 短信模版 服务类
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/AdministratorServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/AdministratorServiceImpl.java
index fe5df7b5..0c8dcfc1 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/AdministratorServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/AdministratorServiceImpl.java
@@ -17,6 +17,26 @@
  */
 package cn.topiam.employee.console.service.setting.impl;
 
+import java.nio.charset.StandardCharsets;
+import java.time.LocalDateTime;
+import java.util.Base64;
+import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.concurrent.Executor;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.data.querydsl.QPageRequest;
+import org.springframework.scheduling.annotation.AsyncConfigurer;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.session.Session;
+import org.springframework.session.security.SpringSessionBackedSessionRegistry;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.querydsl.core.types.Predicate;
+import com.querydsl.core.types.dsl.BooleanExpression;
+
 import cn.topiam.employee.audit.context.AuditContext;
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.TargetType;
@@ -40,26 +60,8 @@ import cn.topiam.employee.support.exception.TopIamException;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.util.BeanUtils;
-import com.querydsl.core.types.Predicate;
-import com.querydsl.core.types.dsl.BooleanExpression;
-import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.data.querydsl.QPageRequest;
-import org.springframework.scheduling.annotation.AsyncConfigurer;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.session.Session;
-import org.springframework.session.security.SpringSessionBackedSessionRegistry;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.nio.charset.StandardCharsets;
-import java.time.LocalDateTime;
-import java.util.Base64;
-import java.util.List;
-import java.util.Objects;
-import java.util.Optional;
-import java.util.concurrent.Executor;
 
+import lombok.extern.slf4j.Slf4j;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME;
 
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/GeoLocationSettingServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/GeoLocationSettingServiceImpl.java
index 9280cd49..2e53e607 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/GeoLocationSettingServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/GeoLocationSettingServiceImpl.java
@@ -17,6 +17,9 @@
  */
 package cn.topiam.employee.console.service.setting.impl;
 
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
 import cn.topiam.employee.common.entity.setting.SettingEntity;
 import cn.topiam.employee.common.geo.GeoLocation;
 import cn.topiam.employee.common.geo.GeoLocationService;
@@ -26,10 +29,8 @@ import cn.topiam.employee.console.pojo.result.setting.GeoIpProviderResult;
 import cn.topiam.employee.console.pojo.save.setting.GeoIpProviderSaveParam;
 import cn.topiam.employee.console.service.setting.GeoLocationSettingService;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
-import lombok.extern.slf4j.Slf4j;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
 
+import lombok.extern.slf4j.Slf4j;
 import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.GEO_LOCATION;
 import static cn.topiam.employee.core.setting.constant.GeoIpProviderConstants.IPADDRESS_SETTING_NAME;
 
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/MailTemplateServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/MailTemplateServiceImpl.java
index dc054f91..a0a55f18 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/MailTemplateServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/MailTemplateServiceImpl.java
@@ -17,6 +17,19 @@
  */
 package cn.topiam.employee.console.service.setting.impl;
 
+import java.util.Arrays;
+import java.util.List;
+import java.util.Objects;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.cache.annotation.CacheConfig;
+import org.springframework.cache.annotation.CacheEvict;
+import org.springframework.cache.annotation.CachePut;
+import org.springframework.cache.annotation.Cacheable;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
 import cn.topiam.employee.audit.context.AuditContext;
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.TargetType;
@@ -30,19 +43,6 @@ import cn.topiam.employee.console.pojo.result.setting.EmailTemplateResult;
 import cn.topiam.employee.console.pojo.save.setting.EmailCustomTemplateSaveParam;
 import cn.topiam.employee.console.service.setting.MailTemplateService;
 import cn.topiam.employee.support.util.BeanUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.cache.annotation.CacheConfig;
-import org.springframework.cache.annotation.CacheEvict;
-import org.springframework.cache.annotation.CachePut;
-import org.springframework.cache.annotation.Cacheable;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.util.Arrays;
-import java.util.List;
-import java.util.Objects;
-
 import static cn.topiam.employee.core.setting.constant.MessageSettingConstants.SETTING_EMAIL_TEMPLATE_CACHE_NAME;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME;
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/MessageSettingServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/MessageSettingServiceImpl.java
index 4deae7c9..04fc3b43 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/MessageSettingServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/MessageSettingServiceImpl.java
@@ -17,6 +17,8 @@
  */
 package cn.topiam.employee.console.service.setting.impl;
 
+import org.springframework.stereotype.Service;
+
 import cn.topiam.employee.common.entity.setting.SettingEntity;
 import cn.topiam.employee.common.repository.setting.SettingRepository;
 import cn.topiam.employee.console.converter.setting.MessageSettingConverter;
@@ -26,8 +28,6 @@ import cn.topiam.employee.console.pojo.save.setting.SmsProviderSaveParam;
 import cn.topiam.employee.console.pojo.setting.SmsProviderConfigResult;
 import cn.topiam.employee.console.service.setting.MessageSettingService;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
-import org.springframework.stereotype.Service;
-
 import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.MAIL_PROVIDER_SEND;
 import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.SMS_PROVIDER_SEND;
 import static cn.topiam.employee.core.setting.constant.MessageSettingConstants.MESSAGE_PROVIDER_EMAIL;
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/PasswordPolicyServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/PasswordPolicyServiceImpl.java
index 5b2124aa..1c99a15d 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/PasswordPolicyServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/PasswordPolicyServiceImpl.java
@@ -17,6 +17,12 @@
  */
 package cn.topiam.employee.console.service.setting.impl;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
 import cn.topiam.employee.common.constants.ConfigBeanNameConstants;
 import cn.topiam.employee.common.entity.setting.SettingEntity;
 import cn.topiam.employee.common.repository.setting.SettingRepository;
@@ -27,12 +33,6 @@ import cn.topiam.employee.console.pojo.save.setting.PasswordPolicySaveParam;
 import cn.topiam.employee.console.service.setting.PasswordPolicyService;
 import cn.topiam.employee.core.security.password.weak.PasswordWeakLib;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.util.ArrayList;
-import java.util.List;
-
 import static cn.topiam.employee.core.setting.constant.PasswordPolicySettingConstants.PASSWORD_POLICY_KEYS;
 
 /**
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SecuritySettingServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SecuritySettingServiceImpl.java
index 5d45bc4d..bcf70245 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SecuritySettingServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SecuritySettingServiceImpl.java
@@ -17,6 +17,15 @@
  */
 package cn.topiam.employee.console.service.setting.impl;
 
+import java.util.List;
+import java.util.concurrent.Executor;
+
+import org.springframework.scheduling.annotation.AsyncConfigurer;
+import org.springframework.session.Session;
+import org.springframework.session.security.SpringSessionBackedSessionRegistry;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
 import cn.topiam.employee.common.entity.setting.SettingEntity;
 import cn.topiam.employee.common.enums.MfaMode;
 import cn.topiam.employee.common.repository.setting.SettingRepository;
@@ -31,15 +40,6 @@ import cn.topiam.employee.console.service.setting.SecuritySettingService;
 import cn.topiam.employee.core.security.session.SessionDetails;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
 import cn.topiam.employee.support.context.ServletContextHelp;
-import org.springframework.scheduling.annotation.AsyncConfigurer;
-import org.springframework.session.Session;
-import org.springframework.session.security.SpringSessionBackedSessionRegistry;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.util.List;
-import java.util.concurrent.Executor;
-
 import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.CAPTCHA_VALIDATOR;
 import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.DEFAULT_SECURITY_FILTER_CHAIN;
 import static cn.topiam.employee.core.setting.constant.MfaSettingConstants.MFA_SETTING_KEYS;
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SettingServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SettingServiceImpl.java
index a97f0dcf..9621e5ea 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SettingServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SettingServiceImpl.java
@@ -17,16 +17,17 @@
  */
 package cn.topiam.employee.console.service.setting.impl;
 
+import java.util.List;
+import java.util.Objects;
+
+import org.springframework.transaction.annotation.Transactional;
+
 import cn.topiam.employee.common.entity.setting.SettingEntity;
 import cn.topiam.employee.common.repository.setting.SettingRepository;
 import cn.topiam.employee.console.service.setting.SettingService;
 import cn.topiam.employee.support.util.BeanUtils;
-import lombok.AllArgsConstructor;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.util.List;
-import java.util.Objects;
 
+import lombok.AllArgsConstructor;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME;
 
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SmsTemplateServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SmsTemplateServiceImpl.java
index eb76e970..b8f54b6c 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SmsTemplateServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SmsTemplateServiceImpl.java
@@ -17,17 +17,19 @@
  */
 package cn.topiam.employee.console.service.setting.impl;
 
+import java.util.List;
+import java.util.Locale;
+import java.util.ResourceBundle;
+
+import org.springframework.stereotype.Service;
+
+import com.google.common.collect.Lists;
+
 import cn.topiam.employee.common.enums.Language;
 import cn.topiam.employee.common.enums.SmsType;
 import cn.topiam.employee.common.repository.setting.SettingRepository;
 import cn.topiam.employee.console.pojo.result.setting.SmsTemplateListResult;
 import cn.topiam.employee.console.service.setting.SmsTemplateService;
-import com.google.common.collect.Lists;
-import org.springframework.stereotype.Service;
-
-import java.util.List;
-import java.util.Locale;
-import java.util.ResourceBundle;
 
 /**
  * <p>
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/StorageSettingServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/StorageSettingServiceImpl.java
index ab1b6b76..c6a4ca06 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/StorageSettingServiceImpl.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/StorageSettingServiceImpl.java
@@ -17,6 +17,8 @@
  */
 package cn.topiam.employee.console.service.setting.impl;
 
+import org.springframework.stereotype.Service;
+
 import cn.topiam.employee.common.entity.setting.SettingEntity;
 import cn.topiam.employee.common.repository.setting.SettingRepository;
 import cn.topiam.employee.console.converter.setting.StorageSettingConverter;
@@ -24,8 +26,6 @@ import cn.topiam.employee.console.pojo.result.setting.StorageProviderConfigResul
 import cn.topiam.employee.console.pojo.save.setting.StorageConfigSaveParam;
 import cn.topiam.employee.console.service.setting.StorageSettingService;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
-import org.springframework.stereotype.Service;
-
 import static cn.topiam.employee.core.setting.constant.StorageProviderSettingConstants.STORAGE_BEAN_NAME;
 import static cn.topiam.employee.core.setting.constant.StorageProviderSettingConstants.STORAGE_PROVIDER_KEY;
 
diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/HttpSessionRedirectCache.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/HttpSessionRedirectCache.java
index 0bd95022..af158891 100644
--- a/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/HttpSessionRedirectCache.java
+++ b/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/HttpSessionRedirectCache.java
@@ -122,8 +122,7 @@ public class HttpSessionRedirectCache implements RedirectCache {
      * @return {@link SavedRedirect}
      */
     @Override
-    public SavedRedirect getRedirect(HttpServletRequest request,
-                                                                                    HttpServletResponse response) {
+    public SavedRedirect getRedirect(HttpServletRequest request, HttpServletResponse response) {
         return (SavedRedirect) request.getSession(false)
             .getAttribute(TOPIAM_SECURITY_SAVED_REDIRECT);
     }
diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/LoginRedirectParameterFilter.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/LoginRedirectParameterFilter.java
index e9f1bd66..aadfded5 100644
--- a/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/LoginRedirectParameterFilter.java
+++ b/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/LoginRedirectParameterFilter.java
@@ -38,8 +38,8 @@ public class LoginRedirectParameterFilter extends OncePerRequestFilter {
     /**
      * RedirectCache
      */
-    private final RedirectCache redirectCache = new HttpSessionRedirectCache();
-    private final RequestMatcher                                               requestMatcher;
+    private final RedirectCache  redirectCache = new HttpSessionRedirectCache();
+    private final RequestMatcher requestMatcher;
 
     public LoginRedirectParameterFilter(RequestMatcher requestMatcher) {
         this.requestMatcher = requestMatcher;
diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/session/TopIamSessionBackedSessionRegistry.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/session/TopIamSessionBackedSessionRegistry.java
index 3cd4c8b6..8b791f9f 100644
--- a/eiam-core/src/main/java/cn/topiam/employee/core/security/session/TopIamSessionBackedSessionRegistry.java
+++ b/eiam-core/src/main/java/cn/topiam/employee/core/security/session/TopIamSessionBackedSessionRegistry.java
@@ -97,8 +97,8 @@ public class TopIamSessionBackedSessionRegistry<T extends Session>
                 //转为实体
                 UserDetails principal = (UserDetails) securityContext.getAuthentication()
                     .getPrincipal();
-                SessionDetails sessionDetails = new SessionDetails(
-                    principal.getId(), principal.getUsername());
+                SessionDetails sessionDetails = new SessionDetails(principal.getId(),
+                    principal.getUsername());
                 //last request
                 Instant instant = information.getLastRequest().toInstant();
                 ZoneId zoneId = ZoneId.systemDefault();
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/EiamCaptchaValidatorConfiguration.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/EiamCaptchaValidatorConfiguration.java
index 4bf32787..03fa155a 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/EiamCaptchaValidatorConfiguration.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/EiamCaptchaValidatorConfiguration.java
@@ -17,12 +17,8 @@
  */
 package cn.topiam.employee.portal.configuration;
 
-import cn.topiam.employee.authentication.captcha.CaptchaValidator;
-import cn.topiam.employee.authentication.captcha.NoneCaptchaProvider;
-import cn.topiam.employee.authentication.captcha.geetest.GeeTestCaptchaProviderConfig;
-import cn.topiam.employee.authentication.captcha.geetest.GeeTestCaptchaValidator;
-import cn.topiam.employee.common.constants.ConfigBeanNameConstants;
-import cn.topiam.employee.core.security.captcha.CaptchaProviderConfig;
+import java.util.Objects;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.cloud.context.config.annotation.RefreshScope;
@@ -30,8 +26,12 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.client.RestTemplate;
 
-import java.util.Objects;
-
+import cn.topiam.employee.authentication.captcha.CaptchaValidator;
+import cn.topiam.employee.authentication.captcha.NoneCaptchaProvider;
+import cn.topiam.employee.authentication.captcha.geetest.GeeTestCaptchaProviderConfig;
+import cn.topiam.employee.authentication.captcha.geetest.GeeTestCaptchaValidator;
+import cn.topiam.employee.common.constants.ConfigBeanNameConstants;
+import cn.topiam.employee.core.security.captcha.CaptchaProviderConfig;
 import static cn.topiam.employee.common.enums.CaptchaProviderType.GEE_TEST;
 import static cn.topiam.employee.core.context.SettingContextHelp.getCaptchaProviderConfig;
 
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalApiConfiguration.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalApiConfiguration.java
index f8bce492..f1e5e857 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalApiConfiguration.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalApiConfiguration.java
@@ -17,17 +17,19 @@
  */
 package cn.topiam.employee.portal.configuration;
 
-import cn.topiam.employee.EiamPortalApplication;
-import cn.topiam.employee.support.util.AppVersionUtils;
-import io.swagger.v3.oas.models.OpenAPI;
-import io.swagger.v3.oas.models.info.Contact;
-import io.swagger.v3.oas.models.info.Info;
-import lombok.RequiredArgsConstructor;
 import org.springdoc.core.GroupedOpenApi;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.env.Environment;
 
+import cn.topiam.employee.EiamPortalApplication;
+import cn.topiam.employee.support.util.AppVersionUtils;
+
+import lombok.RequiredArgsConstructor;
+
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Contact;
+import io.swagger.v3.oas.models.info.Info;
 import static cn.topiam.employee.support.constant.EiamConstants.API_PATH;
 
 /**
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalFrontendConfiguration.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalFrontendConfiguration.java
index 184b6617..5ffcd6e1 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalFrontendConfiguration.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalFrontendConfiguration.java
@@ -17,6 +17,8 @@
  */
 package cn.topiam.employee.portal.configuration;
 
+import java.io.IOException;
+
 import org.jetbrains.annotations.NotNull;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.Resource;
@@ -24,8 +26,6 @@ import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import org.springframework.web.servlet.resource.PathResourceResolver;
 
-import java.io.IOException;
-
 /**
  * 控制台前端配置
  *
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalSecurityConfiguration.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalSecurityConfiguration.java
index 54d295d5..ce13dd0d 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalSecurityConfiguration.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalSecurityConfiguration.java
@@ -17,6 +17,40 @@
  */
 package cn.topiam.employee.portal.configuration;
 
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+import java.util.stream.Collectors;
+
+import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.cloud.context.config.annotation.RefreshScope;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.ObjectPostProcessor;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.*;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.EiamOAuth2AuthorizationServerConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.access.ExceptionTranslationFilter;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.OrRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.session.security.web.authentication.SpringSessionRememberMeServices;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
 import cn.topiam.employee.audit.event.AuditEventPublish;
 import cn.topiam.employee.authentication.captcha.CaptchaValidator;
 import cn.topiam.employee.authentication.captcha.filter.CaptchaValidatorFilter;
@@ -62,41 +96,10 @@ import cn.topiam.employee.protocol.cas.idp.CasIdpConfigurer;
 import cn.topiam.employee.protocol.form.FormProtocolConfigurer;
 import cn.topiam.employee.protocol.oidc.token.EiamOpaqueTokenIntrospector;
 import cn.topiam.employee.protocol.saml2.idp.Saml2IdpConfigurer;
-import cn.topiam.employee.protocol.tsa.TsaProtocolConfigurer;
-import lombok.RequiredArgsConstructor;
-import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.cloud.context.config.annotation.RefreshScope;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
-import org.springframework.http.HttpMethod;
-import org.springframework.security.config.Customizer;
-import org.springframework.security.config.annotation.ObjectPostProcessor;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configurers.*;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
-import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
-import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.EiamOAuth2AuthorizationServerConfigurer;
-import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.access.ExceptionTranslationFilter;
-import org.springframework.security.web.authentication.AuthenticationFailureHandler;
-import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
-import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
-import org.springframework.security.web.util.matcher.OrRequestMatcher;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.session.security.web.authentication.SpringSessionRememberMeServices;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Objects;
-import java.util.stream.Collectors;
+import lombok.RequiredArgsConstructor;
+import static org.springframework.boot.autoconfigure.security.StaticResourceLocation.*;
+import static org.springframework.security.config.Customizer.withDefaults;
 
 import static cn.topiam.employee.common.constants.AuthorizeConstants.*;
 import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.*;
@@ -104,8 +107,6 @@ import static cn.topiam.employee.common.constants.SessionConstants.CURRENT_STATU
 import static cn.topiam.employee.core.setting.constant.SecuritySettingConstants.SECURITY_BASIC_REMEMBER_ME_VALID_TIME;
 import static cn.topiam.employee.core.setting.constant.SecuritySettingConstants.SECURITY_SESSION_MAXIMUM;
 import static cn.topiam.employee.support.constant.EiamConstants.*;
-import static org.springframework.boot.autoconfigure.security.StaticResourceLocation.*;
-import static org.springframework.security.config.Customizer.withDefaults;
 
 /**
  * PortalSecurityConfiguration
@@ -318,38 +319,6 @@ public class PortalSecurityConfiguration {
             //@formatter:on
     }
 
-    /**
-     * TsaProtocolSecurityFilterChain
-     *
-     * @param http {@link HttpSecurity}
-     * @return {@link SecurityFilterChain}
-     * @throws Exception Exception
-     */
-    @Order(6)
-    @Bean(value = TSA_PROTOCOL_SECURITY_FILTER_CHAIN)
-    @RefreshScope
-    public SecurityFilterChain tsaProtocolSecurityFilterChain(HttpSecurity http) throws Exception {
-        //@formatter:off
-            //TSA IDP 配置
-            TsaProtocolConfigurer<HttpSecurity> configurer = new TsaProtocolConfigurer<>();
-            RequestMatcher endpointsMatcher = configurer.getEndpointsMatcher();
-            http.requestMatcher(endpointsMatcher)
-                    .authorizeHttpRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated())
-                    //异常处理
-                    .exceptionHandling(withExceptionConfigurerDefaults())
-                    //CSRF
-                    .csrf(withCsrfConfigurerDefaults(endpointsMatcher))
-                    //headers
-                    .headers(withHeadersConfigurerDefaults())
-                    //cors
-                    .cors(withCorsConfigurerDefaults())
-                    //会话管理器
-                    .sessionManagement(withSessionManagementConfigurerDefaults(settingRepository))
-                    .apply(configurer);
-            return http.build();
-            //@formatter:on
-    }
-
     /**
      * SecurityFilterChain
      *
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AccountController.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AccountController.java
index 34385da7..b24aaead 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AccountController.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AccountController.java
@@ -17,16 +17,18 @@
  */
 package cn.topiam.employee.portal.controller;
 
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
 import cn.topiam.employee.core.security.decrypt.DecryptRequestBody;
 import cn.topiam.employee.portal.pojo.request.*;
 import cn.topiam.employee.portal.pojo.result.PrepareBindMfaResult;
 import cn.topiam.employee.portal.service.AccountService;
 import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
+
 import lombok.AllArgsConstructor;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
 
+import io.swagger.v3.oas.annotations.Operation;
 import static cn.topiam.employee.support.constant.EiamConstants.API_PATH;
 
 /**
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppController.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppController.java
index b79f82fb..84db26b1 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppController.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppController.java
@@ -17,19 +17,21 @@
  */
 package cn.topiam.employee.portal.controller;
 
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
 import cn.topiam.employee.portal.pojo.query.GetAppListQuery;
 import cn.topiam.employee.portal.pojo.result.GetAppListResult;
 import cn.topiam.employee.portal.service.AppService;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
 import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
+
 import lombok.AllArgsConstructor;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.support.constant.EiamConstants.API_PATH;
 
 /**
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/CurrentUserController.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/CurrentUserController.java
index 2461281b..64b0302f 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/CurrentUserController.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/CurrentUserController.java
@@ -17,6 +17,19 @@
  */
 package cn.topiam.employee.portal.controller;
 
+import java.io.Serializable;
+import java.util.List;
+
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Component;
+
+import com.alibaba.fastjson2.JSON;
+import com.google.common.collect.Lists;
+
 import cn.topiam.employee.authentication.common.IdentityProviderType;
 import cn.topiam.employee.common.entity.account.UserEntity;
 import cn.topiam.employee.common.enums.PasswordStrength;
@@ -24,20 +37,11 @@ import cn.topiam.employee.core.security.util.UserUtils;
 import cn.topiam.employee.support.result.ApiRestResult;
 import cn.topiam.employee.support.util.DesensitizationUtil;
 import cn.topiam.employee.support.util.HttpResponseUtils;
-import com.alibaba.fastjson2.JSON;
-import com.google.common.collect.Lists;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.Serializable;
-import java.util.List;
 
+import io.swagger.v3.oas.annotations.media.Schema;
 import static cn.topiam.employee.common.constants.SessionConstants.CURRENT_USER;
 
 /**
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/SessionManageEndpoint.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/SessionManageEndpoint.java
index 176ccc05..38b19923 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/SessionManageEndpoint.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/SessionManageEndpoint.java
@@ -17,6 +17,28 @@
  */
 package cn.topiam.employee.portal.controller;
 
+import java.io.Serial;
+import java.io.Serializable;
+import java.time.LocalDateTime;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.mapstruct.Mapper;
+import org.springframework.security.core.session.SessionRegistry;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.alibaba.fastjson2.JSON;
+import com.alibaba.fastjson2.annotation.JSONField;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
 import cn.topiam.employee.audit.annotation.Audit;
 import cn.topiam.employee.audit.context.AuditContext;
 import cn.topiam.employee.audit.entity.Target;
@@ -31,33 +53,16 @@ import cn.topiam.employee.support.context.ApplicationContextHelp;
 import cn.topiam.employee.support.result.ApiRestResult;
 import cn.topiam.employee.support.util.HttpResponseUtils;
 import cn.topiam.employee.support.web.useragent.UserAgent;
-import com.alibaba.fastjson2.JSON;
-import com.alibaba.fastjson2.annotation.JSONField;
-import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
+
 import lombok.Data;
 import lombok.experimental.Accessors;
-import org.apache.commons.lang3.StringUtils;
-import org.mapstruct.Mapper;
-import org.springframework.security.core.session.SessionRegistry;
-import org.springframework.web.bind.annotation.DeleteMapping;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.Serial;
-import java.io.Serializable;
-import java.time.LocalDateTime;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.USERNAME;
 
 import static cn.topiam.employee.common.constants.SessionConstants.SESSION_PATH;
 import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN;
-import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.USERNAME;
 
 /**
  * 会话管理
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/login/LoginConfigController.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/login/LoginConfigController.java
index 21f8019a..84983e1a 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/login/LoginConfigController.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/login/LoginConfigController.java
@@ -17,16 +17,18 @@
  */
 package cn.topiam.employee.portal.controller.login;
 
-import cn.topiam.employee.portal.pojo.result.LoginConfigResult;
-import cn.topiam.employee.portal.service.LoginConfigService;
-import cn.topiam.employee.support.result.ApiRestResult;
-import io.swagger.v3.oas.annotations.tags.Tag;
-import lombok.extern.slf4j.Slf4j;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
+import cn.topiam.employee.portal.pojo.result.LoginConfigResult;
+import cn.topiam.employee.portal.service.LoginConfigService;
+import cn.topiam.employee.support.result.ApiRestResult;
+
+import lombok.extern.slf4j.Slf4j;
+
+import io.swagger.v3.oas.annotations.tags.Tag;
 import static cn.topiam.employee.common.constants.AuthorizeConstants.LOGIN_CONFIG;
 
 /**
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/login/LoginOtpController.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/login/LoginOtpController.java
deleted file mode 100644
index a7827204..00000000
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/login/LoginOtpController.java
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- * eiam-portal - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package cn.topiam.employee.portal.controller.login;
-
-import java.io.Serializable;
-
-import javax.validation.constraints.NotNull;
-
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseEntity;
-import org.springframework.security.core.Authentication;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
-
-import cn.topiam.employee.common.entity.account.UserEntity;
-import cn.topiam.employee.common.enums.MailType;
-import cn.topiam.employee.common.enums.MessageNoticeChannel;
-import cn.topiam.employee.common.enums.SmsType;
-import cn.topiam.employee.common.exception.LoginOtpActionNotSupportException;
-import cn.topiam.employee.core.security.mfa.MfaAuthentication;
-import cn.topiam.employee.core.security.otp.OtpContextHelp;
-import cn.topiam.employee.core.security.userdetails.UserDetails;
-import cn.topiam.employee.core.security.util.UserUtils;
-import cn.topiam.employee.support.lock.Lock;
-import cn.topiam.employee.support.result.ApiRestResult;
-
-import lombok.Data;
-import lombok.extern.slf4j.Slf4j;
-
-import io.swagger.v3.oas.annotations.Parameter;
-import static cn.topiam.employee.common.constants.AuthorizeConstants.LOGIN_PATH;
-
-/**
- * OPT 端点
- * 短信验证码有效期2分钟
- *
- * 验证码为6位纯数字
- * 每个手机号60秒内只能发送一次短信验证码，且这一规则的校验必须在服务器端执行
- * 同一个手机号在同一时间内可以有多个有效的短信验证码
- * 保存于服务器端的验证码，至多可被使用3次（无论和请求中的验证码是否匹配），随后立即作废，以防止暴力攻击
- * 短信验证码不可直接记录到日志文件
- * 集成第三方API做登录保护（可选）
- *
- * @author TopIAM
- * Created by support@topiam.cn on  2020/12/23 20:49
- */
-@Slf4j
-@RestController
-@RequestMapping(value = LOGIN_PATH + "/otp")
-public class LoginOtpController {
-
-    /**
-     * 发送 OPT
-     *s
-     * @return {@link ApiRestResult}
-     */
-    @PostMapping("/send")
-    @Lock(namespaces = "login")
-    public ResponseEntity<ApiRestResult<Boolean>> send(@Validated SendOtpRequest request,
-                                                       Authentication authentication) {
-        if (request.getAction().equals(Action.LOGIN)) {
-            if (StringUtils.isBlank(request.getTarget())) {
-                throw new NullPointerException("目标不能为空");
-            }
-            send(request.getTarget(), request.getChannel());
-            return ResponseEntity.ok(ApiRestResult.ok());
-        }
-        //MFA
-        if (request.getAction().equals(Action.MFA)) {
-            //非MFA对象
-            if (!(authentication instanceof MfaAuthentication)) {
-                ResponseEntity.BodyBuilder builder = ResponseEntity.status(HttpStatus.UNAUTHORIZED);
-                return builder.body(ApiRestResult.ok());
-            }
-            //MFA，从会话上下文中获取手机号及邮箱信息
-            UserDetails principal = (UserDetails) ((MfaAuthentication) authentication).getFirst()
-                .getPrincipal();
-            UserEntity user = UserUtils.getUser(principal.getId());
-            String email = user.getEmail();
-            if (MessageNoticeChannel.MAIL.equals(request.getChannel())) {
-                send(email, MessageNoticeChannel.MAIL);
-                return ResponseEntity.ok(ApiRestResult.ok());
-            }
-            String phone = user.getPhone();
-            if (MessageNoticeChannel.SMS.equals(request.getChannel())) {
-                send(phone, MessageNoticeChannel.SMS);
-                return ResponseEntity.ok(ApiRestResult.ok());
-            }
-        }
-        throw new LoginOtpActionNotSupportException();
-    }
-
-    /**
-     * 发送
-     *
-     * @param target {@link String}
-     * @param channel  {@link MessageNoticeChannel}
-     */
-    private void send(String target, MessageNoticeChannel channel) {
-        String type;
-        if (channel == MessageNoticeChannel.MAIL) {
-            type = MailType.AGAIN_VERIFY.getCode();
-        } else {
-            type = SmsType.AGAIN_VERIFY.getCode();
-        }
-        otpContextHelp.sendOtp(target, type, channel);
-    }
-
-    /**
-     * 发送 OTP 请求
-     */
-    @Data
-    public static class SendOtpRequest implements Serializable {
-        /**
-         * 动作
-         */
-        @Parameter(description = "action")
-        @NotNull(message = "消息动作不能为空")
-        private Action               action;
-
-        /**
-         * 渠道
-         */
-        @Parameter(description = "channel")
-        @NotNull(message = "消息渠道不能为空")
-        private MessageNoticeChannel channel;
-
-        /**
-         * 目标
-         */
-        @Parameter(description = "target")
-        private String               target;
-    }
-
-    /**
-     *
-     */
-    public enum Action {
-
-                        /**
-                         * LOGIN
-                         */
-                        LOGIN,
-                        /**
-                         * MFA
-                         */
-                        MFA
-    }
-
-    private final OtpContextHelp otpContextHelp;
-
-    public LoginOtpController(OtpContextHelp otpContextHelp) {
-        this.otpContextHelp = otpContextHelp;
-    }
-}
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AccountConverter.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AccountConverter.java
index 4b840524..904a91b2 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AccountConverter.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AccountConverter.java
@@ -17,19 +17,21 @@
  */
 package cn.topiam.employee.portal.converter;
 
-import cn.topiam.employee.authentication.common.modal.IdpUser;
-import cn.topiam.employee.common.entity.account.UserDetailEntity;
-import cn.topiam.employee.common.entity.account.UserEntity;
-import cn.topiam.employee.common.entity.account.UserIdpBindEntity;
-import cn.topiam.employee.portal.pojo.request.UpdateUserInfoRequest;
-import com.alibaba.fastjson2.JSONObject;
+import java.time.LocalDateTime;
+
 import org.apache.commons.collections4.MapUtils;
 import org.mapstruct.Mapper;
 import org.mapstruct.Mapping;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.time.LocalDateTime;
+import com.alibaba.fastjson2.JSONObject;
+
+import cn.topiam.employee.authentication.common.modal.IdpUser;
+import cn.topiam.employee.common.entity.account.UserDetailEntity;
+import cn.topiam.employee.common.entity.account.UserEntity;
+import cn.topiam.employee.common.entity.account.UserIdpBindEntity;
+import cn.topiam.employee.portal.pojo.request.UpdateUserInfoRequest;
 
 /**
  * AccountConverter
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AppConverter.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AppConverter.java
index 62ffbfb5..394e83ca 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AppConverter.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AppConverter.java
@@ -17,6 +17,14 @@
  */
 package cn.topiam.employee.portal.converter;
 
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+
+import org.apache.commons.lang3.StringUtils;
+import org.mapstruct.Mapper;
+import org.mapstruct.MappingConstants;
+
 import cn.topiam.employee.application.ApplicationService;
 import cn.topiam.employee.application.ApplicationServiceLoader;
 import cn.topiam.employee.common.entity.app.AppEntity;
@@ -25,14 +33,6 @@ import cn.topiam.employee.portal.constant.PortalConstants;
 import cn.topiam.employee.portal.pojo.result.GetAppListResult;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
 import cn.topiam.employee.support.repository.page.domain.Page;
-import org.apache.commons.lang3.StringUtils;
-import org.mapstruct.Mapper;
-import org.mapstruct.MappingConstants;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Objects;
-
 import static cn.topiam.employee.common.constants.ProtocolConstants.APP_CODE_VARIABLE;
 import static cn.topiam.employee.common.enums.app.InitLoginType.PORTAL_OR_APP;
 
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/LoginConfigConverter.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/LoginConfigConverter.java
index 5490a4e7..1e27c217 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/LoginConfigConverter.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/LoginConfigConverter.java
@@ -17,13 +17,14 @@
  */
 package cn.topiam.employee.portal.converter;
 
-import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity;
-import cn.topiam.employee.portal.pojo.result.LoginConfigResult;
-import org.mapstruct.Mapper;
-
 import java.util.ArrayList;
 import java.util.List;
 
+import org.mapstruct.Mapper;
+
+import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity;
+import cn.topiam.employee.portal.pojo.result.LoginConfigResult;
+
 /**
  * AuthenticationConverter
  *
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAccessDeniedHandler.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAccessDeniedHandler.java
index 968151fc..8c3e3f3c 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAccessDeniedHandler.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAccessDeniedHandler.java
@@ -17,16 +17,19 @@
  */
 package cn.topiam.employee.portal.handler;
 
-import cn.topiam.employee.core.security.util.SecurityUtils;
-import lombok.AllArgsConstructor;
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.AccessDeniedException;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
+import cn.topiam.employee.core.security.util.SecurityUtils;
+
+import lombok.AllArgsConstructor;
 
 /**
  * 访问拒绝处理程序
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationEntryPoint.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationEntryPoint.java
index ca4aa311..88b7e523 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationEntryPoint.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationEntryPoint.java
@@ -17,21 +17,23 @@
  */
 package cn.topiam.employee.portal.handler;
 
-import cn.topiam.employee.core.context.ServerContextHelp;
-import cn.topiam.employee.support.result.ApiRestResult;
-import cn.topiam.employee.support.util.HttpResponseUtils;
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.core.AuthenticationException;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
+import cn.topiam.employee.core.context.ServerContextHelp;
+import cn.topiam.employee.support.result.ApiRestResult;
+import cn.topiam.employee.support.util.HttpResponseUtils;
+import static org.springframework.http.HttpStatus.UNAUTHORIZED;
 
 import static cn.topiam.employee.common.constants.AuthorizeConstants.FE_LOGIN;
 import static cn.topiam.employee.support.context.ServletContextHelp.acceptIncludeTextHtml;
-import static org.springframework.http.HttpStatus.UNAUTHORIZED;
 
 /**
  * 认证入口点
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationFailureHandler.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationFailureHandler.java
index 5fbda663..ac827aeb 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationFailureHandler.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationFailureHandler.java
@@ -17,12 +17,12 @@
  */
 package cn.topiam.employee.portal.handler;
 
-import cn.topiam.employee.common.enums.SecretType;
-import cn.topiam.employee.common.repository.account.UserRepository;
-import cn.topiam.employee.support.context.ApplicationContextHelp;
-import cn.topiam.employee.support.exception.enums.ExceptionStatus;
-import cn.topiam.employee.support.result.ApiRestResult;
-import cn.topiam.employee.support.util.HttpResponseUtils;
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -31,15 +31,18 @@ import org.springframework.http.HttpStatus;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.WebAttributes;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
+import cn.topiam.employee.common.enums.SecretType;
+import cn.topiam.employee.common.repository.account.UserRepository;
+import cn.topiam.employee.support.context.ApplicationContextHelp;
+import cn.topiam.employee.support.exception.enums.ExceptionStatus;
+import cn.topiam.employee.support.result.ApiRestResult;
+import cn.topiam.employee.support.util.HttpResponseUtils;
+import static javax.servlet.RequestDispatcher.*;
+
+import static org.springframework.boot.web.servlet.support.ErrorPageFilter.ERROR_REQUEST_URI;
 
 import static cn.topiam.employee.support.constant.EiamConstants.CAPTCHA_CODE_SESSION;
 import static cn.topiam.employee.support.context.ServletContextHelp.acceptIncludeTextHtml;
-import static javax.servlet.RequestDispatcher.*;
-import static org.springframework.boot.web.servlet.support.ErrorPageFilter.ERROR_REQUEST_URI;
 
 /**
  * 认证失败
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationHandler.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationHandler.java
deleted file mode 100644
index 89814fd7..00000000
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationHandler.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * eiam-portal - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package cn.topiam.employee.portal.handler;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.springframework.http.HttpStatus;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.WebAttributes;
-import org.springframework.security.web.authentication.AuthenticationFailureHandler;
-import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
-
-import cn.topiam.employee.common.constants.AuthorizeConstants;
-import cn.topiam.employee.core.context.ServerContextHelp;
-import cn.topiam.employee.core.security.authentication.IdpAuthentication;
-import cn.topiam.employee.core.security.authentication.SmsAuthentication;
-import cn.topiam.employee.core.security.mfa.MfaAuthentication;
-import cn.topiam.employee.support.result.ApiRestResult;
-import cn.topiam.employee.support.util.HttpResponseUtils;
-import cn.topiam.employee.support.util.HttpUrlUtils;
-import static cn.topiam.employee.core.context.SettingContextHelp.isMfaEnabled;
-import static cn.topiam.employee.support.constant.EiamConstants.CAPTCHA_CODE_SESSION;
-import static cn.topiam.employee.support.constant.EiamConstants.SAVED_REQUEST;
-import static cn.topiam.employee.support.context.ServletContextHelp.acceptIncludeTextHtml;
-import static cn.topiam.employee.support.exception.enums.ExceptionStatus.EX000102;
-
-/**
- * 认证处理器
- *
- * @author TopIAM
- * Created by support@topiam.cn on  2022/7/28 23:36
- */
-@SuppressWarnings("DuplicatedCode")
-public class PortalAuthenticationHandler implements AuthenticationSuccessHandler,
-                                         AuthenticationFailureHandler {
-
-    private final AuthenticationSuccessHandler successHandler    = new PortalAuthenticationSuccessHandler();
-    private final AuthenticationFailureHandler failureHandler    = new PortalAuthenticationFailureHandler();
-
-    private static final String                REQUIRE_MFA       = "require_mfa";
-    private static final String                REQUIRE_USER_BIND = "require_user_bind";
-
-    /**
-     * Called when an authentication attempt fails.
-     *
-     * @param request   the request during which the authentication attempt occurred.
-     * @param response  the response.
-     * @param exception the exception which was thrown to reject the authentication
-     *                  request.
-     */
-    @Override
-    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
-                                        AuthenticationException exception) throws IOException,
-                                                                           ServletException {
-        failureHandler.onAuthenticationFailure(request, response, exception);
-    }
-
-    /**
-     * Called when a user has been successfully authenticated.
-     *
-     * @param request        the request which caused the successful authentication
-     * @param response       the response
-     * @param authentication the <tt>Authentication</tt> object which was created during
-     *                       the authentication process.
-     */
-    @Override
-    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
-                                        Authentication authentication) throws IOException,
-                                                                       ServletException {
-        boolean isTextHtml = acceptIncludeTextHtml(request);
-        //TODO SMS 不需要双因素
-        if (authentication instanceof SmsAuthentication) {
-            successHandler.onAuthenticationSuccess(request, response, authentication);
-            return;
-        }
-        //TODO IDP 未关联
-        if (authentication instanceof IdpAuthentication
-            && !((IdpAuthentication) authentication).getAssociated()) {
-            //Clear Authentication Attributes
-            clearAuthenticationAttributes(request);
-            if (response.isCommitted()) {
-                return;
-            }
-            if (!isTextHtml) {
-                HttpResponseUtils.flushResponseJson(response, HttpStatus.BAD_REQUEST.value(),
-                    ApiRestResult.builder().status(REQUIRE_USER_BIND).message(REQUIRE_USER_BIND)
-                        .build());
-                return;
-            }
-            //跳转登录，前端会有接口获取状态，并进行展示绑定页面
-            response.sendRedirect(HttpUrlUtils
-                .format(ServerContextHelp.getPortalPublicBaseUrl() + AuthorizeConstants.FE_LOGIN));
-            return;
-        }
-        //TODO IDP 不需要双因素
-        if (authentication instanceof IdpAuthentication) {
-            successHandler.onAuthenticationSuccess(request, response, authentication);
-            return;
-        }
-        //TODO MFA启用、但是对象非MFA，说明需要MFA认证
-        if (isMfaEnabled() && !(authentication instanceof MfaAuthentication)) {
-            SecurityContextHolder.getContext()
-                .setAuthentication(new MfaAuthentication(authentication));
-            //Clear Authentication Attributes
-            clearAuthenticationAttributes(request);
-            if (response.isCommitted()) {
-                return;
-            }
-            if (!isTextHtml) {
-                HttpResponseUtils.flushResponseJson(response, HttpStatus.BAD_REQUEST.value(),
-                    ApiRestResult.builder().status(REQUIRE_MFA).message(REQUIRE_MFA).build());
-                return;
-            }
-            //跳转登录，前端会有接口获取状态，并进行展示 MFA
-            response.sendRedirect(HttpUrlUtils
-                .format(ServerContextHelp.getPortalPublicBaseUrl() + AuthorizeConstants.FE_LOGIN));
-            return;
-        }
-        //TODO Mfa 验证成功
-        if (authentication instanceof MfaAuthentication
-            && ((MfaAuthentication) authentication).getValidated()) {
-            SecurityContextHolder.getContext()
-                .setAuthentication(((MfaAuthentication) authentication).getFirst());
-            successHandler.onAuthenticationSuccess(request, response, authentication);
-            return;
-        }
-        //TODO Mfa 验证失败
-        if (authentication instanceof MfaAuthentication
-            && !((MfaAuthentication) authentication).getValidated()) {
-            HttpResponseUtils.flushResponseJson(response, HttpStatus.BAD_REQUEST.value(),
-                ApiRestResult.builder().status(EX000102.getCode()).message(EX000102.getMessage())
-                    .build());
-            return;
-        }
-        successHandler.onAuthenticationSuccess(request, response, authentication);
-    }
-
-    protected final void clearAuthenticationAttributes(HttpServletRequest request) {
-        HttpSession session = request.getSession(false);
-        if (session != null) {
-            //清理验证码
-            session.removeAttribute(CAPTCHA_CODE_SESSION);
-            //清理保存请求
-            session.removeAttribute(SAVED_REQUEST);
-            //清理认证异常
-            session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
-        }
-    }
-}
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationSuccessHandler.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationSuccessHandler.java
index bbb4df2d..a617347a 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationSuccessHandler.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationSuccessHandler.java
@@ -17,13 +17,12 @@
  */
 package cn.topiam.employee.portal.handler;
 
-import cn.topiam.employee.common.constants.AuthorizeConstants;
-import cn.topiam.employee.common.enums.SecretType;
-import cn.topiam.employee.core.context.ServerContextHelp;
-import cn.topiam.employee.core.security.authentication.IdpAuthentication;
-import cn.topiam.employee.support.result.ApiRestResult;
-import cn.topiam.employee.support.util.HttpResponseUtils;
-import cn.topiam.employee.support.util.HttpUrlUtils;
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
@@ -31,11 +30,13 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.web.WebAttributes;
 import org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.io.IOException;
-
+import cn.topiam.employee.common.constants.AuthorizeConstants;
+import cn.topiam.employee.common.enums.SecretType;
+import cn.topiam.employee.core.context.ServerContextHelp;
+import cn.topiam.employee.core.security.authentication.IdpAuthentication;
+import cn.topiam.employee.support.result.ApiRestResult;
+import cn.topiam.employee.support.util.HttpResponseUtils;
+import cn.topiam.employee.support.util.HttpUrlUtils;
 import static cn.topiam.employee.support.constant.EiamConstants.*;
 import static cn.topiam.employee.support.context.ServletContextHelp.acceptIncludeTextHtml;
 import static cn.topiam.employee.support.result.ApiRestResult.SUCCESS;
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalLogoutSuccessHandler.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalLogoutSuccessHandler.java
index 2846f92c..873ff506 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalLogoutSuccessHandler.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalLogoutSuccessHandler.java
@@ -17,19 +17,20 @@
  */
 package cn.topiam.employee.portal.handler;
 
-import cn.topiam.employee.core.context.ServerContextHelp;
-import cn.topiam.employee.support.result.ApiRestResult;
-import cn.topiam.employee.support.util.HttpResponseUtils;
-import cn.topiam.employee.support.util.HttpUrlUtils;
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.Authentication;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
+import cn.topiam.employee.core.context.ServerContextHelp;
+import cn.topiam.employee.support.result.ApiRestResult;
+import cn.topiam.employee.support.util.HttpResponseUtils;
+import cn.topiam.employee.support.util.HttpUrlUtils;
 import static cn.topiam.employee.common.constants.AuthorizeConstants.FE_LOGIN;
 import static cn.topiam.employee.support.context.ServletContextHelp.acceptIncludeTextHtml;
 import static cn.topiam.employee.support.result.ApiRestResult.SUCCESS;
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/IdpRedirectParameterMatcher.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/IdpRedirectParameterMatcher.java
index 9e9b15bf..da8ec5c2 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/IdpRedirectParameterMatcher.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/IdpRedirectParameterMatcher.java
@@ -17,15 +17,16 @@
  */
 package cn.topiam.employee.portal.idp;
 
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.security.web.util.matcher.OrRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+
 import cn.topiam.employee.authentication.dingtalk.filter.DingtalkOAuth2AuthorizationRequestRedirectFilter;
 import cn.topiam.employee.authentication.dingtalk.filter.DingtalkScanCodeAuthorizationRequestGetFilter;
 import cn.topiam.employee.authentication.qq.filter.QqOAuth2AuthorizationRequestRedirectFilter;
 import cn.topiam.employee.authentication.wechat.filter.WeChatScanCodeAuthorizationRequestRedirectFilter;
 import cn.topiam.employee.authentication.wechatwork.filter.WeChatWorkScanCodeAuthorizationRequestRedirectFilter;
-import org.springframework.security.web.util.matcher.OrRequestMatcher;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-
-import javax.servlet.http.HttpServletRequest;
 
 /**
  * IDP重定向参数授权请求重定向匹配器
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/IdpAuthenticationConfigurer.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/IdpAuthenticationConfigurer.java
index 9899d851..aa07d9e9 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/IdpAuthenticationConfigurer.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/IdpAuthenticationConfigurer.java
@@ -17,11 +17,6 @@
  */
 package cn.topiam.employee.portal.idp.bind;
 
-import cn.topiam.employee.audit.event.AuditEventPublish;
-import cn.topiam.employee.authentication.common.service.UserIdpService;
-import cn.topiam.employee.common.repository.account.UserIdpRepository;
-import cn.topiam.employee.portal.handler.PortalAuthenticationFailureHandler;
-import cn.topiam.employee.portal.handler.PortalAuthenticationSuccessHandler;
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
 import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
 import org.springframework.security.crypto.password.PasswordEncoder;
@@ -29,6 +24,12 @@ import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationF
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
+import cn.topiam.employee.audit.event.AuditEventPublish;
+import cn.topiam.employee.authentication.common.service.UserIdpService;
+import cn.topiam.employee.common.repository.account.UserIdpRepository;
+import cn.topiam.employee.portal.handler.PortalAuthenticationFailureHandler;
+import cn.topiam.employee.portal.handler.PortalAuthenticationSuccessHandler;
+
 /**
  * IDP Authentication Configurer
  *
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/IdpBindUserAuthenticationFilter.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/IdpBindUserAuthenticationFilter.java
index 3b98e8dc..9b27f9eb 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/IdpBindUserAuthenticationFilter.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/IdpBindUserAuthenticationFilter.java
@@ -17,6 +17,28 @@
  */
 package cn.topiam.employee.portal.idp.bind;
 
+import java.util.Objects;
+import java.util.Optional;
+import java.util.UUID;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.validation.ConstraintViolationException;
+
+import org.springframework.http.HttpMethod;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.util.Assert;
+
+import com.alibaba.fastjson2.JSONObject;
+
 import cn.topiam.employee.audit.enums.EventStatus;
 import cn.topiam.employee.audit.enums.EventType;
 import cn.topiam.employee.audit.event.AuditEventPublish;
@@ -36,27 +58,8 @@ import cn.topiam.employee.support.context.ServletContextHelp;
 import cn.topiam.employee.support.trace.TraceUtils;
 import cn.topiam.employee.support.util.AesUtils;
 import cn.topiam.employee.support.validation.ValidationHelp;
-import com.alibaba.fastjson2.JSONObject;
-import lombok.extern.slf4j.Slf4j;
-import org.springframework.http.HttpMethod;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.util.Assert;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.validation.ConstraintViolationException;
-import java.util.Objects;
-import java.util.Optional;
-import java.util.UUID;
 
+import lombok.extern.slf4j.Slf4j;
 import static cn.topiam.employee.authentication.common.filter.AbstractIdpAuthenticationProcessingFilter.TOPIAM_USER_BIND_IDP;
 import static cn.topiam.employee.common.constants.AuthorizeConstants.USER_BIND_IDP;
 import static cn.topiam.employee.portal.constant.PortalConstants.BIND_ACCOUNT;
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/UserBindIdpException.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/UserBindIdpException.java
index 04216893..a2ed0677 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/UserBindIdpException.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/UserBindIdpException.java
@@ -17,9 +17,10 @@
  */
 package cn.topiam.employee.portal.idp.bind;
 
-import cn.topiam.employee.support.exception.TopIamException;
 import org.springframework.http.HttpStatus;
 
+import cn.topiam.employee.support.exception.TopIamException;
+
 /**
  *
  * @author TopIAM
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalAuthenticationFailureEventListener.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalAuthenticationFailureEventListener.java
index 7c0545d6..6e63d14b 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalAuthenticationFailureEventListener.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalAuthenticationFailureEventListener.java
@@ -17,6 +17,17 @@
  */
 package cn.topiam.employee.portal.listener;
 
+import java.time.LocalDateTime;
+import java.util.Objects;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationListener;
+import org.springframework.lang.NonNull;
+import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
+import org.springframework.util.ObjectUtils;
+
 import cn.topiam.employee.audit.entity.Actor;
 import cn.topiam.employee.audit.enums.EventStatus;
 import cn.topiam.employee.audit.enums.EventType;
@@ -29,17 +40,6 @@ import cn.topiam.employee.common.repository.account.UserRepository;
 import cn.topiam.employee.core.context.SettingContextHelp;
 import cn.topiam.employee.core.security.userdetails.UserDetails;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.context.ApplicationListener;
-import org.springframework.lang.NonNull;
-import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
-import org.springframework.util.ObjectUtils;
-
-import java.time.LocalDateTime;
-import java.util.Objects;
-
 import static cn.topiam.employee.core.context.SettingContextHelp.getLoginFailureDuration;
 import static cn.topiam.employee.core.security.util.SecurityUtils.getFailureMessage;
 
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalAuthenticationSuccessEventListener.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalAuthenticationSuccessEventListener.java
index 5084507e..6e30bc08 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalAuthenticationSuccessEventListener.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalAuthenticationSuccessEventListener.java
@@ -17,6 +17,20 @@
  */
 package cn.topiam.employee.portal.listener;
 
+import java.time.Instant;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.util.List;
+
+import org.springframework.context.ApplicationListener;
+import org.springframework.lang.NonNull;
+import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import com.google.common.collect.Lists;
+
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.EventStatus;
 import cn.topiam.employee.audit.enums.TargetType;
@@ -28,20 +42,8 @@ import cn.topiam.employee.core.security.userdetails.UserDetails;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
 import cn.topiam.employee.support.context.ServletContextHelp;
 import cn.topiam.employee.support.util.IpUtils;
-import com.google.common.collect.Lists;
-import lombok.AllArgsConstructor;
-import org.springframework.context.ApplicationListener;
-import org.springframework.lang.NonNull;
-import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
-import org.springframework.security.core.Authentication;
-import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;
-
-import java.time.Instant;
-import java.time.LocalDateTime;
-import java.time.ZoneId;
-import java.util.List;
 
+import lombok.AllArgsConstructor;
 import static cn.topiam.employee.audit.enums.EventType.LOGIN_PORTAL;
 
 /**
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalLogoutSuccessEventListener.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalLogoutSuccessEventListener.java
index abce61a4..24869bff 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalLogoutSuccessEventListener.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalLogoutSuccessEventListener.java
@@ -17,18 +17,19 @@
  */
 package cn.topiam.employee.portal.listener;
 
-import cn.topiam.employee.audit.entity.Target;
-import cn.topiam.employee.audit.enums.EventStatus;
-import cn.topiam.employee.audit.enums.TargetType;
-import cn.topiam.employee.audit.event.AuditEventPublish;
-import cn.topiam.employee.support.context.ApplicationContextHelp;
-import com.google.common.collect.Lists;
+import java.util.List;
+
 import org.springframework.context.ApplicationListener;
 import org.springframework.lang.NonNull;
 import org.springframework.security.authentication.event.LogoutSuccessEvent;
 
-import java.util.List;
+import com.google.common.collect.Lists;
 
+import cn.topiam.employee.audit.entity.Target;
+import cn.topiam.employee.audit.enums.EventStatus;
+import cn.topiam.employee.audit.enums.TargetType;
+import cn.topiam.employee.audit.event.AuditEventPublish;
+import cn.topiam.employee.support.context.ApplicationContextHelp;
 import static cn.topiam.employee.audit.enums.EventType.LOGOUT_PORTAL;
 
 /**
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalSessionInformationExpiredStrategy.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalSessionInformationExpiredStrategy.java
index 7e9a90a5..8d2d4df6 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalSessionInformationExpiredStrategy.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalSessionInformationExpiredStrategy.java
@@ -17,14 +17,15 @@
  */
 package cn.topiam.employee.portal.listener;
 
-import cn.topiam.employee.support.result.ApiRestResult;
-import cn.topiam.employee.support.util.HttpResponseUtils;
-import com.alibaba.fastjson2.JSONObject;
+import javax.servlet.http.HttpServletResponse;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.security.web.session.SessionInformationExpiredEvent;
 
-import javax.servlet.http.HttpServletResponse;
+import com.alibaba.fastjson2.JSONObject;
 
+import cn.topiam.employee.support.result.ApiRestResult;
+import cn.topiam.employee.support.util.HttpResponseUtils;
 import static cn.topiam.employee.support.exception.enums.ExceptionStatus.EX000203;
 
 /**
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/EmailProviderValidator.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/EmailProviderValidator.java
deleted file mode 100644
index 181daba1..00000000
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/EmailProviderValidator.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * eiam-portal - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package cn.topiam.employee.portal.mfa;
-
-import cn.topiam.employee.core.security.mfa.MfaProviderValidator;
-
-/**
- * Email提供商验证
- *
- * @author TopIAM
- * Created by support@topiam.cn on  2022/7/31 20:50
- */
-public class EmailProviderValidator implements MfaProviderValidator {
-    /**
-     * 验证
-     *
-     * @param code {@link String}
-     */
-    @Override
-    public boolean validate(String code) {
-        return true;
-    }
-}
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/MfaAuthenticationConfigurer.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/MfaAuthenticationConfigurer.java
deleted file mode 100644
index b67615dc..00000000
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/MfaAuthenticationConfigurer.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * eiam-portal - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package cn.topiam.employee.portal.mfa;
-
-import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
-import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-
-import cn.topiam.employee.portal.handler.PortalAuthenticationHandler;
-
-/**
- * Mfa Authentication Configurer
- *
- * @author TopIAM
- * Created by support@topiam.cn on  2021/9/10 22:58
- */
-public final class MfaAuthenticationConfigurer<H extends HttpSecurityBuilder<H>> extends
-                                              AbstractAuthenticationFilterConfigurer<H, MfaAuthenticationConfigurer<H>, MfaAuthenticationFilter> {
-
-    public MfaAuthenticationConfigurer() {
-    }
-
-    /**
-     * Create the {@link RequestMatcher} given a loginProcessingUrl
-     *
-     * @param loginProcessingUrl creates the {@link RequestMatcher} based upon the
-     *                           loginProcessingUrl
-     * @return the {@link RequestMatcher} to use based upon the loginProcessingUrl
-     */
-    @Override
-    protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
-        return new AntPathRequestMatcher(loginProcessingUrl);
-    }
-
-    @Override
-    public void init(H http) throws Exception {
-        //设置登录成功失败处理器
-        super.successHandler(new PortalAuthenticationHandler());
-        super.failureHandler(new PortalAuthenticationHandler());
-        //MFA认证
-        MfaAuthenticationFilter loginAuthenticationFilter = new MfaAuthenticationFilter();
-        this.setAuthenticationFilter(loginAuthenticationFilter);
-        //处理URL
-        super.loginProcessingUrl(MfaAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
-        super.init(http);
-    }
-
-    @Override
-    public void configure(H http) throws Exception {
-        http.addFilterAfter(this.getAuthenticationFilter(),
-            UsernamePasswordAuthenticationFilter.class);
-        super.configure(http);
-    }
-
-    public RequestMatcher getRequestMatcher() {
-        return MfaAuthenticationFilter.getRequestMatcher();
-    }
-}
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/MfaAuthenticationFilter.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/MfaAuthenticationFilter.java
deleted file mode 100644
index 49fe7735..00000000
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/MfaAuthenticationFilter.java
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * eiam-portal - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package cn.topiam.employee.portal.mfa;
-
-import java.io.IOException;
-import java.util.Objects;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.http.HttpMethod;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-
-import cn.topiam.employee.common.entity.account.UserEntity;
-import cn.topiam.employee.common.enums.MessageNoticeChannel;
-import cn.topiam.employee.common.enums.MfaFactor;
-import cn.topiam.employee.core.security.mfa.MfaAuthentication;
-import cn.topiam.employee.core.security.mfa.exception.MfaRequiredException;
-import cn.topiam.employee.core.security.otp.OtpContextHelp;
-import cn.topiam.employee.core.security.util.UserUtils;
-import cn.topiam.employee.portal.mfa.totp.TotpProviderValidator;
-import cn.topiam.employee.support.context.ApplicationContextHelp;
-import static cn.topiam.employee.common.constants.AuthorizeConstants.MFA_VALIDATE;
-import static cn.topiam.employee.common.enums.MfaFactor.SMS_OTP;
-
-/**
- * MFA 认证过滤器
- *
- * @author TopIAM
- * Created by support@topiam.cn on  2022/7/29 22:23
- */
-public class MfaAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
-    private final Logger               logger                        = LoggerFactory
-        .getLogger(MfaAuthenticationFilter.class);
-    public static final String         SPRING_SECURITY_FORM_CODE_KEY = "otp";
-    public static final String         SPRING_SECURITY_FORM_TOTP_KEY = "totp";
-
-    public static final String         SPRING_SECURITY_FORM_TYPE_KEY = "type";
-    public static final String         DEFAULT_FILTER_PROCESSES_URI  = MFA_VALIDATE;
-
-    public static final RequestMatcher MFA_LOGIN_MATCHER             = new AntPathRequestMatcher(
-        DEFAULT_FILTER_PROCESSES_URI, HttpMethod.POST.name());
-
-    protected MfaAuthenticationFilter() {
-        super(MFA_LOGIN_MATCHER);
-    }
-
-    public static RequestMatcher getRequestMatcher() {
-        return MFA_LOGIN_MATCHER;
-    }
-
-    /**
-     * Performs actual authentication.
-     * <p>
-     * The implementation should do one of the following:
-     * <ol>
-     * <li>Return a populated authentication token for the authenticated user, indicating
-     * successful authentication</li>
-     * <li>Return null, indicating that the authentication process is still in progress.
-     * Before returning, the implementation should perform any additional work required to
-     * complete the process.</li>
-     * <li>Throw an <tt>AuthenticationException</tt> if the authentication process
-     * fails</li>
-     * </ol>
-     *
-     * @param request  from which to extract parameters and perform the authentication
-     * @param response the response, which may be needed if the implementation has to do a
-     *                 redirect as part of a multi-stage authentication process (such as OpenID).
-     * @return the authenticated user token, or null if authentication is incomplete.
-     * @throws AuthenticationException if authentication fails.
-     */
-    @Override
-    public Authentication attemptAuthentication(HttpServletRequest request,
-                                                HttpServletResponse response) throws AuthenticationException,
-                                                                              IOException,
-                                                                              ServletException {
-        UserEntity user = UserUtils.getUser();
-        OtpContextHelp bean = ApplicationContextHelp.getBean(OtpContextHelp.class);
-        MfaAuthentication authentication = (MfaAuthentication) SecurityContextHolder.getContext()
-            .getAuthentication();
-        Boolean result = false;
-        //获取类型
-        MfaFactor type = MfaFactor.getType(request.getParameter(SPRING_SECURITY_FORM_TYPE_KEY));
-        if (Objects.isNull(type)) {
-            throw new MfaRequiredException("MFA 类型不存在");
-        }
-        //SMS OPT
-        if (SMS_OTP.equals(type)) {
-            String otp = request.getParameter(SPRING_SECURITY_FORM_CODE_KEY);
-            if (StringUtils.isBlank(otp)) {
-                throw new MfaRequiredException("OTP 参数不存在");
-            }
-            result = bean.checkOtp(type.getCode(), MessageNoticeChannel.SMS, "", otp);
-        }
-        //Mail OPT
-        if (MfaFactor.EMAIL_OTP.equals(type)) {
-            String otp = request.getParameter(SPRING_SECURITY_FORM_CODE_KEY);
-            if (StringUtils.isBlank(otp)) {
-                throw new MfaRequiredException("OTP 参数不存在");
-            }
-            result = bean.checkOtp(type.getCode(), MessageNoticeChannel.MAIL, "", otp);
-        }
-        //TOTP
-        if (MfaFactor.APP_TOTP.equals(type)) {
-            long totp = Long.parseLong(request.getParameter(SPRING_SECURITY_FORM_TOTP_KEY));
-            result = new TotpProviderValidator().validate(String.valueOf(totp));
-        }
-        if (!result) {
-            logger.error("用户ID: [{}] 用户名: [{}]  {} 认证失败", type.getDesc(), user.getId(),
-                user.getUsername());
-            return authentication;
-        }
-        logger.error("用户ID: [{}] 用户名: [{}]  {} 认证成功", type.getDesc(), user.getId(),
-            user.getUsername());
-        //认证成功
-        authentication.setValidated(true);
-        return authentication;
-    }
-}
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/endpoint/MfaFactorsEndpoint.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/endpoint/MfaFactorsEndpoint.java
deleted file mode 100644
index 9c60f69b..00000000
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/endpoint/MfaFactorsEndpoint.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * eiam-portal - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package cn.topiam.employee.portal.mfa.endpoint;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RestController;
-
-import cn.topiam.employee.common.entity.account.UserEntity;
-import cn.topiam.employee.common.enums.MfaFactor;
-import cn.topiam.employee.core.security.util.UserUtils;
-import cn.topiam.employee.portal.pojo.result.LoginMfaFactorResult;
-import cn.topiam.employee.support.result.ApiRestResult;
-import cn.topiam.employee.support.util.DesensitizationUtil;
-
-import lombok.extern.slf4j.Slf4j;
-
-import io.swagger.v3.oas.annotations.tags.Tag;
-import static cn.topiam.employee.common.constants.AuthorizeConstants.LOGIN_MFA_FACTORS;
-import static cn.topiam.employee.core.context.SettingContextHelp.getMfaFactors;
-
-/**
- * MFA 提供类型
- *
- * @author TopIAM
- * Created by support@topiam.cn on  2022/8/13 19:17
- */
-@Tag(name = "MFA 因素")
-@Slf4j
-@RestController
-@RequestMapping(value = LOGIN_MFA_FACTORS, method = RequestMethod.GET)
-public class MfaFactorsEndpoint {
-
-    /**
-     * 获取MFA 提供者
-     *
-     * @return {@link LoginMfaFactorResult}
-     */
-    @GetMapping
-    public ApiRestResult<List<LoginMfaFactorResult>> getLoginMfaFactors() {
-        UserEntity user = UserUtils.getUser();
-        List<LoginMfaFactorResult> list = new ArrayList<>();
-        List<MfaFactor> factors = getMfaFactors();
-        for (MfaFactor provider : factors) {
-            LoginMfaFactorResult result = LoginMfaFactorResult.builder().build();
-            result.setFactor(provider);
-            result.setUsable(false);
-            //sms
-            if (provider.equals(MfaFactor.SMS_OTP) && StringUtils.isNotBlank(user.getPhone())) {
-                result.setTarget(DesensitizationUtil.phoneEncrypt(user.getPhone()));
-                result.setUsable(true);
-            }
-            //otp
-            if (provider.equals(MfaFactor.EMAIL_OTP) && StringUtils.isNotBlank(user.getEmail())) {
-                result.setTarget(DesensitizationUtil.emailEncrypt(user.getEmail()));
-                result.setUsable(true);
-            }
-            //totp
-            if (provider.equals(MfaFactor.APP_TOTP) && user.getTotpBind()) {
-                result.setUsable(true);
-            }
-            list.add(result);
-        }
-        return ApiRestResult.ok(list);
-    }
-}
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/sms/SmsOtpProviderValidator.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/sms/SmsOtpProviderValidator.java
deleted file mode 100644
index 5f5ff2c9..00000000
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/sms/SmsOtpProviderValidator.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * eiam-portal - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package cn.topiam.employee.portal.mfa.sms;
-
-import cn.topiam.employee.core.security.mfa.MfaProviderValidator;
-
-/**
- * OTP 提供商验证
- *
- * @author TopIAM
- * Created by support@topiam.cn on  2022/7/31 20:50
- */
-public class SmsOtpProviderValidator implements MfaProviderValidator {
-    /**
-     * 验证
-     *
-     * @param code {@link String}
-     */
-    @Override
-    public boolean validate(String code) {
-        return true;
-    }
-}
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/totp/TotpProviderValidator.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/totp/TotpProviderValidator.java
deleted file mode 100644
index f96799ff..00000000
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/mfa/totp/TotpProviderValidator.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * eiam-portal - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package cn.topiam.employee.portal.mfa.totp;
-
-import cn.topiam.employee.common.entity.account.UserEntity;
-import cn.topiam.employee.core.security.mfa.MfaProviderValidator;
-import cn.topiam.employee.core.security.mfa.provider.TotpAuthenticator;
-import cn.topiam.employee.core.security.util.UserUtils;
-
-/**
- * Totp 提供商验证
- *
- * @author TopIAM
- * Created by support@topiam.cn on  2022/7/31 20:50
- */
-public class TotpProviderValidator implements MfaProviderValidator {
-    /**
-     * 验证
-     *
-     * @param code {@link String}
-     */
-    @Override
-    public boolean validate(String code) {
-        UserEntity user = UserUtils.getUser();
-        return new TotpAuthenticator().checkCode(user.getSharedSecret(), Long.parseLong(code),
-            System.currentTimeMillis());
-    }
-}
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/query/GetAppListQuery.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/query/GetAppListQuery.java
index f8a5dce2..14997125 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/query/GetAppListQuery.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/query/GetAppListQuery.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.portal.pojo.query;
 
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-import org.springdoc.api.annotations.ParameterObject;
-
 import java.io.Serial;
 import java.io.Serializable;
 
+import org.springdoc.api.annotations.ParameterObject;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 查询应用列表
  *
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/AccountBindIdpRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/AccountBindIdpRequest.java
index d98fe124..56814006 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/AccountBindIdpRequest.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/AccountBindIdpRequest.java
@@ -17,13 +17,15 @@
  */
 package cn.topiam.employee.portal.pojo.request;
 
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serial;
+import java.io.Serializable;
+
+import javax.validation.constraints.NotBlank;
+
 import lombok.AllArgsConstructor;
 import lombok.Data;
 
-import javax.validation.constraints.NotBlank;
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * @author TopIAM
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/BindTotpRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/BindTotpRequest.java
index 4dbc749a..bf77cfe6 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/BindTotpRequest.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/BindTotpRequest.java
@@ -17,14 +17,16 @@
  */
 package cn.topiam.employee.portal.pojo.request;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotNull;
 import java.io.Serial;
 import java.io.Serializable;
 
+import javax.validation.constraints.NotNull;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 绑定MFA入参
  *
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangeEmailRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangeEmailRequest.java
index 585bedbf..2831d6e8 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangeEmailRequest.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangeEmailRequest.java
@@ -17,14 +17,16 @@
  */
 package cn.topiam.employee.portal.pojo.request;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotEmpty;
 import java.io.Serial;
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 更改电子邮件入参
  *
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangePasswordRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangePasswordRequest.java
index 580c87bd..0425ec29 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangePasswordRequest.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangePasswordRequest.java
@@ -17,14 +17,16 @@
  */
 package cn.topiam.employee.portal.pojo.request;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotEmpty;
 import java.io.Serial;
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 更改密码入参
  *
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangePhoneRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangePhoneRequest.java
index 01e555a2..64df4011 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangePhoneRequest.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangePhoneRequest.java
@@ -17,14 +17,16 @@
  */
 package cn.topiam.employee.portal.pojo.request;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotEmpty;
 import java.io.Serial;
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 更改手机号入参
  *
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareBindTotpRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareBindTotpRequest.java
index 49db931b..20cc02bf 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareBindTotpRequest.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareBindTotpRequest.java
@@ -17,14 +17,16 @@
  */
 package cn.topiam.employee.portal.pojo.request;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotEmpty;
 import java.io.Serial;
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 准备绑定MFA入参
  *
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareChangeEmailRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareChangeEmailRequest.java
index 1e0003bd..a4f70550 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareChangeEmailRequest.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareChangeEmailRequest.java
@@ -17,14 +17,16 @@
  */
 package cn.topiam.employee.portal.pojo.request;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotEmpty;
 import java.io.Serial;
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  *
  * @author TopIAM
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareChangePhoneRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareChangePhoneRequest.java
index 81f57667..794e45d7 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareChangePhoneRequest.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareChangePhoneRequest.java
@@ -17,14 +17,16 @@
  */
 package cn.topiam.employee.portal.pojo.request;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-import javax.validation.constraints.NotEmpty;
 import java.io.Serial;
 import java.io.Serializable;
 
+import javax.validation.constraints.NotEmpty;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  *准备更改手机号入参
  *
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/UpdateUserInfoRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/UpdateUserInfoRequest.java
index 151fe726..3887a861 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/UpdateUserInfoRequest.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/UpdateUserInfoRequest.java
@@ -17,12 +17,13 @@
  */
 package cn.topiam.employee.portal.pojo.request;
 
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
 import java.io.Serial;
 import java.io.Serializable;
 
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
 /**
  * 编辑用户入参
  *
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/GetAppListResult.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/GetAppListResult.java
index 6377de24..a9885a6e 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/GetAppListResult.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/GetAppListResult.java
@@ -17,15 +17,17 @@
  */
 package cn.topiam.employee.portal.pojo.result;
 
+import java.io.Serial;
+import java.io.Serializable;
+
 import cn.topiam.employee.common.enums.app.AppProtocol;
 import cn.topiam.employee.common.enums.app.AppType;
 import cn.topiam.employee.common.enums.app.InitLoginType;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Data;
 
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * 获取应用列表
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/LoginConfigResult.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/LoginConfigResult.java
index cebd729c..6369dd25 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/LoginConfigResult.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/LoginConfigResult.java
@@ -17,15 +17,17 @@
  */
 package cn.topiam.employee.portal.pojo.result;
 
+import java.io.Serial;
+import java.io.Serializable;
+import java.util.List;
+
 import cn.topiam.employee.common.enums.CaptchaProviderType;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+
 import lombok.Builder;
 import lombok.Data;
 
-import java.io.Serial;
-import java.io.Serializable;
-import java.util.List;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  * LoginConfigResult
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/PrepareBindMfaResult.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/PrepareBindMfaResult.java
index 43a50718..09f38dd2 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/PrepareBindMfaResult.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/PrepareBindMfaResult.java
@@ -17,13 +17,14 @@
  */
 package cn.topiam.employee.portal.pojo.result;
 
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.media.Schema;
+import java.io.Serial;
+import java.io.Serializable;
+
 import lombok.Builder;
 import lombok.Data;
 
-import java.io.Serial;
-import java.io.Serializable;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
 
 /**
  *  准备绑定TOTP 结果
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AccountServiceImpl.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AccountServiceImpl.java
index 60d3c433..ef08cbab 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AccountServiceImpl.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AccountServiceImpl.java
@@ -17,6 +17,22 @@
  */
 package cn.topiam.employee.portal.service.impl;
 
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.Optional;
+import java.util.concurrent.Executor;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.scheduling.annotation.AsyncConfigurer;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.session.Session;
+import org.springframework.session.security.SpringSessionBackedSessionRegistry;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
 import cn.topiam.employee.common.entity.account.UserDetailEntity;
 import cn.topiam.employee.common.entity.account.UserEntity;
 import cn.topiam.employee.common.enums.MailType;
@@ -41,23 +57,8 @@ import cn.topiam.employee.portal.service.AccountService;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
 import cn.topiam.employee.support.context.ServletContextHelp;
 import cn.topiam.employee.support.util.BeanUtils;
-import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.scheduling.annotation.AsyncConfigurer;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.session.Session;
-import org.springframework.session.security.SpringSessionBackedSessionRegistry;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.time.LocalDateTime;
-import java.util.List;
-import java.util.Optional;
-import java.util.concurrent.Executor;
 
+import lombok.extern.slf4j.Slf4j;
 import static cn.topiam.employee.support.constant.EiamConstants.TOPIAM_BIND_MFA_SECRET;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY;
 import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME;
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AppServiceImpl.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AppServiceImpl.java
index 3c73b7f6..2f61637c 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AppServiceImpl.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AppServiceImpl.java
@@ -17,6 +17,9 @@
  */
 package cn.topiam.employee.portal.service.impl;
 
+import org.springframework.data.querydsl.QPageRequest;
+import org.springframework.stereotype.Service;
+
 import cn.topiam.employee.common.entity.app.AppEntity;
 import cn.topiam.employee.common.repository.app.AppRepository;
 import cn.topiam.employee.core.security.util.SecurityUtils;
@@ -26,8 +29,6 @@ import cn.topiam.employee.portal.pojo.result.GetAppListResult;
 import cn.topiam.employee.portal.service.AppService;
 import cn.topiam.employee.support.repository.page.domain.Page;
 import cn.topiam.employee.support.repository.page.domain.PageModel;
-import org.springframework.data.querydsl.QPageRequest;
-import org.springframework.stereotype.Service;
 
 /**
  * AppService
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/LoginConfigServiceImpl.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/LoginConfigServiceImpl.java
index 5373ea4a..7726136a 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/LoginConfigServiceImpl.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/LoginConfigServiceImpl.java
@@ -17,6 +17,11 @@
  */
 package cn.topiam.employee.portal.service.impl;
 
+import java.util.List;
+import java.util.Objects;
+
+import org.springframework.stereotype.Service;
+
 import cn.topiam.employee.authentication.captcha.geetest.GeeTestCaptchaProviderConfig;
 import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity;
 import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
@@ -25,12 +30,8 @@ import cn.topiam.employee.core.security.captcha.CaptchaProviderConfig;
 import cn.topiam.employee.portal.converter.LoginConfigConverter;
 import cn.topiam.employee.portal.pojo.result.LoginConfigResult;
 import cn.topiam.employee.portal.service.LoginConfigService;
-import lombok.AllArgsConstructor;
-import org.springframework.stereotype.Service;
-
-import java.util.List;
-import java.util.Objects;
 
+import lombok.AllArgsConstructor;
 import static cn.topiam.employee.common.enums.CaptchaProviderType.GEE_TEST;
 import static cn.topiam.employee.core.context.SettingContextHelp.getCaptchaProviderConfig;
 
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/UserIdpServiceImpl.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/UserIdpServiceImpl.java
index 76bc3323..3619bd6b 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/UserIdpServiceImpl.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/UserIdpServiceImpl.java
@@ -17,6 +17,13 @@
  */
 package cn.topiam.employee.portal.service.impl;
 
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Optional;
+
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.stereotype.Component;
+
 import cn.topiam.employee.authentication.common.modal.IdpUser;
 import cn.topiam.employee.authentication.common.service.UserIdpService;
 import cn.topiam.employee.common.entity.account.UserDetailEntity;
@@ -32,14 +39,9 @@ import cn.topiam.employee.core.security.userdetails.UserDetails;
 import cn.topiam.employee.portal.converter.AccountConverter;
 import cn.topiam.employee.portal.service.userdetail.UserDetailsServiceImpl;
 import cn.topiam.employee.support.exception.TopIamException;
+
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.stereotype.Component;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Optional;
 
 /**
  * 身份验证用户详细信息实现
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/userdetail/UserDetailsServiceImpl.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/userdetail/UserDetailsServiceImpl.java
index 5a978728..a012c8ff 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/userdetail/UserDetailsServiceImpl.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/userdetail/UserDetailsServiceImpl.java
@@ -17,6 +17,18 @@
  */
 package cn.topiam.employee.portal.service.userdetail;
 
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Optional;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.AccountExpiredException;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Component;
+import org.springframework.util.ObjectUtils;
+
 import cn.topiam.employee.common.entity.account.UserDetailEntity;
 import cn.topiam.employee.common.entity.account.UserEntity;
 import cn.topiam.employee.common.enums.UserStatus;
@@ -26,17 +38,6 @@ import cn.topiam.employee.common.repository.account.UserRepository;
 import cn.topiam.employee.core.security.authorization.Roles;
 import cn.topiam.employee.core.security.userdetails.UserDetails;
 import cn.topiam.employee.core.security.userdetails.UserDetailsService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.authentication.AccountExpiredException;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.stereotype.Component;
-import org.springframework.util.ObjectUtils;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Optional;
 
 /**
  * UserDetailsServiceImpl
diff --git a/eiam-protocol/eiam-protocol-cas/src/main/java/cn/topiam/employee/protocol/cas/idp/endpoint/Cas10IdpValidateEndpointFilter.java b/eiam-protocol/eiam-protocol-cas/src/main/java/cn/topiam/employee/protocol/cas/idp/endpoint/Cas10IdpValidateEndpointFilter.java
index f0473d33..393c4cc6 100644
--- a/eiam-protocol/eiam-protocol-cas/src/main/java/cn/topiam/employee/protocol/cas/idp/endpoint/Cas10IdpValidateEndpointFilter.java
+++ b/eiam-protocol/eiam-protocol-cas/src/main/java/cn/topiam/employee/protocol/cas/idp/endpoint/Cas10IdpValidateEndpointFilter.java
@@ -91,7 +91,7 @@ public class Cas10IdpValidateEndpointFilter extends OncePerRequestFilter impleme
             } else {
                 UserDetails userDetails = serviceTicket.getTicketGrantingTicket().getUserDetails();
                 // TODO: 2023/1/2 根据配置返回额外的属性配置
-                generator.genSucceedMessage(userDetails.getUsername(), new HashMap<>(16));
+                generator.genSucceedMessage(userDetails.getUsername(), new HashMap<>());
             }
             generator.sendMessage();
         }
diff --git a/eiam-protocol/eiam-protocol-cas/src/main/java/cn/topiam/employee/protocol/cas/idp/endpoint/Cas30IdpValidateEndpointFilter.java b/eiam-protocol/eiam-protocol-cas/src/main/java/cn/topiam/employee/protocol/cas/idp/endpoint/Cas30IdpValidateEndpointFilter.java
index e3373c7f..640fd9c0 100644
--- a/eiam-protocol/eiam-protocol-cas/src/main/java/cn/topiam/employee/protocol/cas/idp/endpoint/Cas30IdpValidateEndpointFilter.java
+++ b/eiam-protocol/eiam-protocol-cas/src/main/java/cn/topiam/employee/protocol/cas/idp/endpoint/Cas30IdpValidateEndpointFilter.java
@@ -110,7 +110,7 @@ public class Cas30IdpValidateEndpointFilter extends OncePerRequestFilter impleme
             } else {
                 UserDetails userDetails = serviceTicket.getTicketGrantingTicket().getUserDetails();
                 // TODO: 2023/1/2 Cas30需要根据配置返回额外的属性配置
-                generator.genSucceedMessage(userDetails.getUsername(), new HashMap<>(16));
+                generator.genSucceedMessage(userDetails.getUsername(), new HashMap<>());
             }
             generator.sendMessage();
         }
diff --git a/eiam-protocol/eiam-protocol-cas/src/main/java/cn/topiam/employee/protocol/cas/idp/endpoint/CasIdpSingleSignOnEndpointFilter.java b/eiam-protocol/eiam-protocol-cas/src/main/java/cn/topiam/employee/protocol/cas/idp/endpoint/CasIdpSingleSignOnEndpointFilter.java
index 4fa55834..ad4b0cb8 100644
--- a/eiam-protocol/eiam-protocol-cas/src/main/java/cn/topiam/employee/protocol/cas/idp/endpoint/CasIdpSingleSignOnEndpointFilter.java
+++ b/eiam-protocol/eiam-protocol-cas/src/main/java/cn/topiam/employee/protocol/cas/idp/endpoint/CasIdpSingleSignOnEndpointFilter.java
@@ -38,12 +38,12 @@ import org.springframework.web.util.UriComponentsBuilder;
 
 import cn.topiam.employee.application.ApplicationService;
 import cn.topiam.employee.application.ApplicationServiceLoader;
-import cn.topiam.employee.application.CasApplicationService;
+import cn.topiam.employee.application.cas.CasApplicationService;
+import cn.topiam.employee.application.cas.model.CasSsoModel;
 import cn.topiam.employee.application.context.ApplicationContext;
 import cn.topiam.employee.application.context.ApplicationContextHolder;
 import cn.topiam.employee.common.constants.ProtocolConstants;
 import cn.topiam.employee.core.context.ServerContextHelp;
-import cn.topiam.employee.core.protocol.CasSsoModel;
 import cn.topiam.employee.core.security.savedredirect.HttpSessionRedirectCache;
 import cn.topiam.employee.core.security.savedredirect.RedirectCache;
 import cn.topiam.employee.core.security.util.SecurityUtils;
@@ -125,7 +125,7 @@ public class CasIdpSingleSignOnEndpointFilter extends OncePerRequestFilter
             ServiceTicket serviceTicket = centralAuthenticationService
                 .grantServiceTicket(ticketGrantingTicket.getId(), service);
 
-            response.sendRedirect(UriComponentsBuilder.fromHttpUrl(ssoModel.getSsoCallbackUrl())
+            response.sendRedirect(UriComponentsBuilder.fromHttpUrl(ssoModel.getClientServiceUrl())
                 .queryParam(TICKET, serviceTicket.getId()).build().toString());
         }
         filterChain.doFilter(request, response);
diff --git a/eiam-protocol/eiam-protocol-cas/src/main/resources/templates/form_redirect.ftlh b/eiam-protocol/eiam-protocol-cas/src/main/resources/templates/form_redirect.ftlh
deleted file mode 100644
index 2f480981..00000000
--- a/eiam-protocol/eiam-protocol-cas/src/main/resources/templates/form_redirect.ftlh
+++ /dev/null
@@ -1,198 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <title>Redirect - TopIAM</title>
-    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
-    <meta name="robots" content="noindex, nofollow, nocache, noarchive"/>
-    <meta
-            name="viewport"
-            content="width=device-width,initial-scale=1,maximum-scale=1,minimum-scale=1,user-scalable=no"
-    />
-</head>
-<style>
-    html,
-    body,
-    #root {
-        height: 100%;
-        margin: 0;
-        padding: 0;
-    }
-
-    #root {
-        background-repeat: no-repeat;
-        background-size: 100% auto;
-    }
-
-    .page-loading-warp {
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        padding: 98px;
-    }
-
-    .ant-spin {
-        position: absolute;
-        display: none;
-        -webkit-box-sizing: border-box;
-        box-sizing: border-box;
-        margin: 0;
-        padding: 0;
-        color: rgba(0, 0, 0, 0.65);
-        color: #1890ff;
-        font-size: 14px;
-        font-variant: tabular-nums;
-        line-height: 1.5;
-        text-align: center;
-        list-style: none;
-        opacity: 0;
-        -webkit-transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        -webkit-font-feature-settings: 'tnum';
-        font-feature-settings: 'tnum';
-    }
-
-    .ant-spin-spinning {
-        position: static;
-        display: inline-block;
-        opacity: 1;
-    }
-
-    .ant-spin-dot {
-        position: relative;
-        display: inline-block;
-        width: 20px;
-        height: 20px;
-        font-size: 20px;
-    }
-
-    .ant-spin-dot-item {
-        position: absolute;
-        display: block;
-        width: 9px;
-        height: 9px;
-        background-color: #1890ff;
-        border-radius: 100%;
-        -webkit-transform: scale(0.75);
-        -ms-transform: scale(0.75);
-        transform: scale(0.75);
-        -webkit-transform-origin: 50% 50%;
-        -ms-transform-origin: 50% 50%;
-        transform-origin: 50% 50%;
-        opacity: 0.3;
-        -webkit-animation: antspinmove 1s infinite linear alternate;
-        animation: antSpinMove 1s infinite linear alternate;
-    }
-
-    .ant-spin-dot-item:nth-child(1) {
-        top: 0;
-        left: 0;
-    }
-
-    .ant-spin-dot-item:nth-child(2) {
-        top: 0;
-        right: 0;
-        -webkit-animation-delay: 0.4s;
-        animation-delay: 0.4s;
-    }
-
-    .ant-spin-dot-item:nth-child(3) {
-        right: 0;
-        bottom: 0;
-        -webkit-animation-delay: 0.8s;
-        animation-delay: 0.8s;
-    }
-
-    .ant-spin-dot-item:nth-child(4) {
-        bottom: 0;
-        left: 0;
-        -webkit-animation-delay: 1.2s;
-        animation-delay: 1.2s;
-    }
-
-    .ant-spin-dot-spin {
-        -webkit-transform: rotate(45deg);
-        -ms-transform: rotate(45deg);
-        transform: rotate(45deg);
-        -webkit-animation: antrotate 1.2s infinite linear;
-        animation: antRotate 1.2s infinite linear;
-    }
-
-    .ant-spin-lg .ant-spin-dot {
-        width: 32px;
-        height: 32px;
-        font-size: 32px;
-    }
-
-    .ant-spin-lg .ant-spin-dot i {
-        width: 14px;
-        height: 14px;
-    }
-
-    @media all and (-ms-high-contrast: none), (-ms-high-contrast: active) {
-        .ant-spin-blur {
-            background: #fff;
-            opacity: 0.5;
-        }
-    }
-
-    @-webkit-keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @-webkit-keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-
-    @keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-</style>
-<body>
-<noscript>
-    <p>
-        <strong>Note:</strong> Since your browser does not support JavaScript, you must press the
-        Continue button once to proceed.
-    </p>
-</noscript>
-<div id="root">
-    <div
-            style="
-          display: flex;
-          flex-direction: column;
-          align-items: center;
-          justify-content: center;
-          height: 100%;
-          min-height: 420px;
-        "
-    >
-        <div class="page-loading-warp">
-            <div class="ant-spin ant-spin-lg ant-spin-spinning">
-            <span class="ant-spin-dot ant-spin-dot-spin">
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-            </span>
-            </div>
-        </div>
-    </div>
-</div>
-<script type="text/javascript" nonce="${nonce}">
-
-</script>
-</body>
-</html>
diff --git a/eiam-protocol/eiam-protocol-cas/src/main/resources/templates/jwt_redirect.ftlh b/eiam-protocol/eiam-protocol-cas/src/main/resources/templates/jwt_redirect.ftlh
deleted file mode 100644
index b802a686..00000000
--- a/eiam-protocol/eiam-protocol-cas/src/main/resources/templates/jwt_redirect.ftlh
+++ /dev/null
@@ -1,198 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <title>Redirecting - TopIAM</title>
-    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
-    <meta name="robots" content="noindex, nofollow, nocache, noarchive"/>
-    <meta
-            name="viewport"
-            content="width=device-width,initial-scale=1,maximum-scale=1,minimum-scale=1,user-scalable=no"
-    />
-</head>
-<style>
-    html,
-    body,
-    #root {
-        height: 100%;
-        margin: 0;
-        padding: 0;
-    }
-
-    #root {
-        background-repeat: no-repeat;
-        background-size: 100% auto;
-    }
-
-    .page-loading-warp {
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        padding: 98px;
-    }
-
-    .ant-spin {
-        position: absolute;
-        display: none;
-        -webkit-box-sizing: border-box;
-        box-sizing: border-box;
-        margin: 0;
-        padding: 0;
-        color: rgba(0, 0, 0, 0.65);
-        color: #1890ff;
-        font-size: 14px;
-        font-variant: tabular-nums;
-        line-height: 1.5;
-        text-align: center;
-        list-style: none;
-        opacity: 0;
-        -webkit-transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        -webkit-font-feature-settings: 'tnum';
-        font-feature-settings: 'tnum';
-    }
-
-    .ant-spin-spinning {
-        position: static;
-        display: inline-block;
-        opacity: 1;
-    }
-
-    .ant-spin-dot {
-        position: relative;
-        display: inline-block;
-        width: 20px;
-        height: 20px;
-        font-size: 20px;
-    }
-
-    .ant-spin-dot-item {
-        position: absolute;
-        display: block;
-        width: 9px;
-        height: 9px;
-        background-color: #1890ff;
-        border-radius: 100%;
-        -webkit-transform: scale(0.75);
-        -ms-transform: scale(0.75);
-        transform: scale(0.75);
-        -webkit-transform-origin: 50% 50%;
-        -ms-transform-origin: 50% 50%;
-        transform-origin: 50% 50%;
-        opacity: 0.3;
-        -webkit-animation: antspinmove 1s infinite linear alternate;
-        animation: antSpinMove 1s infinite linear alternate;
-    }
-
-    .ant-spin-dot-item:nth-child(1) {
-        top: 0;
-        left: 0;
-    }
-
-    .ant-spin-dot-item:nth-child(2) {
-        top: 0;
-        right: 0;
-        -webkit-animation-delay: 0.4s;
-        animation-delay: 0.4s;
-    }
-
-    .ant-spin-dot-item:nth-child(3) {
-        right: 0;
-        bottom: 0;
-        -webkit-animation-delay: 0.8s;
-        animation-delay: 0.8s;
-    }
-
-    .ant-spin-dot-item:nth-child(4) {
-        bottom: 0;
-        left: 0;
-        -webkit-animation-delay: 1.2s;
-        animation-delay: 1.2s;
-    }
-
-    .ant-spin-dot-spin {
-        -webkit-transform: rotate(45deg);
-        -ms-transform: rotate(45deg);
-        transform: rotate(45deg);
-        -webkit-animation: antrotate 1.2s infinite linear;
-        animation: antRotate 1.2s infinite linear;
-    }
-
-    .ant-spin-lg .ant-spin-dot {
-        width: 32px;
-        height: 32px;
-        font-size: 32px;
-    }
-
-    .ant-spin-lg .ant-spin-dot i {
-        width: 14px;
-        height: 14px;
-    }
-
-    @media all and (-ms-high-contrast: none), (-ms-high-contrast: active) {
-        .ant-spin-blur {
-            background: #fff;
-            opacity: 0.5;
-        }
-    }
-
-    @-webkit-keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @-webkit-keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-
-    @keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-</style>
-<body>
-<noscript>
-    <p>
-        <strong>Note:</strong> Since your browser does not support JavaScript, you must press the
-        Continue button once to proceed.
-    </p>
-</noscript>
-<div id="root">
-    <div
-            style="
-          display: flex;
-          flex-direction: column;
-          align-items: center;
-          justify-content: center;
-          height: 100%;
-          min-height: 420px;
-        "
-    >
-        <div class="page-loading-warp">
-            <div class="ant-spin ant-spin-lg ant-spin-spinning">
-            <span class="ant-spin-dot ant-spin-dot-spin">
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-            </span>
-            </div>
-        </div>
-    </div>
-</div>
-<script type="text/javascript" nonce="${nonce}">
-
-</script>
-</body>
-</html>
diff --git a/eiam-protocol/eiam-protocol-core/src/main/java/cn/topiam/employee/protocol/cas/util/ProtocolUtils.java b/eiam-protocol/eiam-protocol-core/src/main/java/cn/topiam/employee/protocol/cas/util/ProtocolUtils.java
new file mode 100644
index 00000000..032a593e
--- /dev/null
+++ b/eiam-protocol/eiam-protocol-core/src/main/java/cn/topiam/employee/protocol/cas/util/ProtocolUtils.java
@@ -0,0 +1,45 @@
+/*
+ * eiam-protocol-core - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.protocol.cas.util;
+
+import org.springframework.context.ApplicationContext;
+import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
+
+import cn.topiam.employee.application.ApplicationServiceLoader;
+
+/**
+ *
+ * @author SanLi
+ * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on  2022/12/21 16:35
+ */
+public class ProtocolUtils {
+
+    public static <B extends HttpSecurityBuilder<B>> ApplicationServiceLoader getApplicationServiceLoader(B builder) {
+        ApplicationServiceLoader applicationServiceLoader = builder
+            .getSharedObject(ApplicationServiceLoader.class);
+        if (applicationServiceLoader == null) {
+            applicationServiceLoader = getBean(builder, ApplicationServiceLoader.class);
+            builder.setSharedObject(ApplicationServiceLoader.class, applicationServiceLoader);
+        }
+        return applicationServiceLoader;
+    }
+
+    public static <B extends HttpSecurityBuilder<B>, T> T getBean(B builder, Class<T> type) {
+        return builder.getSharedObject(ApplicationContext.class).getBean(type);
+    }
+}
diff --git a/eiam-protocol/eiam-protocol-core/src/main/resources/templates/form_redirect.ftlh b/eiam-protocol/eiam-protocol-core/src/main/resources/templates/form_redirect.ftlh
deleted file mode 100644
index 2f480981..00000000
--- a/eiam-protocol/eiam-protocol-core/src/main/resources/templates/form_redirect.ftlh
+++ /dev/null
@@ -1,198 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <title>Redirect - TopIAM</title>
-    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
-    <meta name="robots" content="noindex, nofollow, nocache, noarchive"/>
-    <meta
-            name="viewport"
-            content="width=device-width,initial-scale=1,maximum-scale=1,minimum-scale=1,user-scalable=no"
-    />
-</head>
-<style>
-    html,
-    body,
-    #root {
-        height: 100%;
-        margin: 0;
-        padding: 0;
-    }
-
-    #root {
-        background-repeat: no-repeat;
-        background-size: 100% auto;
-    }
-
-    .page-loading-warp {
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        padding: 98px;
-    }
-
-    .ant-spin {
-        position: absolute;
-        display: none;
-        -webkit-box-sizing: border-box;
-        box-sizing: border-box;
-        margin: 0;
-        padding: 0;
-        color: rgba(0, 0, 0, 0.65);
-        color: #1890ff;
-        font-size: 14px;
-        font-variant: tabular-nums;
-        line-height: 1.5;
-        text-align: center;
-        list-style: none;
-        opacity: 0;
-        -webkit-transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        -webkit-font-feature-settings: 'tnum';
-        font-feature-settings: 'tnum';
-    }
-
-    .ant-spin-spinning {
-        position: static;
-        display: inline-block;
-        opacity: 1;
-    }
-
-    .ant-spin-dot {
-        position: relative;
-        display: inline-block;
-        width: 20px;
-        height: 20px;
-        font-size: 20px;
-    }
-
-    .ant-spin-dot-item {
-        position: absolute;
-        display: block;
-        width: 9px;
-        height: 9px;
-        background-color: #1890ff;
-        border-radius: 100%;
-        -webkit-transform: scale(0.75);
-        -ms-transform: scale(0.75);
-        transform: scale(0.75);
-        -webkit-transform-origin: 50% 50%;
-        -ms-transform-origin: 50% 50%;
-        transform-origin: 50% 50%;
-        opacity: 0.3;
-        -webkit-animation: antspinmove 1s infinite linear alternate;
-        animation: antSpinMove 1s infinite linear alternate;
-    }
-
-    .ant-spin-dot-item:nth-child(1) {
-        top: 0;
-        left: 0;
-    }
-
-    .ant-spin-dot-item:nth-child(2) {
-        top: 0;
-        right: 0;
-        -webkit-animation-delay: 0.4s;
-        animation-delay: 0.4s;
-    }
-
-    .ant-spin-dot-item:nth-child(3) {
-        right: 0;
-        bottom: 0;
-        -webkit-animation-delay: 0.8s;
-        animation-delay: 0.8s;
-    }
-
-    .ant-spin-dot-item:nth-child(4) {
-        bottom: 0;
-        left: 0;
-        -webkit-animation-delay: 1.2s;
-        animation-delay: 1.2s;
-    }
-
-    .ant-spin-dot-spin {
-        -webkit-transform: rotate(45deg);
-        -ms-transform: rotate(45deg);
-        transform: rotate(45deg);
-        -webkit-animation: antrotate 1.2s infinite linear;
-        animation: antRotate 1.2s infinite linear;
-    }
-
-    .ant-spin-lg .ant-spin-dot {
-        width: 32px;
-        height: 32px;
-        font-size: 32px;
-    }
-
-    .ant-spin-lg .ant-spin-dot i {
-        width: 14px;
-        height: 14px;
-    }
-
-    @media all and (-ms-high-contrast: none), (-ms-high-contrast: active) {
-        .ant-spin-blur {
-            background: #fff;
-            opacity: 0.5;
-        }
-    }
-
-    @-webkit-keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @-webkit-keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-
-    @keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-</style>
-<body>
-<noscript>
-    <p>
-        <strong>Note:</strong> Since your browser does not support JavaScript, you must press the
-        Continue button once to proceed.
-    </p>
-</noscript>
-<div id="root">
-    <div
-            style="
-          display: flex;
-          flex-direction: column;
-          align-items: center;
-          justify-content: center;
-          height: 100%;
-          min-height: 420px;
-        "
-    >
-        <div class="page-loading-warp">
-            <div class="ant-spin ant-spin-lg ant-spin-spinning">
-            <span class="ant-spin-dot ant-spin-dot-spin">
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-            </span>
-            </div>
-        </div>
-    </div>
-</div>
-<script type="text/javascript" nonce="${nonce}">
-
-</script>
-</body>
-</html>
diff --git a/eiam-protocol/eiam-protocol-core/src/main/resources/templates/jwt_redirect.ftlh b/eiam-protocol/eiam-protocol-core/src/main/resources/templates/jwt_redirect.ftlh
deleted file mode 100644
index b802a686..00000000
--- a/eiam-protocol/eiam-protocol-core/src/main/resources/templates/jwt_redirect.ftlh
+++ /dev/null
@@ -1,198 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <title>Redirecting - TopIAM</title>
-    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
-    <meta name="robots" content="noindex, nofollow, nocache, noarchive"/>
-    <meta
-            name="viewport"
-            content="width=device-width,initial-scale=1,maximum-scale=1,minimum-scale=1,user-scalable=no"
-    />
-</head>
-<style>
-    html,
-    body,
-    #root {
-        height: 100%;
-        margin: 0;
-        padding: 0;
-    }
-
-    #root {
-        background-repeat: no-repeat;
-        background-size: 100% auto;
-    }
-
-    .page-loading-warp {
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        padding: 98px;
-    }
-
-    .ant-spin {
-        position: absolute;
-        display: none;
-        -webkit-box-sizing: border-box;
-        box-sizing: border-box;
-        margin: 0;
-        padding: 0;
-        color: rgba(0, 0, 0, 0.65);
-        color: #1890ff;
-        font-size: 14px;
-        font-variant: tabular-nums;
-        line-height: 1.5;
-        text-align: center;
-        list-style: none;
-        opacity: 0;
-        -webkit-transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        -webkit-font-feature-settings: 'tnum';
-        font-feature-settings: 'tnum';
-    }
-
-    .ant-spin-spinning {
-        position: static;
-        display: inline-block;
-        opacity: 1;
-    }
-
-    .ant-spin-dot {
-        position: relative;
-        display: inline-block;
-        width: 20px;
-        height: 20px;
-        font-size: 20px;
-    }
-
-    .ant-spin-dot-item {
-        position: absolute;
-        display: block;
-        width: 9px;
-        height: 9px;
-        background-color: #1890ff;
-        border-radius: 100%;
-        -webkit-transform: scale(0.75);
-        -ms-transform: scale(0.75);
-        transform: scale(0.75);
-        -webkit-transform-origin: 50% 50%;
-        -ms-transform-origin: 50% 50%;
-        transform-origin: 50% 50%;
-        opacity: 0.3;
-        -webkit-animation: antspinmove 1s infinite linear alternate;
-        animation: antSpinMove 1s infinite linear alternate;
-    }
-
-    .ant-spin-dot-item:nth-child(1) {
-        top: 0;
-        left: 0;
-    }
-
-    .ant-spin-dot-item:nth-child(2) {
-        top: 0;
-        right: 0;
-        -webkit-animation-delay: 0.4s;
-        animation-delay: 0.4s;
-    }
-
-    .ant-spin-dot-item:nth-child(3) {
-        right: 0;
-        bottom: 0;
-        -webkit-animation-delay: 0.8s;
-        animation-delay: 0.8s;
-    }
-
-    .ant-spin-dot-item:nth-child(4) {
-        bottom: 0;
-        left: 0;
-        -webkit-animation-delay: 1.2s;
-        animation-delay: 1.2s;
-    }
-
-    .ant-spin-dot-spin {
-        -webkit-transform: rotate(45deg);
-        -ms-transform: rotate(45deg);
-        transform: rotate(45deg);
-        -webkit-animation: antrotate 1.2s infinite linear;
-        animation: antRotate 1.2s infinite linear;
-    }
-
-    .ant-spin-lg .ant-spin-dot {
-        width: 32px;
-        height: 32px;
-        font-size: 32px;
-    }
-
-    .ant-spin-lg .ant-spin-dot i {
-        width: 14px;
-        height: 14px;
-    }
-
-    @media all and (-ms-high-contrast: none), (-ms-high-contrast: active) {
-        .ant-spin-blur {
-            background: #fff;
-            opacity: 0.5;
-        }
-    }
-
-    @-webkit-keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @-webkit-keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-
-    @keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-</style>
-<body>
-<noscript>
-    <p>
-        <strong>Note:</strong> Since your browser does not support JavaScript, you must press the
-        Continue button once to proceed.
-    </p>
-</noscript>
-<div id="root">
-    <div
-            style="
-          display: flex;
-          flex-direction: column;
-          align-items: center;
-          justify-content: center;
-          height: 100%;
-          min-height: 420px;
-        "
-    >
-        <div class="page-loading-warp">
-            <div class="ant-spin ant-spin-lg ant-spin-spinning">
-            <span class="ant-spin-dot ant-spin-dot-spin">
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-            </span>
-            </div>
-        </div>
-    </div>
-</div>
-<script type="text/javascript" nonce="${nonce}">
-
-</script>
-</body>
-</html>
diff --git a/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/FormInitSingleSignOnEndpoint.java b/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/FormInitSingleSignOnEndpoint.java
deleted file mode 100644
index c1a83899..00000000
--- a/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/FormInitSingleSignOnEndpoint.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * eiam-protocol-form - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package cn.topiam.employee.protocol.form;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Controller;
-import org.springframework.util.AlternativeJdkIdGenerator;
-import org.springframework.util.IdGenerator;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.servlet.ModelAndView;
-
-import lombok.AllArgsConstructor;
-import static cn.topiam.employee.protocol.form.constant.ProtocolConstants.IDP_FORM_SSO_INITIATOR;
-
-/**
- * Form 单点登陆
- *
- * @author TopIAM
- * Created by support@topiam.cn on  2022/5/7 22:46
- */
-@Controller
-@RequestMapping(IDP_FORM_SSO_INITIATOR)
-@AllArgsConstructor
-public class FormInitSingleSignOnEndpoint {
-    private final Logger logger = LoggerFactory.getLogger(FormInitSingleSignOnEndpoint.class);
-
-    /**
-     * SSO
-     *
-     * @return {@link ModelAndView}
-     */
-    @PostMapping
-    public ModelAndView sso(@PathVariable String appId) {
-        IdGenerator idGenerator = new AlternativeJdkIdGenerator();
-        ModelAndView view = new ModelAndView("form_redirect");
-        //目标地址
-        view.addObject("target", "");
-        //随机数
-        view.addObject("nonce", idGenerator.generateId());
-        return view;
-    }
-}
diff --git a/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/FormProtocolConfigurer.java b/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/FormProtocolConfigurer.java
new file mode 100644
index 00000000..c4b0b678
--- /dev/null
+++ b/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/FormProtocolConfigurer.java
@@ -0,0 +1,69 @@
+/*
+ * eiam-protocol-form - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.protocol.form;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.util.matcher.OrRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+
+import cn.topiam.employee.application.ApplicationServiceLoader;
+import cn.topiam.employee.protocol.form.endpoint.FormInitSingleSignOnEndpointFilter;
+import cn.topiam.employee.protocol.form.endpoint.FormSingleSignOnEndpointFilter;
+import cn.topiam.employee.support.context.ApplicationContextHelp;
+
+import freemarker.template.Configuration;
+import static cn.topiam.employee.protocol.cas.util.ProtocolUtils.getApplicationServiceLoader;
+
+/**
+ * 认证配置
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/9/10 22:58
+ */
+public final class FormProtocolConfigurer<B extends HttpSecurityBuilder<B>> extends
+                                         AbstractHttpConfigurer<FormProtocolConfigurer<B>, B> {
+
+    @Override
+    public void configure(B http) {
+        ApplicationServiceLoader applicationServiceLoader = getApplicationServiceLoader(http);
+        Configuration configuration = ApplicationContextHelp.getBean(Configuration.class);
+        //Form 单点登录地址
+        http.addFilterAfter(
+            new FormSingleSignOnEndpointFilter(applicationServiceLoader, configuration),
+            UsernamePasswordAuthenticationFilter.class);
+        //发起Form表单登录过滤器
+        http.addFilterAfter(
+            new FormInitSingleSignOnEndpointFilter(applicationServiceLoader, configuration),
+            FormSingleSignOnEndpointFilter.class);
+    }
+
+    public RequestMatcher getEndpointsMatcher() {
+        List<RequestMatcher> requestMatchers = new ArrayList<>();
+        //Form 门户端发起登录
+        requestMatchers.add(FormSingleSignOnEndpointFilter.getRequestMatcher());
+        //Form 服务端发起登录
+        requestMatchers.add(FormInitSingleSignOnEndpointFilter.getRequestMatcher());
+        return new OrRequestMatcher(requestMatchers);
+    }
+
+}
diff --git a/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/constant/ProtocolConstants.java b/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/constant/ProtocolConstants.java
deleted file mode 100644
index 2122276f..00000000
--- a/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/constant/ProtocolConstants.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * eiam-protocol-form - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package cn.topiam.employee.protocol.form.constant;
-
-import static cn.topiam.employee.common.constants.AuthorizeConstants.AUTHORIZE_PATH;
-import static cn.topiam.employee.common.constants.ProtocolConstants.APP_CODE_VARIABLE;
-
-/**
- * 协议常量
- *
- * @author TopIAM
- * Created by support@topiam.cn on  2021/12/8 21:29
- */
-public class ProtocolConstants {
-
-    /**
-     * FORM IDP SSO 发起
-     */
-    public static final String IDP_FORM_SSO_INITIATOR = AUTHORIZE_PATH + "/form/"
-                                                        + APP_CODE_VARIABLE + "/initiator";
-
-}
diff --git a/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/endpoint/AbstractFormEndpointFilter.java b/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/endpoint/AbstractFormEndpointFilter.java
new file mode 100644
index 00000000..9c9c192e
--- /dev/null
+++ b/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/endpoint/AbstractFormEndpointFilter.java
@@ -0,0 +1,148 @@
+/*
+ * eiam-protocol-form - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.protocol.form.endpoint;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+import javax.servlet.FilterChain;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.compress.utils.CharsetNames;
+import org.apache.http.entity.ContentType;
+import org.springframework.boot.web.servlet.filter.OrderedFilter;
+import org.springframework.core.Ordered;
+import org.springframework.lang.NonNull;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import cn.topiam.employee.application.ApplicationServiceLoader;
+import cn.topiam.employee.application.exception.AppNotExistException;
+import cn.topiam.employee.application.form.FormApplicationService;
+import cn.topiam.employee.application.form.model.FormProtocolConfig;
+import cn.topiam.employee.common.crypto.EncryptContextHelp;
+import cn.topiam.employee.common.entity.app.AppAccountEntity;
+import cn.topiam.employee.common.entity.app.AppFormConfigEntity;
+import cn.topiam.employee.common.enums.app.AppProtocol;
+import cn.topiam.employee.core.context.ServerContextHelp;
+import cn.topiam.employee.core.security.savedredirect.HttpSessionRedirectCache;
+import cn.topiam.employee.core.security.savedredirect.RedirectCache;
+import cn.topiam.employee.core.security.util.SecurityUtils;
+
+import lombok.AllArgsConstructor;
+import lombok.SneakyThrows;
+
+import freemarker.template.Configuration;
+import freemarker.template.Template;
+import static cn.topiam.employee.common.constants.AuthorizeConstants.FE_LOGIN;
+import static cn.topiam.employee.common.constants.ProtocolConstants.APP_CODE;
+import static cn.topiam.employee.core.security.util.SecurityUtils.isAuthenticated;
+
+/**
+ * IDP 发起单点登录端点
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/5/7 22:46
+ */
+@SuppressWarnings("DuplicatedCode")
+@AllArgsConstructor
+public abstract class AbstractFormEndpointFilter extends OncePerRequestFilter
+                                                 implements OrderedFilter {
+
+    private final RedirectCache redirectCache = new HttpSessionRedirectCache();
+
+    /**
+     *
+     *
+     * @param requestMatcher     {@link RequestMatcher}
+     * @param request     {@link HttpServletRequest}
+     * @param response    {@link HttpServletResponse}
+     * @param filterChain {@link FilterChain}
+     */
+    @SneakyThrows
+    protected void doFilter(@NonNull RequestMatcher requestMatcher,
+                            @NonNull HttpServletRequest request,
+                            @NonNull HttpServletResponse response,
+                            @NonNull FilterChain filterChain) {
+        if (!isAuthenticated()) {
+            //Saved Redirect
+            redirectCache.saveRedirect(request, response, RedirectCache.RedirectType.REQUEST);
+            //跳转登录
+            response.sendRedirect(ServerContextHelp.getPortalPublicBaseUrl() + FE_LOGIN);
+            return;
+        }
+        //@formatter:off
+        if (requestMatcher.matches(request)) {
+            //获取应用编码
+            Map<String, String> variables = requestMatcher.matcher(request).getVariables();
+            String appCode = variables.get(APP_CODE);
+            //获取应用配置
+            FormApplicationService applicationService = (FormApplicationService) applicationServiceLoader.getApplicationService(AppProtocol.FORM.getCode());
+            FormProtocolConfig config = applicationService.getProtocolConfig(appCode);
+            if (Objects.isNull(config)) {
+                throw new AppNotExistException();
+            }
+            AppAccountEntity appAccount = applicationService.getAppAccount(Long.valueOf(config.getAppId()),
+                            Long.valueOf(SecurityUtils.getCurrentUserId()));
+            response.setCharacterEncoding(CharsetNames.UTF_8);
+            response.setContentType(ContentType.TEXT_HTML.getMimeType());
+            Template template = cfg.getTemplate("form_redirect.ftlh");
+            Map<String, Object> data = new HashMap<>(16);
+            data.put("nonce", System.currentTimeMillis());
+            data.put("loginUrl", config.getLoginUrl());
+            data.put("submitType", config.getSubmitType());
+            data.put("usernameField", config.getUsernameField());
+            data.put("passwordField", config.getPasswordField());
+            data.put("account", appAccount.getAccount());
+            data.put("password", EncryptContextHelp.decrypt(appAccount.getPassword()));
+            List<AppFormConfigEntity.OtherField> otherField = config.getOtherField();
+            data.put("otherFields", otherField);
+            template.process(data, response.getWriter());
+            return;
+        }
+        filterChain.doFilter(request, response);
+        //@formatter:on
+    }
+
+    /**
+     * Get the order value of this object.
+     * <p>Higher values are interpreted as lower priority. As a consequence,
+     * the object with the lowest value has the highest priority (somewhat
+     * analogous to Servlet {@code load-on-startup} values).
+     * <p>Same order values will result in arbitrary sort positions for the
+     * affected objects.
+     *
+     * @return the order value
+     * @see #HIGHEST_PRECEDENCE
+     * @see #LOWEST_PRECEDENCE
+     */
+    @Override
+    public int getOrder() {
+        return Ordered.LOWEST_PRECEDENCE;
+    }
+
+    /**
+     * Form 应用配置
+     */
+    private final ApplicationServiceLoader applicationServiceLoader;
+
+    private final Configuration            cfg;
+}
diff --git a/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/endpoint/FormInitSingleSignOnEndpointFilter.java b/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/endpoint/FormInitSingleSignOnEndpointFilter.java
new file mode 100644
index 00000000..a99f6c12
--- /dev/null
+++ b/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/endpoint/FormInitSingleSignOnEndpointFilter.java
@@ -0,0 +1,75 @@
+/*
+ * eiam-protocol-form - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.protocol.form.endpoint;
+
+import javax.servlet.FilterChain;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.http.HttpMethod;
+import org.springframework.lang.NonNull;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+
+import cn.topiam.employee.application.ApplicationServiceLoader;
+
+import lombok.SneakyThrows;
+
+import freemarker.template.Configuration;
+import static cn.topiam.employee.common.constants.ProtocolConstants.FormEndpointConstants.IDP_FORM_SSO_INITIATOR;
+
+/**
+ * IDP 发起单点登录端点
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/5/7 22:46
+ */
+@SuppressWarnings("DuplicatedCode")
+public class FormInitSingleSignOnEndpointFilter extends AbstractFormEndpointFilter {
+
+    private static final RequestMatcher FORM_INIT_SINGLE_SIGN_MATCHER = new AntPathRequestMatcher(
+        IDP_FORM_SSO_INITIATOR, HttpMethod.POST.name());
+
+    public FormInitSingleSignOnEndpointFilter(ApplicationServiceLoader applicationServiceLoader,
+                                              Configuration cfg) {
+        super(applicationServiceLoader, cfg);
+    }
+
+    /**
+     * Same contract as for {@code doFilter}, but guaranteed to be
+     * just invoked once per request within a single request thread.
+     * See {@link #shouldNotFilterAsyncDispatch()} for details.
+     * <p>Provides HttpServletRequest and HttpServletResponse arguments instead of the
+     * default ServletRequest and ServletResponse ones.
+     *
+     * @param request     {@link HttpServletRequest}
+     * @param response    {@link HttpServletResponse}
+     * @param filterChain {@link FilterChain}
+     */
+    @SneakyThrows
+    @Override
+    protected void doFilterInternal(@NonNull HttpServletRequest request,
+                                    @NonNull HttpServletResponse response,
+                                    @NonNull FilterChain filterChain) {
+        doFilter(FORM_INIT_SINGLE_SIGN_MATCHER, request, response, filterChain);
+    }
+
+    public static RequestMatcher getRequestMatcher() {
+        return FORM_INIT_SINGLE_SIGN_MATCHER;
+    }
+}
diff --git a/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/endpoint/FormSingleSignOnEndpointFilter.java b/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/endpoint/FormSingleSignOnEndpointFilter.java
new file mode 100644
index 00000000..140a0437
--- /dev/null
+++ b/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/endpoint/FormSingleSignOnEndpointFilter.java
@@ -0,0 +1,70 @@
+/*
+ * eiam-protocol-form - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.protocol.form.endpoint;
+
+import javax.servlet.FilterChain;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.lang.NonNull;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+
+import cn.topiam.employee.application.ApplicationServiceLoader;
+import cn.topiam.employee.common.constants.ProtocolConstants;
+
+import freemarker.template.Configuration;
+
+/**
+ * Saml 接受SP发起登录端点
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/5/7 22:46
+ */
+@SuppressWarnings("DuplicatedCode")
+public class FormSingleSignOnEndpointFilter extends AbstractFormEndpointFilter {
+    private static final RequestMatcher REQUEST_MATCHER = new AntPathRequestMatcher(
+        ProtocolConstants.FormEndpointConstants.FORM_SSO_PATH);
+
+    public FormSingleSignOnEndpointFilter(ApplicationServiceLoader applicationServiceLoader,
+                                          Configuration cfg) {
+        super(applicationServiceLoader, cfg);
+    }
+
+    /**
+     * Same contract as for {@code doFilter}, but guaranteed to be
+     * just invoked once per request within a single request thread.
+     * See {@link #shouldNotFilterAsyncDispatch()} for details.
+     * <p>Provides HttpServletRequest and HttpServletResponse arguments instead of the
+     * default ServletRequest and ServletResponse ones.
+     *
+     * @param request      {@link HttpServletRequest}
+     * @param response {@link HttpServletResponse}
+     * @param filterChain  {@link FilterChain}
+     */
+    @Override
+    protected void doFilterInternal(@NonNull HttpServletRequest request,
+                                    @NonNull HttpServletResponse response,
+                                    @NonNull FilterChain filterChain) {
+        doFilter(REQUEST_MATCHER, request, response, filterChain);
+    }
+
+    public static RequestMatcher getRequestMatcher() {
+        return REQUEST_MATCHER;
+    }
+}
diff --git a/eiam-protocol/eiam-protocol-form/src/main/resources/templates/form_redirect.ftlh b/eiam-protocol/eiam-protocol-form/src/main/resources/templates/form_redirect.ftlh
index 2f480981..42e4a280 100644
--- a/eiam-protocol/eiam-protocol-form/src/main/resources/templates/form_redirect.ftlh
+++ b/eiam-protocol/eiam-protocol-form/src/main/resources/templates/form_redirect.ftlh
@@ -10,156 +10,7 @@
     />
 </head>
 <style>
-    html,
-    body,
-    #root {
-        height: 100%;
-        margin: 0;
-        padding: 0;
-    }
-
-    #root {
-        background-repeat: no-repeat;
-        background-size: 100% auto;
-    }
-
-    .page-loading-warp {
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        padding: 98px;
-    }
-
-    .ant-spin {
-        position: absolute;
-        display: none;
-        -webkit-box-sizing: border-box;
-        box-sizing: border-box;
-        margin: 0;
-        padding: 0;
-        color: rgba(0, 0, 0, 0.65);
-        color: #1890ff;
-        font-size: 14px;
-        font-variant: tabular-nums;
-        line-height: 1.5;
-        text-align: center;
-        list-style: none;
-        opacity: 0;
-        -webkit-transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        -webkit-font-feature-settings: 'tnum';
-        font-feature-settings: 'tnum';
-    }
-
-    .ant-spin-spinning {
-        position: static;
-        display: inline-block;
-        opacity: 1;
-    }
-
-    .ant-spin-dot {
-        position: relative;
-        display: inline-block;
-        width: 20px;
-        height: 20px;
-        font-size: 20px;
-    }
-
-    .ant-spin-dot-item {
-        position: absolute;
-        display: block;
-        width: 9px;
-        height: 9px;
-        background-color: #1890ff;
-        border-radius: 100%;
-        -webkit-transform: scale(0.75);
-        -ms-transform: scale(0.75);
-        transform: scale(0.75);
-        -webkit-transform-origin: 50% 50%;
-        -ms-transform-origin: 50% 50%;
-        transform-origin: 50% 50%;
-        opacity: 0.3;
-        -webkit-animation: antspinmove 1s infinite linear alternate;
-        animation: antSpinMove 1s infinite linear alternate;
-    }
-
-    .ant-spin-dot-item:nth-child(1) {
-        top: 0;
-        left: 0;
-    }
-
-    .ant-spin-dot-item:nth-child(2) {
-        top: 0;
-        right: 0;
-        -webkit-animation-delay: 0.4s;
-        animation-delay: 0.4s;
-    }
-
-    .ant-spin-dot-item:nth-child(3) {
-        right: 0;
-        bottom: 0;
-        -webkit-animation-delay: 0.8s;
-        animation-delay: 0.8s;
-    }
-
-    .ant-spin-dot-item:nth-child(4) {
-        bottom: 0;
-        left: 0;
-        -webkit-animation-delay: 1.2s;
-        animation-delay: 1.2s;
-    }
-
-    .ant-spin-dot-spin {
-        -webkit-transform: rotate(45deg);
-        -ms-transform: rotate(45deg);
-        transform: rotate(45deg);
-        -webkit-animation: antrotate 1.2s infinite linear;
-        animation: antRotate 1.2s infinite linear;
-    }
-
-    .ant-spin-lg .ant-spin-dot {
-        width: 32px;
-        height: 32px;
-        font-size: 32px;
-    }
-
-    .ant-spin-lg .ant-spin-dot i {
-        width: 14px;
-        height: 14px;
-    }
-
-    @media all and (-ms-high-contrast: none), (-ms-high-contrast: active) {
-        .ant-spin-blur {
-            background: #fff;
-            opacity: 0.5;
-        }
-    }
-
-    @-webkit-keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @-webkit-keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-
-    @keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
+    html,body,#root{height:100%;margin:0;padding:0}#root{background-repeat:no-repeat;background-size:100% auto}.page-loading-warp{display:flex;align-items:center;justify-content:center;padding:98px}.ant-spin{position:absolute;display:none;-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;padding:0;color:rgba(0,0,0,0.65);color:#1890ff;font-size:14px;font-variant:tabular-nums;line-height:1.5;text-align:center;list-style:none;opacity:0;-webkit-transition:-webkit-transform .3s cubic-bezier(0.78,0.14,0.15,0.86);transition:-webkit-transform .3s cubic-bezier(0.78,0.14,0.15,0.86);-webkit-font-feature-settings:'tnum';font-feature-settings:'tnum'}.ant-spin-spinning{position:static;display:inline-block;opacity:1}.ant-spin-dot{position:relative;display:inline-block;width:20px;height:20px;font-size:20px}.ant-spin-dot-item{position:absolute;display:block;width:9px;height:9px;background-color:#1890ff;border-radius:100%;-webkit-transform:scale(0.75);-ms-transform:scale(0.75);transform:scale(0.75);-webkit-transform-origin:50% 50%;-ms-transform-origin:50% 50%;transform-origin:50% 50%;opacity:.3;-webkit-animation:antspinmove 1s infinite linear alternate;animation:antSpinMove 1s infinite linear alternate}.ant-spin-dot-item:nth-child(1){top:0;left:0}.ant-spin-dot-item:nth-child(2){top:0;right:0;-webkit-animation-delay:.4s;animation-delay:.4s}.ant-spin-dot-item:nth-child(3){right:0;bottom:0;-webkit-animation-delay:.8s;animation-delay:.8s}.ant-spin-dot-item:nth-child(4){bottom:0;left:0;-webkit-animation-delay:1.2s;animation-delay:1.2s}.ant-spin-dot-spin{-webkit-transform:rotate(45deg);-ms-transform:rotate(45deg);transform:rotate(45deg);-webkit-animation:antrotate 1.2s infinite linear;animation:antRotate 1.2s infinite linear}.ant-spin-lg .ant-spin-dot{width:32px;height:32px;font-size:32px}.ant-spin-lg .ant-spin-dot i{width:14px;height:14px}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.ant-spin-blur{background:#fff;opacity:.5}}@-webkit-keyframes antSpinMove{to{opacity:1}}@keyframes antSpinMove{to{opacity:1}}@-webkit-keyframes antRotate{to{-webkit-transform:rotate(405deg);transform:rotate(405deg)}}@keyframes antRotate{to{-webkit-transform:rotate(405deg);transform:rotate(405deg)}}
 </style>
 <body>
 <noscript>
@@ -169,30 +20,16 @@
     </p>
 </noscript>
 <div id="root">
-    <div
-            style="
-          display: flex;
-          flex-direction: column;
-          align-items: center;
-          justify-content: center;
-          height: 100%;
-          min-height: 420px;
-        "
-    >
-        <div class="page-loading-warp">
-            <div class="ant-spin ant-spin-lg ant-spin-spinning">
-            <span class="ant-spin-dot ant-spin-dot-spin">
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-            </span>
-            </div>
-        </div>
-    </div>
+    <form action="${loginUrl}" method="${submitType}" hidden>
+        <input type="hidden" name="${usernameField}" value="${account}"/>
+        <input type="hidden" name="${passwordField}" value="${password}"/>
+        <#list otherFields as field>
+            <input type="hidden" name="${field.fieldName}" value="${field.fieldValue}" />
+        </#list>
+    </form>
 </div>
 <script type="text/javascript" nonce="${nonce}">
-
+    document.forms[0].submit();
 </script>
 </body>
 </html>
diff --git a/eiam-protocol/eiam-protocol-form/src/main/resources/templates/jwt_redirect.ftlh b/eiam-protocol/eiam-protocol-form/src/main/resources/templates/jwt_redirect.ftlh
deleted file mode 100644
index b802a686..00000000
--- a/eiam-protocol/eiam-protocol-form/src/main/resources/templates/jwt_redirect.ftlh
+++ /dev/null
@@ -1,198 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <title>Redirecting - TopIAM</title>
-    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
-    <meta name="robots" content="noindex, nofollow, nocache, noarchive"/>
-    <meta
-            name="viewport"
-            content="width=device-width,initial-scale=1,maximum-scale=1,minimum-scale=1,user-scalable=no"
-    />
-</head>
-<style>
-    html,
-    body,
-    #root {
-        height: 100%;
-        margin: 0;
-        padding: 0;
-    }
-
-    #root {
-        background-repeat: no-repeat;
-        background-size: 100% auto;
-    }
-
-    .page-loading-warp {
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        padding: 98px;
-    }
-
-    .ant-spin {
-        position: absolute;
-        display: none;
-        -webkit-box-sizing: border-box;
-        box-sizing: border-box;
-        margin: 0;
-        padding: 0;
-        color: rgba(0, 0, 0, 0.65);
-        color: #1890ff;
-        font-size: 14px;
-        font-variant: tabular-nums;
-        line-height: 1.5;
-        text-align: center;
-        list-style: none;
-        opacity: 0;
-        -webkit-transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        -webkit-font-feature-settings: 'tnum';
-        font-feature-settings: 'tnum';
-    }
-
-    .ant-spin-spinning {
-        position: static;
-        display: inline-block;
-        opacity: 1;
-    }
-
-    .ant-spin-dot {
-        position: relative;
-        display: inline-block;
-        width: 20px;
-        height: 20px;
-        font-size: 20px;
-    }
-
-    .ant-spin-dot-item {
-        position: absolute;
-        display: block;
-        width: 9px;
-        height: 9px;
-        background-color: #1890ff;
-        border-radius: 100%;
-        -webkit-transform: scale(0.75);
-        -ms-transform: scale(0.75);
-        transform: scale(0.75);
-        -webkit-transform-origin: 50% 50%;
-        -ms-transform-origin: 50% 50%;
-        transform-origin: 50% 50%;
-        opacity: 0.3;
-        -webkit-animation: antspinmove 1s infinite linear alternate;
-        animation: antSpinMove 1s infinite linear alternate;
-    }
-
-    .ant-spin-dot-item:nth-child(1) {
-        top: 0;
-        left: 0;
-    }
-
-    .ant-spin-dot-item:nth-child(2) {
-        top: 0;
-        right: 0;
-        -webkit-animation-delay: 0.4s;
-        animation-delay: 0.4s;
-    }
-
-    .ant-spin-dot-item:nth-child(3) {
-        right: 0;
-        bottom: 0;
-        -webkit-animation-delay: 0.8s;
-        animation-delay: 0.8s;
-    }
-
-    .ant-spin-dot-item:nth-child(4) {
-        bottom: 0;
-        left: 0;
-        -webkit-animation-delay: 1.2s;
-        animation-delay: 1.2s;
-    }
-
-    .ant-spin-dot-spin {
-        -webkit-transform: rotate(45deg);
-        -ms-transform: rotate(45deg);
-        transform: rotate(45deg);
-        -webkit-animation: antrotate 1.2s infinite linear;
-        animation: antRotate 1.2s infinite linear;
-    }
-
-    .ant-spin-lg .ant-spin-dot {
-        width: 32px;
-        height: 32px;
-        font-size: 32px;
-    }
-
-    .ant-spin-lg .ant-spin-dot i {
-        width: 14px;
-        height: 14px;
-    }
-
-    @media all and (-ms-high-contrast: none), (-ms-high-contrast: active) {
-        .ant-spin-blur {
-            background: #fff;
-            opacity: 0.5;
-        }
-    }
-
-    @-webkit-keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @-webkit-keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-
-    @keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-</style>
-<body>
-<noscript>
-    <p>
-        <strong>Note:</strong> Since your browser does not support JavaScript, you must press the
-        Continue button once to proceed.
-    </p>
-</noscript>
-<div id="root">
-    <div
-            style="
-          display: flex;
-          flex-direction: column;
-          align-items: center;
-          justify-content: center;
-          height: 100%;
-          min-height: 420px;
-        "
-    >
-        <div class="page-loading-warp">
-            <div class="ant-spin ant-spin-lg ant-spin-spinning">
-            <span class="ant-spin-dot ant-spin-dot-spin">
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-            </span>
-            </div>
-        </div>
-    </div>
-</div>
-<script type="text/javascript" nonce="${nonce}">
-
-</script>
-</body>
-</html>
diff --git a/eiam-protocol/eiam-protocol-jwt/src/main/resources/templates/form_redirect.ftlh b/eiam-protocol/eiam-protocol-jwt/src/main/resources/templates/form_redirect.ftlh
deleted file mode 100644
index 2f480981..00000000
--- a/eiam-protocol/eiam-protocol-jwt/src/main/resources/templates/form_redirect.ftlh
+++ /dev/null
@@ -1,198 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <title>Redirect - TopIAM</title>
-    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
-    <meta name="robots" content="noindex, nofollow, nocache, noarchive"/>
-    <meta
-            name="viewport"
-            content="width=device-width,initial-scale=1,maximum-scale=1,minimum-scale=1,user-scalable=no"
-    />
-</head>
-<style>
-    html,
-    body,
-    #root {
-        height: 100%;
-        margin: 0;
-        padding: 0;
-    }
-
-    #root {
-        background-repeat: no-repeat;
-        background-size: 100% auto;
-    }
-
-    .page-loading-warp {
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        padding: 98px;
-    }
-
-    .ant-spin {
-        position: absolute;
-        display: none;
-        -webkit-box-sizing: border-box;
-        box-sizing: border-box;
-        margin: 0;
-        padding: 0;
-        color: rgba(0, 0, 0, 0.65);
-        color: #1890ff;
-        font-size: 14px;
-        font-variant: tabular-nums;
-        line-height: 1.5;
-        text-align: center;
-        list-style: none;
-        opacity: 0;
-        -webkit-transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        -webkit-font-feature-settings: 'tnum';
-        font-feature-settings: 'tnum';
-    }
-
-    .ant-spin-spinning {
-        position: static;
-        display: inline-block;
-        opacity: 1;
-    }
-
-    .ant-spin-dot {
-        position: relative;
-        display: inline-block;
-        width: 20px;
-        height: 20px;
-        font-size: 20px;
-    }
-
-    .ant-spin-dot-item {
-        position: absolute;
-        display: block;
-        width: 9px;
-        height: 9px;
-        background-color: #1890ff;
-        border-radius: 100%;
-        -webkit-transform: scale(0.75);
-        -ms-transform: scale(0.75);
-        transform: scale(0.75);
-        -webkit-transform-origin: 50% 50%;
-        -ms-transform-origin: 50% 50%;
-        transform-origin: 50% 50%;
-        opacity: 0.3;
-        -webkit-animation: antspinmove 1s infinite linear alternate;
-        animation: antSpinMove 1s infinite linear alternate;
-    }
-
-    .ant-spin-dot-item:nth-child(1) {
-        top: 0;
-        left: 0;
-    }
-
-    .ant-spin-dot-item:nth-child(2) {
-        top: 0;
-        right: 0;
-        -webkit-animation-delay: 0.4s;
-        animation-delay: 0.4s;
-    }
-
-    .ant-spin-dot-item:nth-child(3) {
-        right: 0;
-        bottom: 0;
-        -webkit-animation-delay: 0.8s;
-        animation-delay: 0.8s;
-    }
-
-    .ant-spin-dot-item:nth-child(4) {
-        bottom: 0;
-        left: 0;
-        -webkit-animation-delay: 1.2s;
-        animation-delay: 1.2s;
-    }
-
-    .ant-spin-dot-spin {
-        -webkit-transform: rotate(45deg);
-        -ms-transform: rotate(45deg);
-        transform: rotate(45deg);
-        -webkit-animation: antrotate 1.2s infinite linear;
-        animation: antRotate 1.2s infinite linear;
-    }
-
-    .ant-spin-lg .ant-spin-dot {
-        width: 32px;
-        height: 32px;
-        font-size: 32px;
-    }
-
-    .ant-spin-lg .ant-spin-dot i {
-        width: 14px;
-        height: 14px;
-    }
-
-    @media all and (-ms-high-contrast: none), (-ms-high-contrast: active) {
-        .ant-spin-blur {
-            background: #fff;
-            opacity: 0.5;
-        }
-    }
-
-    @-webkit-keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @-webkit-keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-
-    @keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-</style>
-<body>
-<noscript>
-    <p>
-        <strong>Note:</strong> Since your browser does not support JavaScript, you must press the
-        Continue button once to proceed.
-    </p>
-</noscript>
-<div id="root">
-    <div
-            style="
-          display: flex;
-          flex-direction: column;
-          align-items: center;
-          justify-content: center;
-          height: 100%;
-          min-height: 420px;
-        "
-    >
-        <div class="page-loading-warp">
-            <div class="ant-spin ant-spin-lg ant-spin-spinning">
-            <span class="ant-spin-dot ant-spin-dot-spin">
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-            </span>
-            </div>
-        </div>
-    </div>
-</div>
-<script type="text/javascript" nonce="${nonce}">
-
-</script>
-</body>
-</html>
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/EiamOAuth2AuthorizationService.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/EiamOAuth2AuthorizationService.java
deleted file mode 100644
index ca14963c..00000000
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/EiamOAuth2AuthorizationService.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * eiam-protocol-oidc - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package cn.topiam.employee.protocol.oidc.authentication;
-
-import org.springframework.jdbc.core.JdbcOperations;
-import org.springframework.jdbc.support.lob.LobHandler;
-import org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService;
-import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
-import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
-import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
-
-/**
- *  扩展 JdbcOAuth2AuthorizationService 集合数据库及Redis
- *
- * @author TopIAM
- * Created by support@topiam.cn on  2022/10/28 22:39
- */
-@SuppressWarnings({ "unused", "AlibabaClassNamingShouldBeCamel" })
-public final class EiamOAuth2AuthorizationService extends JdbcOAuth2AuthorizationService {
-
-    @Override
-    public void save(OAuth2Authorization authorization) {
-        super.save(authorization);
-    }
-
-    @Override
-    public void remove(OAuth2Authorization authorization) {
-        super.remove(authorization);
-    }
-
-    @Override
-    public OAuth2Authorization findById(String id) {
-        return super.findById(id);
-    }
-
-    @Override
-    public OAuth2Authorization findByToken(String token, OAuth2TokenType tokenType) {
-        return super.findByToken(token, tokenType);
-    }
-
-    public EiamOAuth2AuthorizationService(JdbcOperations jdbcOperations,
-                                          RegisteredClientRepository registeredClientRepository) {
-        super(jdbcOperations, registeredClientRepository);
-    }
-
-    public EiamOAuth2AuthorizationService(JdbcOperations jdbcOperations,
-                                          RegisteredClientRepository registeredClientRepository,
-                                          LobHandler lobHandler) {
-        super(jdbcOperations, registeredClientRepository, lobHandler);
-    }
-}
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/EiamOAuth2InitSingleSignOnEndpointFilter.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/EiamOAuth2InitSingleSignOnEndpointFilter.java
index 1a42418d..dd6a33e0 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/EiamOAuth2InitSingleSignOnEndpointFilter.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/EiamOAuth2InitSingleSignOnEndpointFilter.java
@@ -39,7 +39,6 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
-import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationException;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken;
@@ -100,11 +99,11 @@ public class EiamOAuth2InitSingleSignOnEndpointFilter extends OncePerRequestFilt
     /**
      * 授权成功处理器
      */
-    private AuthenticationSuccessHandler                       authenticationSuccessHandler = this::sendAuthorizationResponse;
+    private final AuthenticationSuccessHandler                 authenticationSuccessHandler = this::sendAuthorizationResponse;
     /**
      * 授权失败处理器
      */
-    private AuthenticationFailureHandler                       authenticationFailureHandler = this::sendErrorResponse;
+    private final AuthenticationFailureHandler                 authenticationFailureHandler = this::sendErrorResponse;
     /**
      * 认证管理器
      */
@@ -239,50 +238,6 @@ public class EiamOAuth2InitSingleSignOnEndpointFilter extends OncePerRequestFilt
         //@formatter:on
     }
 
-    /**
-     * Sets the {@link AuthenticationDetailsSource} used for building an authentication details instance from {@link HttpServletRequest}.
-     *
-     * @param authenticationDetailsSource the {@link AuthenticationDetailsSource} used for building an authentication details instance from {@link HttpServletRequest}
-     * @since 0.3.1
-     */
-    public void setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
-        Assert.notNull(authenticationDetailsSource, "authenticationDetailsSource cannot be null");
-        this.authenticationDetailsSource = authenticationDetailsSource;
-    }
-
-    /**
-     * Sets the {@link AuthenticationConverter} used when attempting to extract an Authorization Request (or Consent) from {@link HttpServletRequest}
-     * to an instance of {@link OAuth2AuthorizationCodeRequestAuthenticationToken} used for authenticating the request.
-     *
-     * @param authenticationConverter the {@link AuthenticationConverter} used when attempting to extract an Authorization Request (or Consent) from {@link HttpServletRequest}
-     */
-    public void setAuthenticationConverter(AuthenticationConverter authenticationConverter) {
-        Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
-        this.authenticationConverter = authenticationConverter;
-    }
-
-    /**
-     * Sets the {@link AuthenticationSuccessHandler} used for handling an {@link OAuth2AuthorizationCodeRequestAuthenticationToken}
-     * and returning the {@link OAuth2AuthorizationResponse Authorization Response}.
-     *
-     * @param authenticationSuccessHandler the {@link AuthenticationSuccessHandler} used for handling an {@link OAuth2AuthorizationCodeRequestAuthenticationToken}
-     */
-    public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler) {
-        Assert.notNull(authenticationSuccessHandler, "authenticationSuccessHandler cannot be null");
-        this.authenticationSuccessHandler = authenticationSuccessHandler;
-    }
-
-    /**
-     * Sets the {@link AuthenticationFailureHandler} used for handling an {@link OAuth2AuthorizationCodeRequestAuthenticationException}
-     * and returning the {@link OAuth2Error Error Response}.
-     *
-     * @param authenticationFailureHandler the {@link AuthenticationFailureHandler} used for handling an {@link OAuth2AuthorizationCodeRequestAuthenticationException}
-     */
-    public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
-        Assert.notNull(authenticationFailureHandler, "authenticationFailureHandler cannot be null");
-        this.authenticationFailureHandler = authenticationFailureHandler;
-    }
-
     /**
      * Get the order value of this object.
      * <p>Higher values are interpreted as lower priority. As a consequence,
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/EiamOidcAuthorizationServerContextFilter.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/EiamOidcAuthorizationServerContextFilter.java
index 954dbaf7..a084ed24 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/EiamOidcAuthorizationServerContextFilter.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/EiamOidcAuthorizationServerContextFilter.java
@@ -41,14 +41,12 @@ import org.springframework.web.util.UriComponentsBuilder;
 import cn.topiam.employee.application.context.ApplicationContext;
 import cn.topiam.employee.application.context.ApplicationContextHolder;
 import cn.topiam.employee.application.exception.AppNotExistException;
-import cn.topiam.employee.common.constants.ProtocolConstants;
 import cn.topiam.employee.common.entity.app.po.AppOidcConfigPO;
 import cn.topiam.employee.common.repository.app.AppOidcConfigRepository;
 import cn.topiam.employee.core.context.ServerContextHelp;
 import cn.topiam.employee.support.util.HttpUrlUtils;
 import static cn.topiam.employee.common.constants.ProtocolConstants.APP_CODE;
-import static cn.topiam.employee.common.constants.ProtocolConstants.OidcEndpointConstants.OIDC_AUTHORIZE_BASE_PATH;
-import static cn.topiam.employee.common.constants.ProtocolConstants.OidcEndpointConstants.OIDC_AUTHORIZE_PATH;
+import static cn.topiam.employee.common.constants.ProtocolConstants.OidcEndpointConstants.*;
 
 /**
  * A {@code Filter} that associates the {@link AuthorizationServerContext} to the {@link AuthorizationServerContextHolder}.
@@ -92,13 +90,13 @@ public final class EiamOidcAuthorizationServerContextFilter extends OncePerReque
                 StringSubstitutor sub = new StringSubstitutor(variables, "{", "}");
                 AuthorizationServerSettings providerSettings = AuthorizationServerSettings.builder()
                         .issuer(sub.replace(HttpUrlUtils.format(ServerContextHelp.getPortalPublicBaseUrl() + OIDC_AUTHORIZE_PATH)))
-                        .authorizationEndpoint(asUrl(ServerContextHelp.getPortalPublicBaseUrl(), sub.replace(ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_ENDPOINT)))
-                        .tokenEndpoint(asUrl(ServerContextHelp.getPortalPublicBaseUrl(), sub.replace(ProtocolConstants.OidcEndpointConstants.TOKEN_ENDPOINT)))
-                        .jwkSetEndpoint(asUrl(ServerContextHelp.getPortalPublicBaseUrl(), sub.replace(ProtocolConstants.OidcEndpointConstants.JWK_SET_ENDPOINT)))
-                        .oidcClientRegistrationEndpoint(asUrl(ServerContextHelp.getPortalPublicBaseUrl(), sub.replace(ProtocolConstants.OidcEndpointConstants.OIDC_CLIENT_REGISTRATION_ENDPOINT)))
-                        .tokenIntrospectionEndpoint(asUrl(ServerContextHelp.getPortalPublicBaseUrl(), sub.replace(ProtocolConstants.OidcEndpointConstants.TOKEN_INTROSPECTION_ENDPOINT)))
-                        .tokenRevocationEndpoint(asUrl(ServerContextHelp.getPortalPublicBaseUrl(), sub.replace(ProtocolConstants.OidcEndpointConstants.TOKEN_REVOCATION_ENDPOINT)))
-                        .oidcUserInfoEndpoint(asUrl(ServerContextHelp.getPortalPublicBaseUrl(), sub.replace(ProtocolConstants.OidcEndpointConstants.OIDC_USER_INFO_ENDPOINT)))
+                        .authorizationEndpoint(asUrl(ServerContextHelp.getPortalPublicBaseUrl(), sub.replace(AUTHORIZATION_ENDPOINT)))
+                        .tokenEndpoint(asUrl(ServerContextHelp.getPortalPublicBaseUrl(), sub.replace(TOKEN_ENDPOINT)))
+                        .jwkSetEndpoint(asUrl(ServerContextHelp.getPortalPublicBaseUrl(), sub.replace(JWK_SET_ENDPOINT)))
+                        .oidcClientRegistrationEndpoint(asUrl(ServerContextHelp.getPortalPublicBaseUrl(), sub.replace(OIDC_CLIENT_REGISTRATION_ENDPOINT)))
+                        .tokenIntrospectionEndpoint(asUrl(ServerContextHelp.getPortalPublicBaseUrl(), sub.replace(TOKEN_INTROSPECTION_ENDPOINT)))
+                        .tokenRevocationEndpoint(asUrl(ServerContextHelp.getPortalPublicBaseUrl(), sub.replace(TOKEN_REVOCATION_ENDPOINT)))
+                        .oidcUserInfoEndpoint(asUrl(ServerContextHelp.getPortalPublicBaseUrl(), sub.replace(OIDC_USER_INFO_ENDPOINT)))
                         .build();
                 AuthorizationServerContext providerContext = new AuthorizationServerContext() {
                     @Override
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/authentication/EiamOAuth2AuthorizationCodeAuthenticationProvider.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/authentication/EiamOAuth2AuthorizationCodeAuthenticationProvider.java
new file mode 100644
index 00000000..3c0da7c7
--- /dev/null
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/authentication/EiamOAuth2AuthorizationCodeAuthenticationProvider.java
@@ -0,0 +1,271 @@
+/*
+ * eiam-protocol-oidc - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.protocol.oidc.authentication.authentication;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.core.log.LogMessage;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth2.core.*;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.core.oidc.OidcIdToken;
+import org.springframework.security.oauth2.core.oidc.OidcScopes;
+import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationCode;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
+import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
+import cn.topiam.employee.audit.context.AuditContext;
+import static cn.topiam.employee.protocol.oidc.util.EiamOAuth2Utils.getAuthenticatedClientElseThrowInvalidClient;
+import static cn.topiam.employee.protocol.oidc.util.EiamOAuth2Utils.invalidate;
+
+/**
+ * Eiam OAuth 2 授权代码身份验证提供程序
+ *
+ * @see org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationProvider
+ *
+ * @author SanLi
+ * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on  2022/12/25 14:47
+ */
+@SuppressWarnings({ "unused", "AlibabaClassNamingShouldBeCamel", "AlibabaMethodTooLong" })
+public final class EiamOAuth2AuthorizationCodeAuthenticationProvider implements
+                                                                     AuthenticationProvider {
+    private static final String                               ERROR_URI                     = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
+    private static final OAuth2TokenType                      AUTHORIZATION_CODE_TOKEN_TYPE = new OAuth2TokenType(
+        OAuth2ParameterNames.CODE);
+    private static final OAuth2TokenType                      ID_TOKEN_TOKEN_TYPE           = new OAuth2TokenType(
+        OidcParameterNames.ID_TOKEN);
+    private final Log                                         logger                        = LogFactory
+        .getLog(getClass());
+    private final OAuth2AuthorizationService                  authorizationService;
+    private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
+
+    /**
+     * Constructs an {@code OAuth2AuthorizationCodeAuthenticationProvider} using the provided parameters.
+     *
+     * @param authorizationService the authorization service
+     * @param tokenGenerator the token generator
+     * @since 0.2.3
+     */
+    public EiamOAuth2AuthorizationCodeAuthenticationProvider(OAuth2AuthorizationService authorizationService,
+                                                             OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
+        Assert.notNull(authorizationService, "authorizationService cannot be null");
+        Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
+        this.authorizationService = authorizationService;
+        this.tokenGenerator = tokenGenerator;
+    }
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
+
+        OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(
+            authorizationCodeAuthentication);
+        RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
+
+        if (this.logger.isTraceEnabled()) {
+            this.logger.trace("Retrieved registered client");
+        }
+
+        OAuth2Authorization authorization = this.authorizationService
+            .findByToken(authorizationCodeAuthentication.getCode(), AUTHORIZATION_CODE_TOKEN_TYPE);
+        if (authorization == null) {
+            throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_GRANT);
+        }
+
+        if (this.logger.isTraceEnabled()) {
+            this.logger.trace("Retrieved authorization with authorization code");
+        }
+
+        OAuth2Authorization.Token<OAuth2AuthorizationCode> authorizationCode = authorization
+            .getToken(OAuth2AuthorizationCode.class);
+
+        OAuth2AuthorizationRequest authorizationRequest = authorization
+            .getAttribute(OAuth2AuthorizationRequest.class.getName());
+
+        if (!registeredClient.getClientId().equals(authorizationRequest.getClientId())) {
+            if (!authorizationCode.isInvalidated()) {
+                // Invalidate the authorization code given that a different client is attempting to use it
+                authorization = invalidate(authorization, authorizationCode.getToken());
+                this.authorizationService.save(authorization);
+                if (this.logger.isWarnEnabled()) {
+                    this.logger.warn(LogMessage.format(
+                        "Invalidated authorization code used by registered client '%s'",
+                        registeredClient.getId()));
+                }
+            }
+            throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_GRANT);
+        }
+
+        if (StringUtils.hasText(authorizationRequest.getRedirectUri()) && !authorizationRequest
+            .getRedirectUri().equals(authorizationCodeAuthentication.getRedirectUri())) {
+            throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_GRANT);
+        }
+
+        if (!authorizationCode.isActive()) {
+            throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_GRANT);
+        }
+
+        if (this.logger.isTraceEnabled()) {
+            this.logger.trace("Validated token request parameters");
+        }
+
+        // @formatter:off
+		DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
+				.registeredClient(registeredClient)
+				.principal(authorization.getAttribute(Principal.class.getName()))
+				.authorizationServerContext(AuthorizationServerContextHolder.getContext())
+				.authorization(authorization)
+				.authorizedScopes(authorization.getAuthorizedScopes())
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.authorizationGrant(authorizationCodeAuthentication);
+		// @formatter:on
+
+        OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.from(authorization);
+
+        // ----- Access token -----
+        OAuth2TokenContext tokenContext = tokenContextBuilder
+            .tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
+        OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
+        if (generatedAccessToken == null) {
+            OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
+                "The token generator failed to generate the access token.", ERROR_URI);
+            throw new OAuth2AuthenticationException(error);
+        }
+
+        if (this.logger.isTraceEnabled()) {
+            this.logger.trace("Generated access token");
+        }
+
+        OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+            generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
+            generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
+        if (generatedAccessToken instanceof ClaimAccessor) {
+            authorizationBuilder.token(accessToken,
+                (metadata) -> metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME,
+                    ((ClaimAccessor) generatedAccessToken).getClaims()));
+        } else {
+            authorizationBuilder.accessToken(accessToken);
+        }
+
+        // ----- Refresh token -----
+        OAuth2RefreshToken refreshToken = null;
+        if (registeredClient.getAuthorizationGrantTypes()
+            .contains(AuthorizationGrantType.REFRESH_TOKEN) &&
+        // Do not issue refresh token to public client
+            !clientPrincipal.getClientAuthenticationMethod()
+                .equals(ClientAuthenticationMethod.NONE)) {
+
+            tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
+            OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
+            if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
+                OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
+                    "The token generator failed to generate the refresh token.", ERROR_URI);
+                throw new OAuth2AuthenticationException(error);
+            }
+
+            if (this.logger.isTraceEnabled()) {
+                this.logger.trace("Generated refresh token");
+            }
+
+            refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
+            authorizationBuilder.refreshToken(refreshToken);
+        }
+
+        // ----- ID token -----
+        OidcIdToken idToken;
+        if (authorizationRequest.getScopes().contains(OidcScopes.OPENID)) {
+            // @formatter:off
+			tokenContext = tokenContextBuilder
+					.tokenType(ID_TOKEN_TOKEN_TYPE)
+					// ID token customizer may need access to the access token and/or refresh token
+					.authorization(authorizationBuilder.build())
+					.build();
+			// @formatter:on
+            OAuth2Token generatedIdToken = this.tokenGenerator.generate(tokenContext);
+            if (!(generatedIdToken instanceof Jwt)) {
+                OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
+                    "The token generator failed to generate the ID token.", ERROR_URI);
+                throw new OAuth2AuthenticationException(error);
+            }
+
+            if (this.logger.isTraceEnabled()) {
+                this.logger.trace("Generated id token");
+            }
+
+            idToken = new OidcIdToken(generatedIdToken.getTokenValue(),
+                generatedIdToken.getIssuedAt(), generatedIdToken.getExpiresAt(),
+                ((Jwt) generatedIdToken).getClaims());
+            authorizationBuilder.token(idToken, (metadata) -> metadata
+                .put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, idToken.getClaims()));
+        } else {
+            idToken = null;
+        }
+
+        authorization = authorizationBuilder.build();
+
+        // Invalidate the authorization code as it can only be used once
+        authorization = invalidate(authorization, authorizationCode.getToken());
+
+        this.authorizationService.save(authorization);
+
+        if (this.logger.isTraceEnabled()) {
+            this.logger.trace("Saved authorization");
+        }
+
+        Map<String, Object> additionalParameters = Collections.emptyMap();
+        if (idToken != null) {
+            additionalParameters = new HashMap<>(16);
+            additionalParameters.put(OidcParameterNames.ID_TOKEN, idToken.getTokenValue());
+        }
+
+        if (this.logger.isTraceEnabled()) {
+            this.logger.trace("Authenticated token request");
+        }
+        //放入审计上下文中
+        AuditContext.setAuthorization(authorization.getAttribute(Principal.class.getName()));
+        return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal,
+            accessToken, refreshToken, additionalParameters);
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return OAuth2AuthorizationCodeAuthenticationToken.class.isAssignableFrom(authentication);
+    }
+
+}
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/authentication/EiamOAuth2RefreshTokenAuthenticationProvider.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/authentication/EiamOAuth2RefreshTokenAuthenticationProvider.java
new file mode 100644
index 00000000..ed1cddb9
--- /dev/null
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/authentication/EiamOAuth2RefreshTokenAuthenticationProvider.java
@@ -0,0 +1,260 @@
+/*
+ * eiam-protocol-oidc - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.protocol.oidc.authentication.authentication;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth2.core.*;
+import org.springframework.security.oauth2.core.oidc.OidcIdToken;
+import org.springframework.security.oauth2.core.oidc.OidcScopes;
+import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2RefreshTokenAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
+import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
+import org.springframework.util.Assert;
+
+import cn.topiam.employee.audit.context.AuditContext;
+import static cn.topiam.employee.protocol.oidc.util.EiamOAuth2Utils.getAuthenticatedClientElseThrowInvalidClient;
+
+/**
+ * EiamOAuth2RefreshTokenAuthenticationProvider
+ *
+ * @see org.springframework.security.oauth2.server.authorization.authentication.OAuth2RefreshTokenAuthenticationProvider
+
+ * @author SanLi
+ * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on  2022/12/25 21:05
+ */
+@SuppressWarnings({ "unused", "AlibabaClassNamingShouldBeCamel", "AlibabaMethodTooLong" })
+public final class EiamOAuth2RefreshTokenAuthenticationProvider implements AuthenticationProvider {
+    private static final String                               ERROR_URI           = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
+    private static final OAuth2TokenType                      ID_TOKEN_TOKEN_TYPE = new OAuth2TokenType(
+        OidcParameterNames.ID_TOKEN);
+    private final Log                                         logger              = LogFactory
+        .getLog(getClass());
+    private final OAuth2AuthorizationService                  authorizationService;
+    private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
+
+    /**
+     * Constructs an {@code OAuth2RefreshTokenAuthenticationProvider} using the provided parameters.
+     *
+     * @param authorizationService the authorization service
+     * @param tokenGenerator the token generator
+     * @since 0.2.3
+     */
+    public EiamOAuth2RefreshTokenAuthenticationProvider(OAuth2AuthorizationService authorizationService,
+                                                        OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
+        Assert.notNull(authorizationService, "authorizationService cannot be null");
+        Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
+        this.authorizationService = authorizationService;
+        this.tokenGenerator = tokenGenerator;
+    }
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        OAuth2RefreshTokenAuthenticationToken refreshTokenAuthentication = (OAuth2RefreshTokenAuthenticationToken) authentication;
+
+        OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(
+            refreshTokenAuthentication);
+        RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
+
+        if (this.logger.isTraceEnabled()) {
+            this.logger.trace("Retrieved registered client");
+        }
+
+        OAuth2Authorization authorization = this.authorizationService.findByToken(
+            refreshTokenAuthentication.getRefreshToken(), OAuth2TokenType.REFRESH_TOKEN);
+        if (authorization == null) {
+            throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_GRANT);
+        }
+
+        if (this.logger.isTraceEnabled()) {
+            this.logger.trace("Retrieved authorization with refresh token");
+        }
+
+        if (!registeredClient.getId().equals(authorization.getRegisteredClientId())) {
+            throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
+        }
+
+        if (!registeredClient.getAuthorizationGrantTypes()
+            .contains(AuthorizationGrantType.REFRESH_TOKEN)) {
+            throw new OAuth2AuthenticationException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT);
+        }
+
+        OAuth2Authorization.Token<OAuth2RefreshToken> refreshToken = authorization
+            .getRefreshToken();
+        if (!refreshToken.isActive()) {
+            // As per https://tools.ietf.org/html/rfc6749#section-5.2
+            // invalid_grant: The provided authorization grant (e.g., authorization code,
+            // resource owner credentials) or refresh token is invalid, expired, revoked [...].
+            throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_GRANT);
+        }
+
+        // As per https://tools.ietf.org/html/rfc6749#section-6
+        // The requested scope MUST NOT include any scope not originally granted by the resource owner,
+        // and if omitted is treated as equal to the scope originally granted by the resource owner.
+        Set<String> scopes = refreshTokenAuthentication.getScopes();
+        Set<String> authorizedScopes = authorization.getAuthorizedScopes();
+        if (!authorizedScopes.containsAll(scopes)) {
+            throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_SCOPE);
+        }
+
+        if (this.logger.isTraceEnabled()) {
+            this.logger.trace("Validated token request parameters");
+        }
+
+        if (scopes.isEmpty()) {
+            scopes = authorizedScopes;
+        }
+
+        // @formatter:off
+		DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
+				.registeredClient(registeredClient)
+				.principal(authorization.getAttribute(Principal.class.getName()))
+				.authorizationServerContext(AuthorizationServerContextHolder.getContext())
+				.authorization(authorization)
+				.authorizedScopes(scopes)
+				.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
+				.authorizationGrant(refreshTokenAuthentication);
+		// @formatter:on
+
+        OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.from(authorization);
+
+        // ----- Access token -----
+        OAuth2TokenContext tokenContext = tokenContextBuilder
+            .tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
+        OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
+        if (generatedAccessToken == null) {
+            OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
+                "The token generator failed to generate the access token.", ERROR_URI);
+            throw new OAuth2AuthenticationException(error);
+        }
+
+        if (this.logger.isTraceEnabled()) {
+            this.logger.trace("Generated access token");
+        }
+
+        OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+            generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
+            generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
+        if (generatedAccessToken instanceof ClaimAccessor) {
+            authorizationBuilder.token(accessToken, (metadata) -> {
+                metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME,
+                    ((ClaimAccessor) generatedAccessToken).getClaims());
+                metadata.put(OAuth2Authorization.Token.INVALIDATED_METADATA_NAME, false);
+            });
+        } else {
+            authorizationBuilder.accessToken(accessToken);
+        }
+
+        // ----- Refresh token -----
+        OAuth2RefreshToken currentRefreshToken = refreshToken.getToken();
+        if (!registeredClient.getTokenSettings().isReuseRefreshTokens()) {
+            tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
+            OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
+            if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
+                OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
+                    "The token generator failed to generate the refresh token.", ERROR_URI);
+                throw new OAuth2AuthenticationException(error);
+            }
+
+            if (this.logger.isTraceEnabled()) {
+                this.logger.trace("Generated refresh token");
+            }
+
+            currentRefreshToken = (OAuth2RefreshToken) generatedRefreshToken;
+            authorizationBuilder.refreshToken(currentRefreshToken);
+        }
+
+        // ----- ID token -----
+        OidcIdToken idToken;
+        if (authorizedScopes.contains(OidcScopes.OPENID)) {
+            // @formatter:off
+			tokenContext = tokenContextBuilder
+					.tokenType(ID_TOKEN_TOKEN_TYPE)
+					// ID token customizer may need access to the access token and/or refresh token
+					.authorization(authorizationBuilder.build())
+					.build();
+			// @formatter:on
+            OAuth2Token generatedIdToken = this.tokenGenerator.generate(tokenContext);
+            if (!(generatedIdToken instanceof Jwt)) {
+                OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
+                    "The token generator failed to generate the ID token.", ERROR_URI);
+                throw new OAuth2AuthenticationException(error);
+            }
+
+            if (this.logger.isTraceEnabled()) {
+                this.logger.trace("Generated id token");
+            }
+
+            idToken = new OidcIdToken(generatedIdToken.getTokenValue(),
+                generatedIdToken.getIssuedAt(), generatedIdToken.getExpiresAt(),
+                ((Jwt) generatedIdToken).getClaims());
+            authorizationBuilder.token(idToken, (metadata) -> metadata
+                .put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, idToken.getClaims()));
+        } else {
+            idToken = null;
+        }
+
+        authorization = authorizationBuilder.build();
+
+        this.authorizationService.save(authorization);
+
+        if (this.logger.isTraceEnabled()) {
+            this.logger.trace("Saved authorization");
+        }
+
+        Map<String, Object> additionalParameters = Collections.emptyMap();
+        if (idToken != null) {
+            additionalParameters = new HashMap<>(16);
+            additionalParameters.put(OidcParameterNames.ID_TOKEN, idToken.getTokenValue());
+        }
+
+        if (this.logger.isTraceEnabled()) {
+            this.logger.trace("Authenticated token request");
+        }
+
+        //审计
+        AuditContext.setAuthorization(authorization.getAttribute(Principal.class.getName()));
+        return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal,
+            accessToken, currentRefreshToken, additionalParameters);
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return OAuth2RefreshTokenAuthenticationToken.class.isAssignableFrom(authentication);
+    }
+
+}
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/consent/DefaultConsentPage.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/consent/DefaultConsentPage.java
new file mode 100644
index 00000000..f5d06e67
--- /dev/null
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/consent/DefaultConsentPage.java
@@ -0,0 +1,161 @@
+/*
+ * eiam-protocol-oidc - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.protocol.oidc.authentication.consent;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.http.MediaType;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.oidc.OidcScopes;
+
+/**
+ * 默认重定向地址
+ *
+ * @author SanLi
+ * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on  2022/12/17 21:47
+ */
+@SuppressWarnings("AlibabaMethodTooLong")
+public class DefaultConsentPage {
+    private static final MediaType TEXT_HTML_UTF8 = new MediaType("text", "html",
+        StandardCharsets.UTF_8);
+
+    public static void displayConsent(HttpServletRequest request, HttpServletResponse response,
+                                      String clientId, Authentication principal,
+                                      Set<String> requestedScopes, Set<String> authorizedScopes,
+                                      String state) throws IOException {
+        String consentPage = generateConsentPage(request, clientId, principal, requestedScopes,
+            authorizedScopes, state);
+        response.setContentType(TEXT_HTML_UTF8.toString());
+        response.setContentLength(consentPage.getBytes(StandardCharsets.UTF_8).length);
+        response.getWriter().write(consentPage);
+    }
+
+    private static String generateConsentPage(HttpServletRequest request, String clientId,
+                                              Authentication principal, Set<String> requestedScopes,
+                                              Set<String> authorizedScopes, String state) {
+        Set<String> scopesToAuthorize = new HashSet<>();
+        Set<String> scopesPreviouslyAuthorized = new HashSet<>();
+        for (String scope : requestedScopes) {
+            if (authorizedScopes.contains(scope)) {
+                scopesPreviouslyAuthorized.add(scope);
+                // openid scope does not require consent
+            } else if (!scope.equals(OidcScopes.OPENID)) {
+                scopesToAuthorize.add(scope);
+            }
+        }
+
+        StringBuilder builder = new StringBuilder();
+
+        builder.append("<!DOCTYPE html>");
+        builder.append("<html lang=\"en\">");
+        builder.append("<head>");
+        builder.append("    <meta charset=\"utf-8\">");
+        builder.append(
+            "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">");
+        builder.append(
+            "    <link rel=\"stylesheet\" href=\"https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css\" integrity=\"sha384-JcKb8q3iqJ61gNV9KGb8thSsNjpSL0n8PARn9HuZOnIxN0hoP+VmmDGMN5t9UJ0Z\" crossorigin=\"anonymous\">");
+        builder.append("    <title>Consent required</title>");
+        builder.append("	<script>");
+        builder.append("		function cancelConsent() {");
+        builder.append("			document.consent_form.reset();");
+        builder.append("			document.consent_form.submit();");
+        builder.append("		}");
+        builder.append("	</script>");
+        builder.append("</head>");
+        builder.append("<body>");
+        builder.append("<div class=\"container\">");
+        builder.append("    <div class=\"py-5\">");
+        builder.append("        <h1 class=\"text-center\">Consent required</h1>");
+        builder.append("    </div>");
+        builder.append("    <div class=\"row\">");
+        builder.append("        <div class=\"col text-center\">");
+        builder.append("            <p><span class=\"font-weight-bold text-primary\">")
+            .append(clientId)
+            .append("</span> wants to access your account <span class=\"font-weight-bold\">")
+            .append(principal.getName()).append("</span></p>");
+        builder.append("        </div>");
+        builder.append("    </div>");
+        builder.append("    <div class=\"row pb-3\">");
+        builder.append("        <div class=\"col text-center\">");
+        builder.append(
+            "            <p>The following permissions are requested by the above app.<br/>Please review these and consent if you approve.</p>");
+        builder.append("        </div>");
+        builder.append("    </div>");
+        builder.append("    <div class=\"row\">");
+        builder.append("        <div class=\"col text-center\">");
+        builder.append("            <form name=\"consent_form\" method=\"post\" action=\"")
+            .append(request.getHeader("Location")).append("\">");
+        builder.append("                <input type=\"hidden\" name=\"client_id\" value=\"")
+            .append(clientId).append("\">");
+        builder.append("                <input type=\"hidden\" name=\"state\" value=\"")
+            .append(state).append("\">");
+
+        for (String scope : scopesToAuthorize) {
+            builder.append("                <div class=\"form-group form-check py-1\">");
+            builder.append(
+                "                    <input class=\"form-check-input\" type=\"checkbox\" name=\"scope\" value=\"")
+                .append(scope).append("\" id=\"").append(scope).append("\">");
+            builder.append("                    <label class=\"form-check-label\" for=\"")
+                .append(scope).append("\">").append(scope).append("</label>");
+            builder.append("                </div>");
+        }
+
+        if (!scopesPreviouslyAuthorized.isEmpty()) {
+            builder.append(
+                "                <p>You have already granted the following permissions to the above app:</p>");
+            for (String scope : scopesPreviouslyAuthorized) {
+                builder.append("                <div class=\"form-group form-check py-1\">");
+                builder.append(
+                    "                    <input class=\"form-check-input\" type=\"checkbox\" name=\"scope\" id=\"")
+                    .append(scope).append("\" checked disabled>");
+                builder.append("                    <label class=\"form-check-label\" for=\"")
+                    .append(scope).append("\">").append(scope).append("</label>");
+                builder.append("                </div>");
+            }
+        }
+
+        builder.append("                <div class=\"form-group pt-3\">");
+        builder.append(
+            "                    <button class=\"btn btn-primary btn-lg\" type=\"submit\" id=\"submit-consent\">Submit Consent</button>");
+        builder.append("                </div>");
+        builder.append("                <div class=\"form-group\">");
+        builder.append(
+            "                    <button class=\"btn btn-link regular\" type=\"button\" onclick=\"cancelConsent();\" id=\"cancel-consent\">Cancel</button>");
+        builder.append("                </div>");
+        builder.append("            </form>");
+        builder.append("        </div>");
+        builder.append("    </div>");
+        builder.append("    <div class=\"row pt-4\">");
+        builder.append("        <div class=\"col text-center\">");
+        builder.append(
+            "            <p><small>Your consent to provide access is required.<br/>If you do not approve, click Cancel, in which case no information will be shared with the app.</small></p>");
+        builder.append("        </div>");
+        builder.append("    </div>");
+        builder.append("</div>");
+        builder.append("</body>");
+        builder.append("</html>");
+
+        return builder.toString();
+    }
+}
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/consent/EiamOAuth2AuthorizationConsentEndpointFilter.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/consent/EiamOAuth2AuthorizationConsentEndpointFilter.java
new file mode 100644
index 00000000..24282c3e
--- /dev/null
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/consent/EiamOAuth2AuthorizationConsentEndpointFilter.java
@@ -0,0 +1,81 @@
+/*
+ * eiam-protocol-oidc - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.protocol.oidc.authentication.consent;
+
+import java.io.IOException;
+import java.util.Set;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.lang.NonNull;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.web.util.matcher.AndRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.util.Assert;
+
+import com.google.common.collect.Sets;
+
+import cn.topiam.employee.common.repository.app.AppOidcConfigRepository;
+import cn.topiam.employee.core.security.util.SecurityUtils;
+import cn.topiam.employee.protocol.oidc.endpoint.AbstractEiamEndpointFilter;
+
+/**
+ * 授权同意Endpoint
+ *
+ * @author SanLi
+ * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on  2022/12/17 21:25
+ */
+@SuppressWarnings("AlibabaClassNamingShouldBeCamel")
+public class EiamOAuth2AuthorizationConsentEndpointFilter extends AbstractEiamEndpointFilter {
+
+    @Override
+    protected void doFilterInternal(@NonNull HttpServletRequest request,
+                                    @NonNull HttpServletResponse response,
+                                    @NonNull FilterChain filterChain) throws IOException,
+                                                                      ServletException {
+        if (requestMatcher.matches(request)) {
+            Authentication principal = SecurityUtils.getSecurityContext().getAuthentication();
+            String clientId = request.getParameter(OAuth2ParameterNames.CLIENT_ID);
+            String state = request.getParameter(OAuth2ParameterNames.STATE);
+            Set<String> requestedScopes = Sets
+                .newHashSet(request.getParameter(OAuth2ParameterNames.SCOPE).split(" "));
+            //查询应用具有的权限
+            Set<String> authorizedScopes = Sets.newHashSet();
+            DefaultConsentPage.displayConsent(request, response, clientId, principal,
+                requestedScopes, authorizedScopes, state);
+            return;
+        }
+        filterChain.doFilter(request, response);
+    }
+
+    private final RequestMatcher requestMatcher;
+
+    public EiamOAuth2AuthorizationConsentEndpointFilter(AppOidcConfigRepository appOidcConfigRepository,
+                                                        RequestMatcher requestMatcher) {
+        super(appOidcConfigRepository);
+        Assert.notNull(appOidcConfigRepository, "appOidcConfigRepository must not be null");
+        this.requestMatcher = new AndRequestMatcher(requestMatcher,
+            new RequestHeaderRequestMatcher("Location"));
+    }
+
+}
diff --git a/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/package-info.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/consent/package-info.java
similarity index 85%
rename from eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/package-info.java
rename to eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/consent/package-info.java
index 0518a7e9..e763e954 100644
--- a/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/package-info.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/consent/package-info.java
@@ -1,5 +1,5 @@
 /*
- * eiam-protocol-form - Employee Identity and Access Management Program
+ * eiam-protocol-oidc - Employee Identity and Access Management Program
  * Copyright © 2020-2023 TopIAM (support@topiam.cn)
  *
  * This program is free software: you can redistribute it and/or modify
@@ -15,4 +15,4 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package cn.topiam.employee.protocol;
\ No newline at end of file
+package cn.topiam.employee.protocol.oidc.authentication.consent;
\ No newline at end of file
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/EiamOAuth2AuthenticationImplicitAuthenticationProvider.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/EiamOAuth2AuthenticationImplicitAuthenticationProvider.java
index 64b894df..e84b3d6c 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/EiamOAuth2AuthenticationImplicitAuthenticationProvider.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/EiamOAuth2AuthenticationImplicitAuthenticationProvider.java
@@ -18,7 +18,9 @@
 package cn.topiam.employee.protocol.oidc.authentication.implicit;
 
 import java.security.Principal;
-import java.util.*;
+import java.util.Base64;
+import java.util.Map;
+import java.util.Set;
 import java.util.function.Consumer;
 
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
@@ -35,7 +37,10 @@ import org.springframework.security.oauth2.core.oidc.OidcScopes;
 import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.server.authorization.*;
-import org.springframework.security.oauth2.server.authorization.authentication.*;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationException;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationValidator;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
@@ -46,6 +51,8 @@ import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
 import com.google.common.collect.Maps;
+
+import cn.topiam.employee.audit.context.AuditContext;
 import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.REDIRECT_URI;
 
 /**
@@ -57,6 +64,8 @@ import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterN
 @SuppressWarnings("AlibabaClassNamingShouldBeCamel")
 public class EiamOAuth2AuthenticationImplicitAuthenticationProvider implements
                                                                     AuthenticationProvider {
+    public static final AuthorizationGrantType                             IMPLICIT                = new AuthorizationGrantType(
+        "implicit");
 
     private static final String                                            ERROR_URI               = "https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1";
     private static final StringKeyGenerator                                DEFAULT_STATE_GENERATOR = new Base64StringKeyGenerator(
@@ -91,6 +100,7 @@ public class EiamOAuth2AuthenticationImplicitAuthenticationProvider implements
         this.tokenGenerator = tokenGenerator;
     }
 
+    @SuppressWarnings("AlibabaMethodTooLong")
     @Override
     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
         EiamOAuth2AuthorizationImplicitAuthenticationToken authorizationImplicitRequestAuthentication = (EiamOAuth2AuthorizationImplicitAuthenticationToken) authentication;
@@ -109,8 +119,7 @@ public class EiamOAuth2AuthenticationImplicitAuthenticationProvider implements
             .build();
         this.authenticationValidator.accept(authenticationContext);
 
-        if (!registeredClient.getAuthorizationGrantTypes()
-            .contains(AuthorizationGrantType.IMPLICIT)) {
+        if (!registeredClient.getAuthorizationGrantTypes().contains(IMPLICIT)) {
             throwError(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT, OAuth2ParameterNames.CLIENT_ID,
                 authorizationImplicitRequestAuthentication, registeredClient);
         }
@@ -252,6 +261,8 @@ public class EiamOAuth2AuthenticationImplicitAuthenticationProvider implements
         OAuth2AccessTokenAuthenticationToken token = new OAuth2AccessTokenAuthenticationToken(
             registeredClient, clientPrincipal, accessToken, refreshToken, additionalParameters);
         token.setAuthenticated(true);
+        //放入审计上下文中
+        AuditContext.setAuthorization(authorization.getAttribute(Principal.class.getName()));
         return token;
     }
 
@@ -259,7 +270,6 @@ public class EiamOAuth2AuthenticationImplicitAuthenticationProvider implements
     public boolean supports(Class<?> authentication) {
         return authentication
             .isAssignableFrom(EiamOAuth2AuthorizationImplicitAuthenticationToken.class);
-
     }
 
     private static boolean requireAuthorizationConsent(RegisteredClient registeredClient,
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/EiamOAuth2AuthorizationImplicitAuthenticationEndpointFilter.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/EiamOAuth2AuthorizationImplicitAuthenticationEndpointFilter.java
index 6e6650d8..af1dcd05 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/EiamOAuth2AuthorizationImplicitAuthenticationEndpointFilter.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/EiamOAuth2AuthorizationImplicitAuthenticationEndpointFilter.java
@@ -18,7 +18,6 @@
 package cn.topiam.employee.protocol.oidc.authentication.implicit;
 
 import java.io.IOException;
-import java.nio.charset.StandardCharsets;
 import java.time.temporal.ChronoUnit;
 import java.util.*;
 
@@ -30,7 +29,6 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.core.log.LogMessage;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
-import org.springframework.http.MediaType;
 import org.springframework.lang.NonNull;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -60,10 +58,22 @@ import org.springframework.util.StringUtils;
 import org.springframework.web.filter.OncePerRequestFilter;
 import org.springframework.web.util.UriComponentsBuilder;
 
+import com.google.common.collect.Lists;
+
+import cn.topiam.employee.application.context.ApplicationContext;
+import cn.topiam.employee.application.context.ApplicationContextHolder;
+import cn.topiam.employee.audit.context.AuditContext;
+import cn.topiam.employee.audit.entity.Target;
+import cn.topiam.employee.audit.enums.EventStatus;
+import cn.topiam.employee.audit.enums.EventType;
+import cn.topiam.employee.audit.enums.TargetType;
+import cn.topiam.employee.audit.event.AuditEventPublish;
 import cn.topiam.employee.common.constants.ProtocolConstants;
 import cn.topiam.employee.core.context.ServerContextHelp;
 import cn.topiam.employee.core.security.savedredirect.HttpSessionRedirectCache;
 import cn.topiam.employee.core.security.savedredirect.RedirectCache;
+import cn.topiam.employee.protocol.oidc.authentication.consent.DefaultConsentPage;
+import cn.topiam.employee.support.context.ApplicationContextHelp;
 import static org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames.TOKEN_TYPE;
 import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.*;
 
@@ -73,7 +83,7 @@ import static cn.topiam.employee.protocol.oidc.util.EiamOAuth2Utils.appendUrl;
 /**
  * OAuth2 授权过滤器
  *
- * 用于支持 授权码模式和隐式授权模式
+ * 用于支持隐式授权模式
  *
  * @author TopIAM
  * Created by support@topiam.cn on  2022/10/28 23:26
@@ -281,6 +291,15 @@ public final class EiamOAuth2AuthorizationImplicitAuthenticationEndpointFilter e
             vars.put(OAuth2ParameterNames.STATE, state);
         }
         String append = appendUrl(redirectUri, vars, keys, true);
+        //审计
+        ApplicationContext applicationContext = ApplicationContextHolder.getApplicationContext();
+        Target target = Target.builder().id(applicationContext.getAppId().toString())
+            .type(TargetType.APPLICATION).build();
+        ArrayList<Target> targets = Lists.newArrayList(target);
+
+        AuditEventPublish publish = ApplicationContextHelp.getBean(AuditEventPublish.class);
+        publish.publish(EventType.APP_SSO, AuditContext.getAuthorization(), EventStatus.SUCCESS,
+            Lists.newArrayList(target));
         this.redirectStrategy.sendRedirect(request, response, append);
     }
 
@@ -328,6 +347,17 @@ public final class EiamOAuth2AuthorizationImplicitAuthenticationEndpointFilter e
             uriBuilder.queryParam(OAuth2ParameterNames.STATE,
                 authorizationImplicitRequestAuthenticationToken.getState());
         }
+
+        //审计
+        ApplicationContext applicationContext = ApplicationContextHolder.getApplicationContext();
+        Target target = Target.builder().id(applicationContext.getAppId().toString())
+            .type(TargetType.APPLICATION).build();
+        ArrayList<Target> targets = Lists.newArrayList(target);
+
+        AuditEventPublish publish = ApplicationContextHelp.getBean(AuditEventPublish.class);
+        publish.publish(EventType.APP_SSO, AuditContext.getAuthorization(), EventStatus.FAIL,
+            targets, error.toString());
+
         this.redirectStrategy.sendRedirect(request, response, uriBuilder.toUriString());
     }
 
@@ -374,133 +404,4 @@ public final class EiamOAuth2AuthorizationImplicitAuthenticationEndpointFilter e
         this.consentPage = consentPage;
     }
 
-    /**
-     * For internal use only.
-     */
-    @SuppressWarnings("AlibabaMethodTooLong")
-    private static class DefaultConsentPage {
-        private static final MediaType TEXT_HTML_UTF8 = new MediaType("text", "html",
-            StandardCharsets.UTF_8);
-
-        private static void displayConsent(HttpServletRequest request, HttpServletResponse response,
-                                           String clientId, Authentication principal,
-                                           Set<String> requestedScopes,
-                                           Set<String> authorizedScopes,
-                                           String state) throws IOException {
-
-            String consentPage = generateConsentPage(request, clientId, principal, requestedScopes,
-                authorizedScopes, state);
-            response.setContentType(TEXT_HTML_UTF8.toString());
-            response.setContentLength(consentPage.getBytes(StandardCharsets.UTF_8).length);
-            response.getWriter().write(consentPage);
-        }
-
-        private static String generateConsentPage(HttpServletRequest request, String clientId,
-                                                  Authentication principal,
-                                                  Set<String> requestedScopes,
-                                                  Set<String> authorizedScopes, String state) {
-            Set<String> scopesToAuthorize = new HashSet<>();
-            Set<String> scopesPreviouslyAuthorized = new HashSet<>();
-            for (String scope : requestedScopes) {
-                if (authorizedScopes.contains(scope)) {
-                    scopesPreviouslyAuthorized.add(scope);
-                } else if (!scope.equals(OidcScopes.OPENID)) { // openid scope does not require consent
-                    scopesToAuthorize.add(scope);
-                }
-            }
-
-            StringBuilder builder = new StringBuilder();
-
-            builder.append("<!DOCTYPE html>");
-            builder.append("<html lang=\"en\">");
-            builder.append("<head>");
-            builder.append("    <meta charset=\"utf-8\">");
-            builder.append(
-                "    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">");
-            builder.append(
-                "    <link rel=\"stylesheet\" href=\"https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css\" integrity=\"sha384-JcKb8q3iqJ61gNV9KGb8thSsNjpSL0n8PARn9HuZOnIxN0hoP+VmmDGMN5t9UJ0Z\" crossorigin=\"anonymous\">");
-            builder.append("    <title>Consent required</title>");
-            builder.append("	<script>");
-            builder.append("		function cancelConsent() {");
-            builder.append("			document.consent_form.reset();");
-            builder.append("			document.consent_form.submit();");
-            builder.append("		}");
-            builder.append("	</script>");
-            builder.append("</head>");
-            builder.append("<body>");
-            builder.append("<div class=\"container\">");
-            builder.append("    <div class=\"py-5\">");
-            builder.append("        <h1 class=\"text-center\">Consent required</h1>");
-            builder.append("    </div>");
-            builder.append("    <div class=\"row\">");
-            builder.append("        <div class=\"col text-center\">");
-            builder
-                .append("            <p><span class=\"font-weight-bold text-primary\">" + clientId
-                        + "</span> wants to access your account <span class=\"font-weight-bold\">"
-                        + principal.getName() + "</span></p>");
-            builder.append("        </div>");
-            builder.append("    </div>");
-            builder.append("    <div class=\"row pb-3\">");
-            builder.append("        <div class=\"col text-center\">");
-            builder.append(
-                "            <p>The following permissions are requested by the above app.<br/>Please review these and consent if you approve.</p>");
-            builder.append("        </div>");
-            builder.append("    </div>");
-            builder.append("    <div class=\"row\">");
-            builder.append("        <div class=\"col text-center\">");
-            builder.append("            <form name=\"consent_form\" method=\"post\" action=\""
-                           + request.getRequestURI() + "\">");
-            builder.append("                <input type=\"hidden\" name=\"client_id\" value=\""
-                           + clientId + "\">");
-            builder.append(
-                "                <input type=\"hidden\" name=\"state\" value=\"" + state + "\">");
-
-            for (String scope : scopesToAuthorize) {
-                builder.append("                <div class=\"form-group form-check py-1\">");
-                builder.append(
-                    "                    <input class=\"form-check-input\" type=\"checkbox\" name=\"scope\" value=\""
-                               + scope + "\" id=\"" + scope + "\">");
-                builder.append("                    <label class=\"form-check-label\" for=\""
-                               + scope + "\">" + scope + "</label>");
-                builder.append("                </div>");
-            }
-
-            if (!scopesPreviouslyAuthorized.isEmpty()) {
-                builder.append(
-                    "                <p>You have already granted the following permissions to the above app:</p>");
-                for (String scope : scopesPreviouslyAuthorized) {
-                    builder.append("                <div class=\"form-group form-check py-1\">");
-                    builder.append(
-                        "                    <input class=\"form-check-input\" type=\"checkbox\" name=\"scope\" id=\""
-                                   + scope + "\" checked disabled>");
-                    builder.append("                    <label class=\"form-check-label\" for=\""
-                                   + scope + "\">" + scope + "</label>");
-                    builder.append("                </div>");
-                }
-            }
-
-            builder.append("                <div class=\"form-group pt-3\">");
-            builder.append(
-                "                    <button class=\"btn btn-primary btn-lg\" type=\"submit\" id=\"submit-consent\">Submit Consent</button>");
-            builder.append("                </div>");
-            builder.append("                <div class=\"form-group\">");
-            builder.append(
-                "                    <button class=\"btn btn-link regular\" type=\"button\" onclick=\"cancelConsent();\" id=\"cancel-consent\">Cancel</button>");
-            builder.append("                </div>");
-            builder.append("            </form>");
-            builder.append("        </div>");
-            builder.append("    </div>");
-            builder.append("    <div class=\"row pt-4\">");
-            builder.append("        <div class=\"col text-center\">");
-            builder.append(
-                "            <p><small>Your consent to provide access is required.<br/>If you do not approve, click Cancel, in which case no information will be shared with the app.</small></p>");
-            builder.append("        </div>");
-            builder.append("    </div>");
-            builder.append("</div>");
-            builder.append("</body>");
-            builder.append("</html>");
-
-            return builder.toString();
-        }
-    }
 }
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/OAuth2AuthorizationImplicitConsentAuthenticationConverter.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/EiamOAuth2AuthorizationImplicitConsentAuthenticationConverter.java
similarity index 97%
rename from eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/OAuth2AuthorizationImplicitConsentAuthenticationConverter.java
rename to eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/EiamOAuth2AuthorizationImplicitConsentAuthenticationConverter.java
index adbcb108..649286d7 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/OAuth2AuthorizationImplicitConsentAuthenticationConverter.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/EiamOAuth2AuthorizationImplicitConsentAuthenticationConverter.java
@@ -44,8 +44,8 @@ import static cn.topiam.employee.protocol.oidc.util.EiamOAuth2Utils.getParameter
  * Created by support@topiam.cn on  2022/11/10 22:53
  */
 @SuppressWarnings("All")
-public final class OAuth2AuthorizationImplicitConsentAuthenticationConverter implements
-                                                                             AuthenticationConverter {
+public final class EiamOAuth2AuthorizationImplicitConsentAuthenticationConverter implements
+                                                                                 AuthenticationConverter {
     private static final String         DEFAULT_ERROR_URI        = "https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1";
     private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken(
         "anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/EiamOAuth2AuthorizationImplicitConsentAuthenticationToken.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/EiamOAuth2AuthorizationImplicitConsentAuthenticationToken.java
index aa291481..f790f6c6 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/EiamOAuth2AuthorizationImplicitConsentAuthenticationToken.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/implicit/EiamOAuth2AuthorizationImplicitConsentAuthenticationToken.java
@@ -17,11 +17,7 @@
  */
 package cn.topiam.employee.protocol.oidc.authentication.implicit;
 
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 
 import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/password/EiamOAuth2AuthorizationPasswordAuthenticationConverter.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/password/EiamOAuth2AuthorizationPasswordAuthenticationConverter.java
index 7e01c631..281ae17a 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/password/EiamOAuth2AuthorizationPasswordAuthenticationConverter.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/password/EiamOAuth2AuthorizationPasswordAuthenticationConverter.java
@@ -27,7 +27,8 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.oauth2.core.*;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.web.authentication.AuthenticationConverter;
 import org.springframework.util.MultiValueMap;
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/password/EiamOAuth2AuthorizationPasswordAuthenticationProvider.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/password/EiamOAuth2AuthorizationPasswordAuthenticationProvider.java
index 74a160ea..8227872b 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/password/EiamOAuth2AuthorizationPasswordAuthenticationProvider.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/authentication/password/EiamOAuth2AuthorizationPasswordAuthenticationProvider.java
@@ -50,6 +50,8 @@ import org.springframework.security.oauth2.server.authorization.token.OAuth2Toke
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
+
+import cn.topiam.employee.audit.context.AuditContext;
 import static cn.topiam.employee.protocol.oidc.util.EiamOAuth2Utils.getAuthenticatedClientElseThrowInvalidClient;
 
 /**
@@ -58,7 +60,7 @@ import static cn.topiam.employee.protocol.oidc.util.EiamOAuth2Utils.getAuthentic
  * @author TopIAM
  * Created by support@topiam.cn on  2022/10/27 22:48
  */
-@SuppressWarnings("AlibabaClassNamingShouldBeCamel")
+@SuppressWarnings({ "AlibabaClassNamingShouldBeCamel", "AlibabaMethodTooLong" })
 public class EiamOAuth2AuthorizationPasswordAuthenticationProvider extends
                                                                    DaoAuthenticationProvider {
     private static final Logger                               LOGGER              = LogManager
@@ -205,7 +207,8 @@ public class EiamOAuth2AuthorizationPasswordAuthenticationProvider extends
         Map<String, Object> additionalParameters = Collections.emptyMap();
 
         LOGGER.debug("returning OAuth2AccessTokenAuthenticationToken");
-
+        //放入审计上下文中
+        AuditContext.setAuthorization(authorization.getAttribute(Principal.class.getName()));
         return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal,
             accessToken, refreshToken, additionalParameters);
         // @formatter:on
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/configuration/OidcConfiguration.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/configuration/OidcConfiguration.java
new file mode 100644
index 00000000..4646f2bf
--- /dev/null
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/configuration/OidcConfiguration.java
@@ -0,0 +1,80 @@
+/*
+ * eiam-protocol-oidc - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.protocol.oidc.configuration;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
+import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
+
+import cn.topiam.employee.common.repository.app.AppOidcConfigRepository;
+import cn.topiam.employee.protocol.oidc.jwt.EiamOAuth2TokenCustomizer;
+import cn.topiam.employee.protocol.oidc.repository.OidcConfigRegisteredClientRepository;
+import cn.topiam.employee.protocol.oidc.service.EiamRedisOAuth2AuthorizationConsentService;
+import cn.topiam.employee.protocol.oidc.service.EiamRedisOAuth2AuthorizationService;
+
+/**
+ *
+ * @author SanLi
+ * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on  2022/12/25 23:06
+ */
+@Configuration
+public class OidcConfiguration {
+
+    /**
+     * 注册客户端 Repository
+     *
+     * @return {@link RegisteredClientRepository}
+     */
+    @Bean
+    public RegisteredClientRepository registeredClientRepository(AppOidcConfigRepository appOidcConfigRepository) {
+        return new OidcConfigRegisteredClientRepository(appOidcConfigRepository);
+    }
+
+    /**
+     * Authorization Service
+     *
+     * @param redisTemplate               {@link JdbcTemplate}
+     * @return {@link OAuth2AuthorizationService}
+     */
+    @Bean
+    public OAuth2AuthorizationService authorizationService(RedisTemplate<Object, Object> redisTemplate) {
+        return new EiamRedisOAuth2AuthorizationService(redisTemplate);
+    }
+
+    /**
+     * OAuth2 Authorization Consent Service
+     *
+     * @param redisTemplate {@link RedisTemplate}
+     * @return {@link OAuth2AuthorizationConsentService}
+     */
+    @Bean
+    public OAuth2AuthorizationConsentService authorizationConsentService(RedisTemplate<Object, Object> redisTemplate) {
+        return new EiamRedisOAuth2AuthorizationConsentService(redisTemplate);
+    }
+
+    @Bean
+    public OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer() {
+        return new EiamOAuth2TokenCustomizer();
+    }
+}
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/context/package-info.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/configuration/package-info.java
similarity index 93%
rename from eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/context/package-info.java
rename to eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/configuration/package-info.java
index b47dde8e..ddb7961e 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/context/package-info.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/configuration/package-info.java
@@ -15,4 +15,4 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package cn.topiam.employee.protocol.oidc.context;
\ No newline at end of file
+package cn.topiam.employee.protocol.oidc.configuration;
\ No newline at end of file
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/handler/PortalOAuth2AuthenticationEntryPoint.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/handler/PortalOAuth2AuthenticationEntryPoint.java
deleted file mode 100644
index 22f84b85..00000000
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/handler/PortalOAuth2AuthenticationEntryPoint.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * eiam-protocol-oidc - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package cn.topiam.employee.protocol.oidc.handler;
-
-import java.io.IOException;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.AuthenticationException;
-
-import cn.topiam.employee.core.context.ServerContextHelp;
-import cn.topiam.employee.core.security.savedredirect.HttpSessionRedirectCache;
-import cn.topiam.employee.core.security.savedredirect.RedirectCache;
-import cn.topiam.employee.support.result.ApiRestResult;
-import cn.topiam.employee.support.util.HttpResponseUtils;
-import static org.springframework.http.HttpStatus.UNAUTHORIZED;
-
-import static cn.topiam.employee.common.constants.AuthorizeConstants.FE_LOGIN;
-import static cn.topiam.employee.support.context.ServletContextHelp.acceptIncludeTextHtml;
-
-/**
- * 认证入口点
- *
- * @author TopIAM
- * Created by support@topiam.cn on 2020/9/2 22:11
- */
-@SuppressWarnings({ "AlibabaClassNamingShouldBeCamel", "DuplicatedCode" })
-public class PortalOAuth2AuthenticationEntryPoint implements
-                                                  org.springframework.security.web.AuthenticationEntryPoint {
-    /**
-     * 日志
-     */
-    private final Logger        logger        = LoggerFactory.getLogger(this.getClass());
-
-    private final RedirectCache redirectCache = new HttpSessionRedirectCache();
-
-    /**
-     * Commences an authentication scheme.
-     * <p>
-     * <code>ExceptionTranslationFilter</code> will populate the <code>HttpSession</code>
-     * attribute named
-     * <code>AbstractAuthenticationProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY</code>
-     * with the requested target URL before calling this method.
-     * <p>
-     * Implementations should modify the headers on the <code>ServletResponse</code> as
-     * necessary to commence the authentication process.
-     *
-     * @param request       that resulted in an <code>AuthenticationException</code>
-     * @param response      so that the user agent can begin authentication
-     * @param authException that caused the invocation
-     */
-    @Override
-    public void commence(HttpServletRequest request, HttpServletResponse response,
-                         AuthenticationException authException) throws IOException {
-        logger.info("----------------------------------------------------------");
-        logger.info("未登录, 或登录过期");
-        //记录
-        redirectCache.saveRedirect(request, response, RedirectCache.RedirectType.REQUEST);
-        //判断请求
-        boolean isTextHtml = acceptIncludeTextHtml(request);
-        //JSON
-        if (!isTextHtml) {
-            ApiRestResult<Object> result = ApiRestResult.builder()
-                .status(String.valueOf(UNAUTHORIZED.value())).message(StringUtils
-                    .defaultString(authException.getMessage(), UNAUTHORIZED.getReasonPhrase()))
-                .build();
-            HttpResponseUtils.flushResponseJson(response, UNAUTHORIZED.value(), result);
-        }
-        // HTML
-        else {
-            //跳转前端SESSION过期路由
-            response.sendRedirect(ServerContextHelp.getPortalPublicBaseUrl() + FE_LOGIN);
-        }
-        logger.info("----------------------------------------------------------");
-    }
-}
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/jwk/Jwks.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/jwk/Jwks.java
deleted file mode 100644
index fe7087d8..00000000
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/jwk/Jwks.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * eiam-protocol-oidc - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package cn.topiam.employee.protocol.oidc.jwk;
-
-import java.security.KeyPair;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.ECPublicKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-import java.util.UUID;
-
-import javax.crypto.SecretKey;
-
-import com.nimbusds.jose.jwk.Curve;
-import com.nimbusds.jose.jwk.ECKey;
-import com.nimbusds.jose.jwk.OctetSequenceKey;
-import com.nimbusds.jose.jwk.RSAKey;
-
-/**
- * JWK
- *
- * @author TopIAM
- * Created by support@topiam.cn on  2022/7/3 22:57
- */
-public final class Jwks {
-
-    private Jwks() {
-    }
-
-    public static RSAKey generateRsa() {
-        KeyPair keyPair = KeyGeneratorUtils.generateRsaKey();
-        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
-        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
-        // @formatter:off
-        return new RSAKey.Builder(publicKey)
-                .privateKey(privateKey)
-                .keyID(UUID.randomUUID().toString())
-                .build();
-        // @formatter:on
-    }
-
-    public static ECKey generateEc() {
-        KeyPair keyPair = KeyGeneratorUtils.generateEcKey();
-        ECPublicKey publicKey = (ECPublicKey) keyPair.getPublic();
-        ECPrivateKey privateKey = (ECPrivateKey) keyPair.getPrivate();
-        Curve curve = Curve.forECParameterSpec(publicKey.getParams());
-        // @formatter:off
-        return new ECKey.Builder(curve, publicKey)
-                .privateKey(privateKey)
-                .keyID(UUID.randomUUID().toString())
-                .build();
-        // @formatter:on
-    }
-
-    public static OctetSequenceKey generateSecret() {
-        SecretKey secretKey = KeyGeneratorUtils.generateSecretKey();
-        // @formatter:off
-        return new OctetSequenceKey.Builder(secretKey)
-                .keyID(UUID.randomUUID().toString())
-                .build();
-        // @formatter:on
-    }
-}
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/jwk/KeyGeneratorUtils.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/jwk/KeyGeneratorUtils.java
deleted file mode 100644
index 44cbe635..00000000
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/jwk/KeyGeneratorUtils.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * eiam-protocol-oidc - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package cn.topiam.employee.protocol.oidc.jwk;
-
-import java.math.BigInteger;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.spec.ECFieldFp;
-import java.security.spec.ECParameterSpec;
-import java.security.spec.ECPoint;
-import java.security.spec.EllipticCurve;
-
-import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
-
-/**
- * KeyGeneratorUtils
- *
- * @author TopIAM
- * Created by support@topiam.cn on  2022/7/3 22:57
- */
-public final class KeyGeneratorUtils {
-
-    private KeyGeneratorUtils() {
-    }
-
-    static SecretKey generateSecretKey() {
-        SecretKey hmacKey;
-        try {
-            hmacKey = KeyGenerator.getInstance("HmacSha256").generateKey();
-        } catch (Exception ex) {
-            throw new IllegalStateException(ex);
-        }
-        return hmacKey;
-    }
-
-    static KeyPair generateRsaKey() {
-        KeyPair keyPair;
-        try {
-            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
-            keyPairGenerator.initialize(2048);
-            keyPair = keyPairGenerator.generateKeyPair();
-        } catch (Exception ex) {
-            throw new IllegalStateException(ex);
-        }
-        return keyPair;
-    }
-
-    static KeyPair generateEcKey() {
-        EllipticCurve ellipticCurve = new EllipticCurve(
-            new ECFieldFp(new BigInteger(
-                "115792089210356248762697446949407573530086143415290314195533631308867097853951")),
-            new BigInteger(
-                "115792089210356248762697446949407573530086143415290314195533631308867097853948"),
-            new BigInteger(
-                "41058363725152142129326129780047268409114441015993725554835256314039467401291"));
-        ECPoint ecPoint = new ECPoint(
-            new BigInteger(
-                "48439561293906451759052585252797914202762949526041747995844080717082404635286"),
-            new BigInteger(
-                "36134250956749795798585127919587881956611106672985015071877198253568414405109"));
-        ECParameterSpec ecParameterSpec = new ECParameterSpec(ellipticCurve, ecPoint,
-            new BigInteger(
-                "115792089210356248762697446949407573529996955224135760342422259061068512044369"),
-            1);
-
-        KeyPair keyPair;
-        try {
-            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
-            keyPairGenerator.initialize(ecParameterSpec);
-            keyPair = keyPairGenerator.generateKeyPair();
-        } catch (Exception ex) {
-            throw new IllegalStateException(ex);
-        }
-        return keyPair;
-    }
-}
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/jwt/ApplicationJwtDecoder.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/jwt/ApplicationJwtDecoder.java
index ca1f5154..dfb65da3 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/jwt/ApplicationJwtDecoder.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/jwt/ApplicationJwtDecoder.java
@@ -46,7 +46,6 @@ public class ApplicationJwtDecoder implements JwtDecoder {
     public Jwt decode(String token) throws JwtException {
         ApplicationContext applicationContext = ApplicationContextHolder.getApplicationContext();
         Long appId = applicationContext.getAppId();
-        String appCode = applicationContext.getAppCode();
         try {
             Optional<AppCertEntity> certOptional = appCertRepository.findByAppIdAndUsingType(appId,
                 AppCertUsingType.OIDC_JWK);
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/jwt/EiamOAuth2TokenCustomizer.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/jwt/EiamOAuth2TokenCustomizer.java
new file mode 100644
index 00000000..d8011cf2
--- /dev/null
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/jwt/EiamOAuth2TokenCustomizer.java
@@ -0,0 +1,84 @@
+/*
+ * eiam-protocol-oidc - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.protocol.oidc.jwt;
+
+import java.security.Principal;
+import java.util.Objects;
+import java.util.Set;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
+import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
+import org.springframework.security.oauth2.jwt.JwsHeader;
+import org.springframework.security.oauth2.jwt.JwtClaimsSet;
+import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
+import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
+
+import cn.topiam.employee.application.context.ApplicationContext;
+import cn.topiam.employee.application.context.ApplicationContextHolder;
+import cn.topiam.employee.common.entity.account.UserEntity;
+import cn.topiam.employee.common.repository.account.UserRepository;
+import cn.topiam.employee.core.security.userdetails.UserDetails;
+import cn.topiam.employee.support.context.ApplicationContextHelp;
+import static org.springframework.security.oauth2.core.oidc.OidcScopes.*;
+
+import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER;
+
+/**
+ * 令牌定制器
+ *
+ * @author SanLi
+ * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on  2022/12/26 16:44
+ */
+@SuppressWarnings({ "unused", "AlibabaClassNamingShouldBeCamel" })
+public class EiamOAuth2TokenCustomizer implements OAuth2TokenCustomizer<JwtEncodingContext> {
+
+    @Override
+    public void customize(JwtEncodingContext context) {
+        //@formatter:off
+        Set<String> authorizedScopes = context.getAuthorizedScopes();
+        JwsHeader.Builder headers = context.getJwsHeader();
+        JwtClaimsSet.Builder claims = context.getClaims();
+        if (context.getTokenType().getValue().equals(OidcParameterNames.ID_TOKEN)) {
+            OAuth2Authorization auth2Authorization = context.getAuthorization();
+            Authentication authentication = auth2Authorization.getAttribute(Principal.class.getName());
+            UserDetails principal = (UserDetails) authentication.getPrincipal();
+            ApplicationContext applicationContext = ApplicationContextHolder.getApplicationContext();
+            Long appId = applicationContext.getAppId();
+            UserRepository userRepository = ApplicationContextHelp.getBean(UserRepository.class);
+            UserEntity user = userRepository.findByUsername(principal.getUsername());
+            // Customize headers/claims for id_token
+            if (authorizedScopes.contains(EMAIL)) {
+                claims.claim(StandardClaimNames.EMAIL, StringUtils.defaultString(user.getEmail(), ""));
+                claims.claim(StandardClaimNames.EMAIL_VERIFIED, !Objects.isNull(user.getEmailVerified()) && user.getEmailVerified());
+            }
+            if (authorizedScopes.contains(PHONE)) {
+                claims.claim(StandardClaimNames.PHONE_NUMBER, StringUtils.defaultString(user.getPhone(), ""));
+                claims.claim(StandardClaimNames.PHONE_NUMBER_VERIFIED, !Objects.isNull(user.getPhoneVerified()) && user.getPhoneVerified());
+            }
+            if (authorizedScopes.contains(PROFILE)) {
+                claims.claim(StandardClaimNames.NAME, StringUtils.defaultString(user.getFullName(), ""));
+                claims.claim(StandardClaimNames.NICKNAME, StringUtils.defaultString(user.getNickName(), ""));
+                claims.claim(StandardClaimNames.UPDATED_AT, user.getUpdateTime().format(DEFAULT_DATE_TIME_FORMATTER));
+            }
+        }
+        //@formatter:on
+    }
+}
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/service/RedisOAuth2AuthorizationConsentService.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/service/EiamRedisOAuth2AuthorizationConsentService.java
similarity index 83%
rename from eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/service/RedisOAuth2AuthorizationConsentService.java
rename to eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/service/EiamRedisOAuth2AuthorizationConsentService.java
index 4e3d2bd4..7f53247c 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/service/RedisOAuth2AuthorizationConsentService.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/service/EiamRedisOAuth2AuthorizationConsentService.java
@@ -20,11 +20,10 @@ package cn.topiam.employee.protocol.oidc.service;
 import java.util.concurrent.TimeUnit;
 
 import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.serializer.JdkSerializationRedisSerializer;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService;
 import org.springframework.util.Assert;
-
-import lombok.RequiredArgsConstructor;
 import static cn.topiam.employee.support.constant.EiamConstants.COLON;
 
 /**
@@ -33,17 +32,22 @@ import static cn.topiam.employee.support.constant.EiamConstants.COLON;
  * Created by support@topiam.cn on  2022/10/31 20:41
  */
 @SuppressWarnings("ALL")
-@RequiredArgsConstructor
-public class RedisOAuth2AuthorizationConsentService implements OAuth2AuthorizationConsentService {
+public class EiamRedisOAuth2AuthorizationConsentService implements
+                                                        OAuth2AuthorizationConsentService {
 
     private final RedisTemplate<Object, Object> redisTemplate;
 
     private static final Long                   TIMEOUT = 10L;
 
+    public EiamRedisOAuth2AuthorizationConsentService(RedisTemplate<Object, Object> redisTemplate) {
+        this.redisTemplate = redisTemplate;
+        this.redisTemplate.setValueSerializer(new JdkSerializationRedisSerializer());
+        this.redisTemplate.setHashValueSerializer(new JdkSerializationRedisSerializer());
+    }
+
     @Override
     public void save(OAuth2AuthorizationConsent authorizationConsent) {
         Assert.notNull(authorizationConsent, "authorizationConsent cannot be null");
-
         redisTemplate.opsForValue().set(buildKey(authorizationConsent), authorizationConsent,
             TIMEOUT, TimeUnit.MINUTES);
 
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/service/RedisOAuth2AuthorizationService.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/service/EiamRedisOAuth2AuthorizationService.java
similarity index 90%
rename from eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/service/RedisOAuth2AuthorizationService.java
rename to eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/service/EiamRedisOAuth2AuthorizationService.java
index ced1e114..4990e682 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/service/RedisOAuth2AuthorizationService.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/service/EiamRedisOAuth2AuthorizationService.java
@@ -24,7 +24,7 @@ import java.util.Objects;
 import java.util.concurrent.TimeUnit;
 
 import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.data.redis.serializer.RedisSerializer;
+import org.springframework.data.redis.serializer.JdkSerializationRedisSerializer;
 import org.springframework.lang.Nullable;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2RefreshToken;
@@ -34,8 +34,7 @@ import org.springframework.security.oauth2.server.authorization.OAuth2Authorizat
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
 import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
 import org.springframework.util.Assert;
-
-import lombok.RequiredArgsConstructor;
+import static cn.topiam.employee.support.constant.EiamConstants.COLON;
 
 /**
  * RedisOAuth2AuthorizationService
@@ -44,8 +43,7 @@ import lombok.RequiredArgsConstructor;
  * Created by support@topiam.cn on  2022/10/31 20:41
  */
 @SuppressWarnings("ALL")
-@RequiredArgsConstructor
-public class RedisOAuth2AuthorizationService implements OAuth2AuthorizationService {
+public class EiamRedisOAuth2AuthorizationService implements OAuth2AuthorizationService {
 
     private static final Long                   TIMEOUT       = 10L;
 
@@ -53,13 +51,19 @@ public class RedisOAuth2AuthorizationService implements OAuth2AuthorizationServi
 
     private final RedisTemplate<Object, Object> redisTemplate;
 
+    public EiamRedisOAuth2AuthorizationService(RedisTemplate<Object, Object> redisTemplate) {
+        redisTemplate.setValueSerializer(new JdkSerializationRedisSerializer());
+        redisTemplate.setHashValueSerializer(new JdkSerializationRedisSerializer());
+        this.redisTemplate = redisTemplate;
+    }
+
     @Override
     public void save(OAuth2Authorization authorization) {
         Assert.notNull(authorization, "authorization cannot be null");
 
         if (isState(authorization)) {
             String token = authorization.getAttribute(OAuth2ParameterNames.STATE);
-            redisTemplate.setValueSerializer(RedisSerializer.java());
+
             redisTemplate.opsForValue().set(buildKey(OAuth2ParameterNames.STATE, token),
                 authorization, TIMEOUT, TimeUnit.MINUTES);
         }
@@ -70,7 +74,7 @@ public class RedisOAuth2AuthorizationService implements OAuth2AuthorizationServi
             OAuth2AuthorizationCode authorizationCodeToken = authorizationCode.getToken();
             long between = ChronoUnit.MINUTES.between(authorizationCodeToken.getIssuedAt(),
                 authorizationCodeToken.getExpiresAt());
-            redisTemplate.setValueSerializer(RedisSerializer.java());
+
             redisTemplate.opsForValue().set(
                 buildKey(OAuth2ParameterNames.CODE, authorizationCodeToken.getTokenValue()),
                 authorization, between, TimeUnit.MINUTES);
@@ -80,7 +84,7 @@ public class RedisOAuth2AuthorizationService implements OAuth2AuthorizationServi
             OAuth2RefreshToken refreshToken = authorization.getRefreshToken().getToken();
             long between = ChronoUnit.SECONDS.between(refreshToken.getIssuedAt(),
                 refreshToken.getExpiresAt());
-            redisTemplate.setValueSerializer(RedisSerializer.java());
+
             redisTemplate.opsForValue().set(
                 buildKey(OAuth2ParameterNames.REFRESH_TOKEN, refreshToken.getTokenValue()),
                 authorization, between, TimeUnit.SECONDS);
@@ -90,7 +94,7 @@ public class RedisOAuth2AuthorizationService implements OAuth2AuthorizationServi
             OAuth2AccessToken accessToken = authorization.getAccessToken().getToken();
             long between = ChronoUnit.SECONDS.between(accessToken.getIssuedAt(),
                 accessToken.getExpiresAt());
-            redisTemplate.setValueSerializer(RedisSerializer.java());
+
             redisTemplate.opsForValue().set(
                 buildKey(OAuth2ParameterNames.ACCESS_TOKEN, accessToken.getTokenValue()),
                 authorization, between, TimeUnit.SECONDS);
@@ -137,13 +141,13 @@ public class RedisOAuth2AuthorizationService implements OAuth2AuthorizationServi
     public OAuth2Authorization findByToken(String token, @Nullable OAuth2TokenType tokenType) {
         Assert.hasText(token, "token cannot be empty");
         Assert.notNull(tokenType, "tokenType cannot be empty");
-        redisTemplate.setValueSerializer(RedisSerializer.java());
+
         return (OAuth2Authorization) redisTemplate.opsForValue()
             .get(buildKey(tokenType.getValue(), token));
     }
 
-    private String buildKey(String type, String id) {
-        return String.format("%s::%s::%s", AUTHORIZATION, type, id);
+    private String buildKey(String type, String token) {
+        return String.format("%s" + COLON + "%s" + COLON + "%s", AUTHORIZATION, type, token);
     }
 
     private static boolean isState(OAuth2Authorization authorization) {
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/token/EiamOAuth2TokenGenerator.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/token/EiamOAuth2TokenGenerator.java
deleted file mode 100644
index 6a530bc5..00000000
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/token/EiamOAuth2TokenGenerator.java
+++ /dev/null
@@ -1,188 +0,0 @@
-/*
- * eiam-protocol-oidc - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package cn.topiam.employee.protocol.oidc.token;
-
-import java.time.Instant;
-import java.time.temporal.ChronoUnit;
-import java.util.Collections;
-import java.util.Set;
-
-import org.springframework.lang.Nullable;
-import org.springframework.security.oauth2.core.AuthorizationGrantType;
-import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
-import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
-import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
-import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
-import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
-import org.springframework.security.oauth2.jwt.*;
-import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
-import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
-import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
-import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
-import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
-import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
-import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
-import org.springframework.util.Assert;
-import org.springframework.util.CollectionUtils;
-import org.springframework.util.StringUtils;
-
-import cn.topiam.employee.application.context.ApplicationContext;
-import cn.topiam.employee.application.context.ApplicationContextHolder;
-import cn.topiam.employee.common.entity.account.UserEntity;
-import cn.topiam.employee.core.security.userdetails.UserDetails;
-import cn.topiam.employee.core.security.util.UserUtils;
-import static org.springframework.security.oauth2.core.oidc.OidcScopes.*;
-
-/**
- * EiamOAuth2TokenGenerator
- *
- * @author TopIAM
- * Created by support@topiam.cn on  2022/10/27 00:06
- */
-@SuppressWarnings({ "unused", "AlibabaClassNamingShouldBeCamel", "AlibabaAvoidComplexCondition",
-                    "AlibabaMethodTooLong" })
-public final class EiamOAuth2TokenGenerator implements OAuth2TokenGenerator<Jwt> {
-    private final JwtEncoder                          jwtEncoder;
-    private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer;
-
-    /**
-     * Constructs a {@code JwtGenerator} using the provided parameters.
-     *
-     * @param jwtEncoder the jwt encoder
-     */
-    public EiamOAuth2TokenGenerator(JwtEncoder jwtEncoder) {
-        Assert.notNull(jwtEncoder, "jwtEncoder cannot be null");
-        this.jwtEncoder = jwtEncoder;
-    }
-
-    @Nullable
-    @Override
-    public Jwt generate(OAuth2TokenContext context) {
-        // @formatter:off
-        if (context.getTokenType() == null || (!OAuth2TokenType.ACCESS_TOKEN.equals(context.getTokenType()) && !OidcParameterNames.ID_TOKEN.equals(context.getTokenType().getValue()))) {
-            return null;
-        }
-        if (OAuth2TokenType.ACCESS_TOKEN.equals(context.getTokenType()) && !OAuth2TokenFormat.SELF_CONTAINED.equals(context.getRegisteredClient().getTokenSettings().getAccessTokenFormat())) {
-            return null;
-        }
-
-        String issuer = null;
-        if (context.getAuthorizationServerContext() != null) {
-            issuer = context.getAuthorizationServerContext().getIssuer();
-        }
-        RegisteredClient registeredClient = context.getRegisteredClient();
-
-        Instant issuedAt = Instant.now();
-        Instant expiresAt;
-        if (OidcParameterNames.ID_TOKEN.equals(context.getTokenType().getValue())) {
-            // TODO Allow configuration for ID Token time-to-live
-            // TODO ID token 默认为 30 分钟，通过上下文拿配置倒是也可以，但是更想从 RegisteredClient  拿配置，
-            //  等 https://github.com/spring-projects/spring-authorization-server/issues/790 支持后支持
-            expiresAt = issuedAt.plus(30, ChronoUnit.MINUTES);
-        } else {
-            expiresAt = issuedAt.plus(registeredClient.getTokenSettings().getAccessTokenTimeToLive());
-        }
-
-        // @formatter:off
-        JwtClaimsSet.Builder claimsBuilder = JwtClaimsSet.builder();
-        if (StringUtils.hasText(issuer)) {
-            claimsBuilder.issuer(issuer);
-        }
-        UserDetails principal = (UserDetails) context.getPrincipal().getPrincipal();
-        UserEntity user = UserUtils.getUser(principal.getId());
-        Set<String> scopes = context.getAuthorizedScopes();
-        claimsBuilder
-                .subject(principal.getId())
-                .audience(Collections.singletonList(registeredClient.getClientId()))
-                .issuedAt(issuedAt)
-                .expiresAt(expiresAt);
-        if (OAuth2TokenType.ACCESS_TOKEN.equals(context.getTokenType())) {
-            claimsBuilder.notBefore(issuedAt);
-            if (!CollectionUtils.isEmpty(scopes)) {
-                claimsBuilder.claim(OAuth2ParameterNames.SCOPE, scopes);
-            }
-        }
-        //根据配置封装ID Token
-        else if (OidcParameterNames.ID_TOKEN.equals(context.getTokenType().getValue())) {
-            claimsBuilder.claim(IdTokenClaimNames.AZP, registeredClient.getClientId());
-            ApplicationContext applicationContext = ApplicationContextHolder.getApplicationContext();
-            //手机号
-            if (scopes.contains(PHONE) && StringUtils.hasText(user.getPhone())){
-                claimsBuilder.claim(PHONE, user.getPhone());
-            }
-            //邮箱
-            if (scopes.contains(EMAIL) && StringUtils.hasText(user.getEmail())){
-                claimsBuilder.claim(EMAIL, user.getEmail());
-            }
-            //profile
-            if (scopes.contains(PROFILE)){
-
-            }
-            if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(context.getAuthorizationGrantType())) {
-                OAuth2AuthorizationRequest authorizationRequest = context.getAuthorization().getAttribute(OAuth2AuthorizationRequest.class.getName());
-                String nonce = (String) authorizationRequest.getAdditionalParameters().get(OidcParameterNames.NONCE);
-                if (StringUtils.hasText(nonce)) {
-                    claimsBuilder.claim(IdTokenClaimNames.NONCE, nonce);
-                }
-            }
-            // TODO Add 'auth_time' claim
-        }
-        // @formatter:on
-
-        JwsHeader.Builder headersBuilder = JwsHeader.with(SignatureAlgorithm.RS256);
-
-        if (this.jwtCustomizer != null) {
-            // @formatter:off
-            JwtEncodingContext.Builder jwtContextBuilder = JwtEncodingContext.with(headersBuilder, claimsBuilder)
-                    .registeredClient(context.getRegisteredClient())
-                    .principal(context.getPrincipal())
-                    .authorizationServerContext(context.getAuthorizationServerContext())
-                    .authorizedScopes(context.getAuthorizedScopes())
-                    .tokenType(context.getTokenType())
-                    .authorizationGrantType(context.getAuthorizationGrantType());
-            if (context.getAuthorization() != null) {
-                jwtContextBuilder.authorization(context.getAuthorization());
-            }
-            if (context.getAuthorizationGrant() != null) {
-                jwtContextBuilder.authorizationGrant(context.getAuthorizationGrant());
-            }
-            // @formatter:on
-
-            JwtEncodingContext jwtContext = jwtContextBuilder.build();
-            this.jwtCustomizer.customize(jwtContext);
-        }
-
-        JwsHeader headers = headersBuilder.build();
-        JwtClaimsSet claims = claimsBuilder.build();
-
-        return this.jwtEncoder.encode(JwtEncoderParameters.from(headers, claims));
-    }
-
-    /**
-     * Sets the {@link OAuth2TokenCustomizer} that customizes the
-     * {@link JwtEncodingContext#getJwsHeader()} () headers} and/or
-     * {@link JwtEncodingContext#getClaims() claims} for the generated {@link Jwt}.
-     *
-     * @param jwtCustomizer the {@link OAuth2TokenCustomizer} that customizes the headers and/or claims for the generated {@code Jwt}
-     */
-    public void setJwtCustomizer(OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer) {
-        Assert.notNull(jwtCustomizer, "jwtCustomizer cannot be null");
-        this.jwtCustomizer = jwtCustomizer;
-    }
-
-}
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/token/ApplicationOpaqueTokenIntrospector.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/token/EiamOpaqueTokenIntrospector.java
similarity index 94%
rename from eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/token/ApplicationOpaqueTokenIntrospector.java
rename to eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/token/EiamOpaqueTokenIntrospector.java
index 6808cde6..f1f39374 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/token/ApplicationOpaqueTokenIntrospector.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/token/EiamOpaqueTokenIntrospector.java
@@ -37,8 +37,6 @@ import org.springframework.util.CollectionUtils;
 
 import com.alibaba.fastjson2.JSON;
 
-import cn.topiam.employee.support.context.ApplicationContextHelp;
-
 import lombok.RequiredArgsConstructor;
 import static org.springframework.security.oauth2.server.authorization.OAuth2TokenType.ACCESS_TOKEN;
 
@@ -48,12 +46,12 @@ import static org.springframework.security.oauth2.server.authorization.OAuth2Tok
  * Created by support@topiam.cn on  2022/10/29 20:27
  */
 @RequiredArgsConstructor
-public class ApplicationOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
+public class EiamOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
 
     private static final String AUTHORITY_PREFIX = "SCOPE_";
 
     private final Logger        logger           = LoggerFactory
-        .getLogger(ApplicationOpaqueTokenIntrospector.class);
+        .getLogger(EiamOpaqueTokenIntrospector.class);
 
     /**
      * introspect
@@ -63,8 +61,6 @@ public class ApplicationOpaqueTokenIntrospector implements OpaqueTokenIntrospect
      */
     @Override
     public OAuth2AuthenticatedPrincipal introspect(String token) {
-        OAuth2AuthorizationService authorizationService = ApplicationContextHelp
-            .getBean(OAuth2AuthorizationService.class);
         OAuth2Authorization authorization = authorizationService.findByToken(token, ACCESS_TOKEN);
         if (authorization == null) {
             return null;
@@ -135,4 +131,6 @@ public class ApplicationOpaqueTokenIntrospector implements OpaqueTokenIntrospect
         });
         return new OAuth2IntrospectionAuthenticatedPrincipal(claims, authorities);
     }
+
+    private final OAuth2AuthorizationService authorizationService;
 }
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/util/EiamOAuth2Utils.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/util/EiamOAuth2Utils.java
index ccea21e0..8c54795f 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/util/EiamOAuth2Utils.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/employee/protocol/oidc/util/EiamOAuth2Utils.java
@@ -53,7 +53,6 @@ import cn.topiam.employee.common.repository.app.AppOidcConfigRepository;
 import cn.topiam.employee.protocol.oidc.authentication.implicit.EiamOAuth2AuthorizationImplicitAuthenticationException;
 import cn.topiam.employee.protocol.oidc.jwk.ApplicationJwkSource;
 import cn.topiam.employee.protocol.oidc.jwt.ApplicationJwtDecoder;
-import cn.topiam.employee.protocol.oidc.token.EiamOAuth2TokenGenerator;
 
 /**
  * EiamOAuth2Utils
@@ -150,7 +149,7 @@ public class EiamOAuth2Utils {
         if (tokenGenerator == null) {
             tokenGenerator = getOptionalBean(builder, OAuth2TokenGenerator.class);
             if (tokenGenerator == null) {
-                EiamOAuth2TokenGenerator jwtGenerator = getJwtGenerator(builder);
+                JwtGenerator jwtGenerator = getJwtGenerator(builder);
                 OAuth2AccessTokenGenerator accessTokenGenerator = new OAuth2AccessTokenGenerator();
                 OAuth2TokenCustomizer<OAuth2TokenClaimsContext> accessTokenCustomizer = getAccessTokenCustomizer(
                     builder);
@@ -171,18 +170,17 @@ public class EiamOAuth2Utils {
         return tokenGenerator;
     }
 
-    private static <B extends HttpSecurityBuilder<B>> EiamOAuth2TokenGenerator getJwtGenerator(B builder) {
-        EiamOAuth2TokenGenerator jwtGenerator = builder
-            .getSharedObject(EiamOAuth2TokenGenerator.class);
+    private static <B extends HttpSecurityBuilder<B>> JwtGenerator getJwtGenerator(B builder) {
+        JwtGenerator jwtGenerator = builder.getSharedObject(JwtGenerator.class);
         if (jwtGenerator == null) {
             JwtEncoder jwtEncoder = getJwtEncoder(builder);
             if (jwtEncoder != null) {
-                jwtGenerator = new EiamOAuth2TokenGenerator(jwtEncoder);
+                jwtGenerator = new JwtGenerator(jwtEncoder);
                 OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer = getJwtCustomizer(builder);
                 if (jwtCustomizer != null) {
                     jwtGenerator.setJwtCustomizer(jwtCustomizer);
                 }
-                builder.setSharedObject(EiamOAuth2TokenGenerator.class, jwtGenerator);
+                builder.setSharedObject(JwtGenerator.class, jwtGenerator);
             }
         }
         return jwtGenerator;
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2AuthorizationCodeEndpointConfigurer.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2AuthorizationCodeEndpointConfigurer.java
new file mode 100644
index 00000000..c0fd0cb0
--- /dev/null
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2AuthorizationCodeEndpointConfigurer.java
@@ -0,0 +1,170 @@
+/*
+ * eiam-protocol-oidc - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.function.Consumer;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.config.annotation.ObjectPostProcessor;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationContext;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationProvider;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationValidator;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationProvider;
+import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter;
+import org.springframework.security.oauth2.server.authorization.web.authentication.DelegatingAuthenticationConverter;
+import org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2AuthorizationCodeRequestAuthenticationConverter;
+import org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2AuthorizationConsentAuthenticationConverter;
+import org.springframework.security.web.DefaultRedirectStrategy;
+import org.springframework.security.web.RedirectStrategy;
+import org.springframework.security.web.authentication.AuthenticationConverter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.OrRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+
+import cn.topiam.employee.protocol.oidc.authentication.implicit.EiamOAuth2AuthorizationImplicitAuthenticationEndpointFilter;
+import static cn.topiam.employee.common.constants.ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_ENDPOINT;
+
+/**
+ * OAuth2 授权码端点配置
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/10/26 19:12
+ */
+@SuppressWarnings({ "All" })
+public final class EiamOAuth2AuthorizationCodeEndpointConfigurer extends AbstractOAuth2Configurer {
+
+    protected final Log                                                   logger                                 = LogFactory
+        .getLog(getClass());
+
+    private RequestMatcher                                                requestMatcher;
+    private final RedirectStrategy                                        redirectStrategy                       = new DefaultRedirectStrategy();
+    private final List<AuthenticationConverter>                           authorizationRequestConverters         = new ArrayList<>();
+    private Consumer<List<AuthenticationConverter>>                       authorizationRequestConvertersConsumer = (authorizationRequestConverters) -> {
+                                                                                                                 };
+    private final List<AuthenticationProvider>                            authenticationProviders                = new ArrayList<>();
+    private Consumer<List<AuthenticationProvider>>                        authenticationProvidersConsumer        = (authenticationProviders) -> {
+                                                                                                                 };
+    private String                                                        consentPage;
+
+    private Consumer<OAuth2AuthorizationCodeRequestAuthenticationContext> authorizationCodeRequestAuthenticationValidator;
+
+    /**
+     * Restrict for internal use only.
+     */
+    EiamOAuth2AuthorizationCodeEndpointConfigurer(ObjectPostProcessor<Object> objectPostProcessor) {
+        super(objectPostProcessor);
+    }
+
+    void addAuthorizationCodeRequestAuthenticationValidator(Consumer<OAuth2AuthorizationCodeRequestAuthenticationContext> authenticationValidator) {
+        this.authorizationCodeRequestAuthenticationValidator = this.authorizationCodeRequestAuthenticationValidator == null
+            ? authenticationValidator
+            : this.authorizationCodeRequestAuthenticationValidator.andThen(authenticationValidator);
+    }
+
+    @Override
+    void init(HttpSecurity httpSecurity) {
+        this.requestMatcher = new OrRequestMatcher(
+            new AntPathRequestMatcher(AUTHORIZATION_ENDPOINT, HttpMethod.GET.name()),
+            new AntPathRequestMatcher(AUTHORIZATION_ENDPOINT, HttpMethod.POST.name()));
+
+        List<AuthenticationProvider> authenticationProviders = createDefaultAuthenticationProviders(
+            httpSecurity);
+        if (!this.authenticationProviders.isEmpty()) {
+            authenticationProviders.addAll(0, this.authenticationProviders);
+        }
+        this.authenticationProvidersConsumer.accept(authenticationProviders);
+        authenticationProviders.forEach(authenticationProvider -> httpSecurity
+            .authenticationProvider(postProcess(authenticationProvider)));
+    }
+
+    @Override
+    void configure(HttpSecurity httpSecurity) {
+        AuthenticationManager authenticationManager = httpSecurity
+            .getSharedObject(AuthenticationManager.class);
+        OAuth2AuthorizationEndpointFilter authorizationEndpointFilter = new OAuth2AuthorizationEndpointFilter(
+            authenticationManager, AUTHORIZATION_ENDPOINT);
+        List<AuthenticationConverter> authenticationConverters = createDefaultAuthenticationConverters();
+        if (!this.authorizationRequestConverters.isEmpty()) {
+            authenticationConverters.addAll(0, this.authorizationRequestConverters);
+        }
+        this.authorizationRequestConvertersConsumer.accept(authenticationConverters);
+        authorizationEndpointFilter.setAuthenticationConverter(
+            new DelegatingAuthenticationConverter(authenticationConverters));
+        //确认请求页面地址
+        if (this.consentPage != null) {
+            authorizationEndpointFilter.setConsentPage(consentPage);
+        }
+        httpSecurity.addFilterAfter(postProcess(authorizationEndpointFilter),
+            EiamOAuth2AuthorizationImplicitAuthenticationEndpointFilter.class);
+    }
+
+    @Override
+    RequestMatcher getRequestMatcher() {
+        return this.requestMatcher;
+    }
+
+    /**
+     * 创建默认身份验证转换器
+     *
+     * @return {@link List}
+     */
+    private static List<AuthenticationConverter> createDefaultAuthenticationConverters() {
+        List<AuthenticationConverter> authenticationConverters = new ArrayList<>();
+        //授权码模式请求转换器
+        authenticationConverters.add(new OAuth2AuthorizationCodeRequestAuthenticationConverter());
+        //OAuth2授权同意认证转换器
+        authenticationConverters.add(new OAuth2AuthorizationConsentAuthenticationConverter());
+        return authenticationConverters;
+    }
+
+    private List<AuthenticationProvider> createDefaultAuthenticationProviders(HttpSecurity httpSecurity) {
+        List<AuthenticationProvider> authenticationProviders = new ArrayList<>();
+        //OAuth2授权码请求身份验证程序
+        OAuth2AuthorizationCodeRequestAuthenticationProvider authorizationCodeRequestAuthenticationProvider = new OAuth2AuthorizationCodeRequestAuthenticationProvider(
+            OAuth2ConfigurerUtils.getRegisteredClientRepository(httpSecurity),
+            OAuth2ConfigurerUtils.getAuthorizationService(httpSecurity),
+            OAuth2ConfigurerUtils.getAuthorizationConsentService(httpSecurity));
+        if (this.authorizationCodeRequestAuthenticationValidator != null) {
+            authorizationCodeRequestAuthenticationProvider.setAuthenticationValidator(
+                new OAuth2AuthorizationCodeRequestAuthenticationValidator()
+                    .andThen(this.authorizationCodeRequestAuthenticationValidator));
+        }
+        authenticationProviders.add(authorizationCodeRequestAuthenticationProvider);
+
+        //OAuth2授权码同意身份验证提供程序
+        OAuth2AuthorizationConsentAuthenticationProvider authorizationConsentAuthenticationProvider = new OAuth2AuthorizationConsentAuthenticationProvider(
+            OAuth2ConfigurerUtils.getRegisteredClientRepository(httpSecurity),
+            OAuth2ConfigurerUtils.getAuthorizationService(httpSecurity),
+            OAuth2ConfigurerUtils.getAuthorizationConsentService(httpSecurity));
+        authenticationProviders.add(authorizationConsentAuthenticationProvider);
+        return authenticationProviders;
+    }
+
+    public EiamOAuth2AuthorizationCodeEndpointConfigurer consentPage(String consentPage) {
+        this.consentPage = consentPage;
+        return this;
+    }
+
+}
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2AuthorizationEndpointConfigurer.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2AuthorizationEndpointConfigurer.java
deleted file mode 100644
index ef820365..00000000
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2AuthorizationEndpointConfigurer.java
+++ /dev/null
@@ -1,290 +0,0 @@
-/*
- * eiam-protocol-oidc - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.function.Consumer;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.springframework.http.HttpMethod;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.config.annotation.ObjectPostProcessor;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.oauth2.core.OAuth2Error;
-import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
-import org.springframework.security.oauth2.server.authorization.authentication.*;
-import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
-import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter;
-import org.springframework.security.oauth2.server.authorization.web.authentication.DelegatingAuthenticationConverter;
-import org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2AuthorizationCodeRequestAuthenticationConverter;
-import org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2AuthorizationConsentAuthenticationConverter;
-import org.springframework.security.web.authentication.AuthenticationConverter;
-import org.springframework.security.web.authentication.AuthenticationFailureHandler;
-import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
-import org.springframework.security.web.util.matcher.OrRequestMatcher;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
-
-import cn.topiam.employee.common.constants.ProtocolConstants;
-import cn.topiam.employee.protocol.oidc.authentication.implicit.EiamOAuth2AuthorizationImplicitAuthenticationEndpointFilter;
-
-/**
- * OAuth2 授权码端点配置
- *
- * @author TopIAM
- * Created by support@topiam.cn on  2022/10/26 19:12
- */
-@SuppressWarnings({ "All" })
-public final class EiamOAuth2AuthorizationEndpointConfigurer extends AbstractOAuth2Configurer {
-    private RequestMatcher                                                requestMatcher;
-
-    private final List<AuthenticationConverter>                           authorizationRequestConverters         = new ArrayList<>();
-    private Consumer<List<AuthenticationConverter>>                       authorizationRequestConvertersConsumer = (authorizationRequestConverters) -> {
-                                                                                                                 };
-    private final List<AuthenticationProvider>                            authenticationProviders                = new ArrayList<>();
-    private Consumer<List<AuthenticationProvider>>                        authenticationProvidersConsumer        = (authenticationProviders) -> {
-                                                                                                                 };
-    private AuthenticationSuccessHandler                                  authorizationResponseHandler;
-    private AuthenticationFailureHandler                                  errorResponseHandler;
-    private String                                                        consentPage;
-
-    private Consumer<OAuth2AuthorizationCodeRequestAuthenticationContext> authorizationCodeRequestAuthenticationValidator;
-
-    /**
-     * Restrict for internal use only.
-     */
-    EiamOAuth2AuthorizationEndpointConfigurer(ObjectPostProcessor<Object> objectPostProcessor) {
-        super(objectPostProcessor);
-    }
-
-    /**
-     * Adds an {@link AuthenticationConverter} used when attempting to extract an Authorization Request (or Consent) from {@link HttpServletRequest}
-     * to an instance of {@link OAuth2AuthorizationCodeRequestAuthenticationToken} or {@link OAuth2AuthorizationConsentAuthenticationToken}
-     * used for authenticating the request.
-     *
-     * @param authorizationRequestConverter an {@link AuthenticationConverter} used when attempting to extract an Authorization Request (or Consent) from {@link HttpServletRequest}
-     * @return the {@link EiamOAuth2AuthorizationEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationEndpointConfigurer authorizationRequestConverter(AuthenticationConverter authorizationRequestConverter) {
-        Assert.notNull(authorizationRequestConverter,
-            "authorizationRequestConverter cannot be null");
-        this.authorizationRequestConverters.add(authorizationRequestConverter);
-        return this;
-    }
-
-    /**
-     * Sets the {@code Consumer} providing access to the {@code List} of default
-     * and (optionally) added {@link #authorizationRequestConverter(AuthenticationConverter) AuthenticationConverter}'s
-     * allowing the ability to add, remove, or customize a specific {@link AuthenticationConverter}.
-     *
-     * @param authorizationRequestConvertersConsumer the {@code Consumer} providing access to the {@code List} of default and (optionally) added {@link AuthenticationConverter}'s
-     * @return the {@link EiamOAuth2AuthorizationEndpointConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOAuth2AuthorizationEndpointConfigurer authorizationRequestConverters(Consumer<List<AuthenticationConverter>> authorizationRequestConvertersConsumer) {
-        Assert.notNull(authorizationRequestConvertersConsumer,
-            "authorizationRequestConvertersConsumer cannot be null");
-        this.authorizationRequestConvertersConsumer = authorizationRequestConvertersConsumer;
-        return this;
-    }
-
-    /**
-     * Adds an {@link AuthenticationProvider} used for authenticating an {@link OAuth2AuthorizationCodeRequestAuthenticationToken}.
-     *
-     * @param authenticationProvider an {@link AuthenticationProvider} used for authenticating an {@link OAuth2AuthorizationCodeRequestAuthenticationToken}
-     * @return the {@link EiamOAuth2AuthorizationEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationEndpointConfigurer authenticationProvider(AuthenticationProvider authenticationProvider) {
-        Assert.notNull(authenticationProvider, "authenticationProvider cannot be null");
-        this.authenticationProviders.add(authenticationProvider);
-        return this;
-    }
-
-    /**
-     * Sets the {@code Consumer} providing access to the {@code List} of default
-     * and (optionally) added {@link #authenticationProvider(AuthenticationProvider) AuthenticationProvider}'s
-     * allowing the ability to add, remove, or customize a specific {@link AuthenticationProvider}.
-     *
-     * @param authenticationProvidersConsumer the {@code Consumer} providing access to the {@code List} of default and (optionally) added {@link AuthenticationProvider}'s
-     * @return the {@link EiamOAuth2AuthorizationEndpointConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOAuth2AuthorizationEndpointConfigurer authenticationProviders(Consumer<List<AuthenticationProvider>> authenticationProvidersConsumer) {
-        Assert.notNull(authenticationProvidersConsumer,
-            "authenticationProvidersConsumer cannot be null");
-        this.authenticationProvidersConsumer = authenticationProvidersConsumer;
-        return this;
-    }
-
-    /**
-     * Sets the {@link AuthenticationSuccessHandler} used for handling an {@link OAuth2AuthorizationCodeRequestAuthenticationToken}
-     * and returning the {@link OAuth2AuthorizationResponse Authorization Response}.
-     *
-     * @param authorizationResponseHandler the {@link AuthenticationSuccessHandler} used for handling an {@link OAuth2AuthorizationCodeRequestAuthenticationToken}
-     * @return the {@link EiamOAuth2AuthorizationEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationEndpointConfigurer authorizationResponseHandler(AuthenticationSuccessHandler authorizationResponseHandler) {
-        this.authorizationResponseHandler = authorizationResponseHandler;
-        return this;
-    }
-
-    /**
-     * Sets the {@link AuthenticationFailureHandler} used for handling an {@link OAuth2AuthorizationCodeRequestAuthenticationException}
-     * and returning the {@link OAuth2Error Error Response}.
-     *
-     * @param errorResponseHandler the {@link AuthenticationFailureHandler} used for handling an {@link OAuth2AuthorizationCodeRequestAuthenticationException}
-     * @return the {@link EiamOAuth2AuthorizationEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationEndpointConfigurer errorResponseHandler(AuthenticationFailureHandler errorResponseHandler) {
-        this.errorResponseHandler = errorResponseHandler;
-        return this;
-    }
-
-    /**
-     * Specify the URI to redirect Resource Owners to if consent is required during
-     * the {@code authorization_code} flow. A default consent page will be generated when
-     * this attribute is not specified.
-     *
-     * If a URI is specified, applications are required to process the specified URI to generate
-     * a consent page. The query string will contain the following parameters:
-     *
-     * <ul>
-     * <li>{@code client_id} - the client identifier</li>
-     * <li>{@code scope} - a space-delimited list of scopes present in the authorization request</li>
-     * <li>{@code state} - a CSRF protection token</li>
-     * </ul>
-     *
-     * In general, the consent page should create a form that submits
-     * a request with the following requirements:
-     *
-     * <ul>
-     * <li>It must be an HTTP POST</li>
-     * <li>It must be submitted to {@link AuthorizationServerSettings#getAuthorizationEndpoint()}</li>
-     * <li>It must include the received {@code client_id} as an HTTP parameter</li>
-     * <li>It must include the received {@code state} as an HTTP parameter</li>
-     * <li>It must include the list of {@code scope}s the {@code Resource Owner}
-     * consented to as an HTTP parameter</li>
-     * </ul>
-     *
-     * @param consentPage the URI of the custom consent page to redirect to if consent is required (e.g. "/oauth2/consent")
-     * @return the {@link EiamOAuth2AuthorizationEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationEndpointConfigurer consentPage(String consentPage) {
-        this.consentPage = consentPage;
-        return this;
-    }
-
-    void addAuthorizationCodeRequestAuthenticationValidator(Consumer<OAuth2AuthorizationCodeRequestAuthenticationContext> authenticationValidator) {
-        this.authorizationCodeRequestAuthenticationValidator = this.authorizationCodeRequestAuthenticationValidator == null
-            ? authenticationValidator
-            : this.authorizationCodeRequestAuthenticationValidator.andThen(authenticationValidator);
-    }
-
-    @Override
-    void init(HttpSecurity httpSecurity) {
-        this.requestMatcher = new OrRequestMatcher(new AntPathRequestMatcher(
-            ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_ENDPOINT, HttpMethod.GET.name()),
-            new AntPathRequestMatcher(
-                ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_ENDPOINT,
-                HttpMethod.POST.name()));
-
-        List<AuthenticationProvider> authenticationProviders = createDefaultAuthenticationProviders(
-            httpSecurity);
-        if (!this.authenticationProviders.isEmpty()) {
-            authenticationProviders.addAll(0, this.authenticationProviders);
-        }
-        this.authenticationProvidersConsumer.accept(authenticationProviders);
-        authenticationProviders.forEach(authenticationProvider -> httpSecurity
-            .authenticationProvider(postProcess(authenticationProvider)));
-    }
-
-    @Override
-    void configure(HttpSecurity httpSecurity) {
-        AuthenticationManager authenticationManager = httpSecurity
-            .getSharedObject(AuthenticationManager.class);
-        OAuth2AuthorizationEndpointFilter authorizationEndpointFilter = new OAuth2AuthorizationEndpointFilter(
-            authenticationManager, ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_ENDPOINT);
-        List<AuthenticationConverter> authenticationConverters = createDefaultAuthenticationConverters();
-        if (!this.authorizationRequestConverters.isEmpty()) {
-            authenticationConverters.addAll(0, this.authorizationRequestConverters);
-        }
-        this.authorizationRequestConvertersConsumer.accept(authenticationConverters);
-        authorizationEndpointFilter.setAuthenticationConverter(
-            new DelegatingAuthenticationConverter(authenticationConverters));
-        if (this.authorizationResponseHandler != null) {
-            authorizationEndpointFilter
-                .setAuthenticationSuccessHandler(this.authorizationResponseHandler);
-        }
-        if (this.errorResponseHandler != null) {
-            authorizationEndpointFilter.setAuthenticationFailureHandler(this.errorResponseHandler);
-        }
-        if (StringUtils.hasText(this.consentPage)) {
-            authorizationEndpointFilter.setConsentPage(this.consentPage);
-        }
-        httpSecurity.addFilterAfter(postProcess(authorizationEndpointFilter),
-            EiamOAuth2AuthorizationImplicitAuthenticationEndpointFilter.class);
-    }
-
-    @Override
-    RequestMatcher getRequestMatcher() {
-        return this.requestMatcher;
-    }
-
-    /**
-     * 创建默认身份验证转换器
-     *
-     * @return {@link List}
-     */
-    private static List<AuthenticationConverter> createDefaultAuthenticationConverters() {
-        List<AuthenticationConverter> authenticationConverters = new ArrayList<>();
-        //授权码模式请求转换器
-        authenticationConverters.add(new OAuth2AuthorizationCodeRequestAuthenticationConverter());
-        //OAuth2授权同意认证转换器
-        authenticationConverters.add(new OAuth2AuthorizationConsentAuthenticationConverter());
-        return authenticationConverters;
-    }
-
-    private List<AuthenticationProvider> createDefaultAuthenticationProviders(HttpSecurity httpSecurity) {
-        List<AuthenticationProvider> authenticationProviders = new ArrayList<>();
-        //OAuth2授权码请求身份验证程序
-        OAuth2AuthorizationCodeRequestAuthenticationProvider authorizationCodeRequestAuthenticationProvider = new OAuth2AuthorizationCodeRequestAuthenticationProvider(
-            OAuth2ConfigurerUtils.getRegisteredClientRepository(httpSecurity),
-            OAuth2ConfigurerUtils.getAuthorizationService(httpSecurity),
-            OAuth2ConfigurerUtils.getAuthorizationConsentService(httpSecurity));
-        if (this.authorizationCodeRequestAuthenticationValidator != null) {
-            authorizationCodeRequestAuthenticationProvider.setAuthenticationValidator(
-                new OAuth2AuthorizationCodeRequestAuthenticationValidator()
-                    .andThen(this.authorizationCodeRequestAuthenticationValidator));
-        }
-        authenticationProviders.add(authorizationCodeRequestAuthenticationProvider);
-
-        //OAuth2授权码同意身份验证提供程序
-        OAuth2AuthorizationConsentAuthenticationProvider authorizationConsentAuthenticationProvider = new OAuth2AuthorizationConsentAuthenticationProvider(
-            OAuth2ConfigurerUtils.getRegisteredClientRepository(httpSecurity),
-            OAuth2ConfigurerUtils.getAuthorizationService(httpSecurity),
-            OAuth2ConfigurerUtils.getAuthorizationConsentService(httpSecurity));
-        authenticationProviders.add(authorizationConsentAuthenticationProvider);
-        return authenticationProviders;
-    }
-
-}
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2AuthorizationImplicitEndpointConfigurer.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2AuthorizationImplicitEndpointConfigurer.java
index cbbe4eb1..38a3ab07 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2AuthorizationImplicitEndpointConfigurer.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2AuthorizationImplicitEndpointConfigurer.java
@@ -21,33 +21,25 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.function.Consumer;
 
-import javax.servlet.http.HttpServletRequest;
-
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2Token;
-import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
-import org.springframework.security.oauth2.server.authorization.authentication.*;
-import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
 import org.springframework.security.oauth2.server.authorization.web.authentication.DelegatingAuthenticationConverter;
 import org.springframework.security.web.authentication.AuthenticationConverter;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
-import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.OrRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
 
-import cn.topiam.employee.common.constants.ProtocolConstants;
+import cn.topiam.employee.protocol.oidc.authentication.consent.EiamOAuth2AuthorizationConsentEndpointFilter;
 import cn.topiam.employee.protocol.oidc.authentication.implicit.*;
 import cn.topiam.employee.protocol.oidc.util.EiamOAuth2Utils;
+import static cn.topiam.employee.common.constants.ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_ENDPOINT;
 
 /**
  * OAuth2 授权码端点配置
@@ -68,10 +60,11 @@ public final class EiamOAuth2AuthorizationImplicitEndpointConfigurer extends
                                                                                                                   };
     private AuthenticationSuccessHandler                                   authorizationResponseHandler;
     private AuthenticationFailureHandler                                   errorResponseHandler;
-    private String                                                         consentPage;
 
     private Consumer<EiamOAuth2AuthorizationImplicitAuthenticationContext> authorizationImplicitRequestAuthenticationContextConsumer;
 
+    private String                                                         consentPage;
+
     /**
      * Restrict for internal use only.
      */
@@ -79,123 +72,6 @@ public final class EiamOAuth2AuthorizationImplicitEndpointConfigurer extends
         super(objectPostProcessor);
     }
 
-    /**
-     * Adds an {@link AuthenticationConverter} used when attempting to extract an Authorization Request (or Consent) from {@link HttpServletRequest}
-     * to an instance of {@link OAuth2AuthorizationCodeRequestAuthenticationToken} or {@link OAuth2AuthorizationConsentAuthenticationToken}
-     * used for authenticating the request.
-     *
-     * @param authorizationRequestConverter an {@link AuthenticationConverter} used when attempting to extract an Authorization Request (or Consent) from {@link HttpServletRequest}
-     * @return the {@link EiamOAuth2AuthorizationImplicitEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationImplicitEndpointConfigurer authorizationRequestConverter(AuthenticationConverter authorizationRequestConverter) {
-        Assert.notNull(authorizationRequestConverter,
-            "authorizationRequestConverter cannot be null");
-        this.authorizationRequestConverters.add(authorizationRequestConverter);
-        return this;
-    }
-
-    /**
-     * Sets the {@code Consumer} providing access to the {@code List} of default
-     * and (optionally) added {@link #authorizationRequestConverter(AuthenticationConverter) AuthenticationConverter}'s
-     * allowing the ability to add, remove, or customize a specific {@link AuthenticationConverter}.
-     *
-     * @param authorizationRequestConvertersConsumer the {@code Consumer} providing access to the {@code List} of default and (optionally) added {@link AuthenticationConverter}'s
-     * @return the {@link EiamOAuth2AuthorizationImplicitEndpointConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOAuth2AuthorizationImplicitEndpointConfigurer authorizationRequestConverters(Consumer<List<AuthenticationConverter>> authorizationRequestConvertersConsumer) {
-        Assert.notNull(authorizationRequestConvertersConsumer,
-            "authorizationRequestConvertersConsumer cannot be null");
-        this.authorizationRequestConvertersConsumer = authorizationRequestConvertersConsumer;
-        return this;
-    }
-
-    /**
-     * Adds an {@link AuthenticationProvider} used for authenticating an {@link OAuth2AuthorizationCodeRequestAuthenticationToken}.
-     *
-     * @param authenticationProvider an {@link AuthenticationProvider} used for authenticating an {@link OAuth2AuthorizationCodeRequestAuthenticationToken}
-     * @return the {@link EiamOAuth2AuthorizationImplicitEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationImplicitEndpointConfigurer authenticationProvider(AuthenticationProvider authenticationProvider) {
-        Assert.notNull(authenticationProvider, "authenticationProvider cannot be null");
-        this.authenticationProviders.add(authenticationProvider);
-        return this;
-    }
-
-    /**
-     * Sets the {@code Consumer} providing access to the {@code List} of default
-     * and (optionally) added {@link #authenticationProvider(AuthenticationProvider) AuthenticationProvider}'s
-     * allowing the ability to add, remove, or customize a specific {@link AuthenticationProvider}.
-     *
-     * @param authenticationProvidersConsumer the {@code Consumer} providing access to the {@code List} of default and (optionally) added {@link AuthenticationProvider}'s
-     * @return the {@link EiamOAuth2AuthorizationImplicitEndpointConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOAuth2AuthorizationImplicitEndpointConfigurer authenticationProviders(Consumer<List<AuthenticationProvider>> authenticationProvidersConsumer) {
-        Assert.notNull(authenticationProvidersConsumer,
-            "authenticationProvidersConsumer cannot be null");
-        this.authenticationProvidersConsumer = authenticationProvidersConsumer;
-        return this;
-    }
-
-    /**
-     * Sets the {@link AuthenticationSuccessHandler} used for handling an {@link OAuth2AuthorizationCodeRequestAuthenticationToken}
-     * and returning the {@link OAuth2AuthorizationResponse Authorization Response}.
-     *
-     * @param authorizationResponseHandler the {@link AuthenticationSuccessHandler} used for handling an {@link OAuth2AuthorizationCodeRequestAuthenticationToken}
-     * @return the {@link EiamOAuth2AuthorizationImplicitEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationImplicitEndpointConfigurer authorizationResponseHandler(AuthenticationSuccessHandler authorizationResponseHandler) {
-        this.authorizationResponseHandler = authorizationResponseHandler;
-        return this;
-    }
-
-    /**
-     * Sets the {@link AuthenticationFailureHandler} used for handling an {@link OAuth2AuthorizationCodeRequestAuthenticationException}
-     * and returning the {@link OAuth2Error Error Response}.
-     *
-     * @param errorResponseHandler the {@link AuthenticationFailureHandler} used for handling an {@link OAuth2AuthorizationCodeRequestAuthenticationException}
-     * @return the {@link EiamOAuth2AuthorizationImplicitEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationImplicitEndpointConfigurer errorResponseHandler(AuthenticationFailureHandler errorResponseHandler) {
-        this.errorResponseHandler = errorResponseHandler;
-        return this;
-    }
-
-    /**
-     * Specify the URI to redirect Resource Owners to if consent is required during
-     * the {@code authorization_code} flow. A default consent page will be generated when
-     * this attribute is not specified.
-     *
-     * If a URI is specified, applications are required to process the specified URI to generate
-     * a consent page. The query string will contain the following parameters:
-     *
-     * <ul>
-     * <li>{@code client_id} - the client identifier</li>
-     * <li>{@code scope} - a space-delimited list of scopes present in the authorization request</li>
-     * <li>{@code state} - a CSRF protection token</li>
-     * </ul>
-     *
-     * In general, the consent page should create a form that submits
-     * a request with the following requirements:
-     *
-     * <ul>
-     * <li>It must be an HTTP POST</li>
-     * <li>It must be submitted to {@link AuthorizationServerSettings#getAuthorizationEndpoint()}</li>
-     * <li>It must include the received {@code client_id} as an HTTP parameter</li>
-     * <li>It must include the received {@code state} as an HTTP parameter</li>
-     * <li>It must include the list of {@code scope}s the {@code Resource Owner}
-     * consented to as an HTTP parameter</li>
-     * </ul>
-     *
-     * @param consentPage the URI of the custom consent page to redirect to if consent is required (e.g. "/oauth2/consent")
-     * @return the {@link EiamOAuth2AuthorizationImplicitEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationImplicitEndpointConfigurer consentPage(String consentPage) {
-        this.consentPage = consentPage;
-        return this;
-    }
-
     void addAuthorizationImplicitRequestAuthenticationValidator(Consumer<EiamOAuth2AuthorizationImplicitAuthenticationContext> authenticationValidator) {
         this.authorizationImplicitRequestAuthenticationContextConsumer = this.authorizationImplicitRequestAuthenticationContextConsumer == null
             ? authenticationValidator
@@ -205,11 +81,9 @@ public final class EiamOAuth2AuthorizationImplicitEndpointConfigurer extends
 
     @Override
     void init(HttpSecurity httpSecurity) {
-        this.requestMatcher = new OrRequestMatcher(new AntPathRequestMatcher(
-            ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_ENDPOINT, HttpMethod.GET.name()),
-            new AntPathRequestMatcher(
-                ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_ENDPOINT,
-                HttpMethod.POST.name()));
+        this.requestMatcher = new OrRequestMatcher(
+            new AntPathRequestMatcher(AUTHORIZATION_ENDPOINT, HttpMethod.GET.name()),
+            new AntPathRequestMatcher(AUTHORIZATION_ENDPOINT, HttpMethod.POST.name()));
 
         List<AuthenticationProvider> authenticationProviders = createDefaultAuthenticationProviders(
             httpSecurity);
@@ -226,7 +100,7 @@ public final class EiamOAuth2AuthorizationImplicitEndpointConfigurer extends
         AuthenticationManager authenticationManager = httpSecurity
             .getSharedObject(AuthenticationManager.class);
         EiamOAuth2AuthorizationImplicitAuthenticationEndpointFilter authorizationEndpointFilter = new EiamOAuth2AuthorizationImplicitAuthenticationEndpointFilter(
-            authenticationManager, ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_ENDPOINT);
+            authenticationManager, AUTHORIZATION_ENDPOINT);
         List<AuthenticationConverter> authenticationConverters = createDefaultAuthenticationConverters();
         if (!this.authorizationRequestConverters.isEmpty()) {
             authenticationConverters.addAll(0, this.authorizationRequestConverters);
@@ -234,18 +108,12 @@ public final class EiamOAuth2AuthorizationImplicitEndpointConfigurer extends
         this.authorizationRequestConvertersConsumer.accept(authenticationConverters);
         authorizationEndpointFilter.setAuthenticationConverter(
             new DelegatingAuthenticationConverter(authenticationConverters));
-        if (this.authorizationResponseHandler != null) {
-            authorizationEndpointFilter
-                .setAuthenticationSuccessHandler(this.authorizationResponseHandler);
-        }
-        if (this.errorResponseHandler != null) {
-            authorizationEndpointFilter.setAuthenticationFailureHandler(this.errorResponseHandler);
-        }
-        if (StringUtils.hasText(this.consentPage)) {
-            authorizationEndpointFilter.setConsentPage(this.consentPage);
+        //确认请求页面地址
+        if (this.consentPage != null) {
+            authorizationEndpointFilter.setConsentPage(consentPage);
         }
         httpSecurity.addFilterAfter(postProcess(authorizationEndpointFilter),
-            AbstractPreAuthenticatedProcessingFilter.class);
+            EiamOAuth2AuthorizationConsentEndpointFilter.class);
     }
 
     @Override
@@ -264,7 +132,7 @@ public final class EiamOAuth2AuthorizationImplicitEndpointConfigurer extends
         authenticationConverters.add(new EiamOAuth2AuthenticationImplicitAuthenticationConverter());
         //OAuth2授权同意认证转换器
         authenticationConverters
-            .add(new OAuth2AuthorizationImplicitConsentAuthenticationConverter());
+            .add(new EiamOAuth2AuthorizationImplicitConsentAuthenticationConverter());
         return authenticationConverters;
     }
 
@@ -293,4 +161,9 @@ public final class EiamOAuth2AuthorizationImplicitEndpointConfigurer extends
         return authenticationProviders;
     }
 
+    public EiamOAuth2AuthorizationImplicitEndpointConfigurer consentPage(String consentPage) {
+        this.consentPage = consentPage;
+        return this;
+    }
+
 }
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2AuthorizationServerConfigurer.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2AuthorizationServerConfigurer.java
index 39d2b090..72f88fe7 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2AuthorizationServerConfigurer.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2AuthorizationServerConfigurer.java
@@ -17,8 +17,19 @@
  */
 package org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers;
 
-import java.util.*;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
 
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -26,38 +37,37 @@ import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
-import org.springframework.security.oauth2.core.OAuth2Token;
 import org.springframework.security.oauth2.core.oidc.OidcScopes;
-import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService;
-import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationException;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
-import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
-import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
 import org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter;
 import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter;
-import org.springframework.security.oauth2.server.authorization.web.authentication.DelegatingAuthenticationConverter;
-import org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2AuthorizationCodeAuthenticationConverter;
-import org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2ClientCredentialsAuthenticationConverter;
-import org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2RefreshTokenAuthenticationConverter;
+import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.HttpStatusEntryPoint;
 import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
 import org.springframework.security.web.context.SecurityContextHolderFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.OrRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.util.Assert;
 
 import cn.topiam.employee.common.constants.ProtocolConstants;
+import cn.topiam.employee.core.context.ServerContextHelp;
+import cn.topiam.employee.core.security.savedredirect.HttpSessionRedirectCache;
+import cn.topiam.employee.core.security.savedredirect.RedirectCache;
 import cn.topiam.employee.protocol.oidc.authentication.EiamOAuth2InitSingleSignOnEndpointFilter;
 import cn.topiam.employee.protocol.oidc.authentication.EiamOidcAuthorizationServerContextFilter;
-import cn.topiam.employee.protocol.oidc.authentication.password.EiamOAuth2AuthorizationPasswordAuthenticationConverter;
-import cn.topiam.employee.protocol.oidc.handler.PortalOAuth2AuthenticationEntryPoint;
 import cn.topiam.employee.protocol.oidc.util.EiamOAuth2Utils;
+import cn.topiam.employee.support.result.ApiRestResult;
+import cn.topiam.employee.support.util.HttpResponseUtils;
+import static org.springframework.http.HttpStatus.UNAUTHORIZED;
+
+import static cn.topiam.employee.common.constants.AuthorizeConstants.FE_LOGIN;
 import static cn.topiam.employee.protocol.oidc.util.EiamOAuth2Utils.getAppOidcConfigRepository;
+import static cn.topiam.employee.support.context.ServletContextHelp.acceptIncludeTextHtml;
 
 /**
  * An {@link AbstractHttpConfigurer} for OAuth 2.0 Authorization Server support.
@@ -65,137 +75,13 @@ import static cn.topiam.employee.protocol.oidc.util.EiamOAuth2Utils.getAppOidcCo
  * @author TopIAM
  * Created by support@topiam.cn on  2022/10/26 19:32
  */
-@SuppressWarnings("AlibabaClassNamingShouldBeCamel")
+@SuppressWarnings({ "AlibabaClassNamingShouldBeCamel", "DuplicatedCode" })
 public final class EiamOAuth2AuthorizationServerConfigurer extends
                                                            AbstractHttpConfigurer<EiamOAuth2AuthorizationServerConfigurer, HttpSecurity> {
 
     private final Map<Class<? extends AbstractOAuth2Configurer>, AbstractOAuth2Configurer> configurers = createConfigurers();
     private RequestMatcher                                                                 endpointsMatcher;
 
-    /**
-     * Sets the repository of registered clients.
-     *
-     * @param registeredClientRepository the repository of registered clients
-     * @return the {@link OAuth2AuthorizationServerConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationServerConfigurer registeredClientRepository(RegisteredClientRepository registeredClientRepository) {
-        Assert.notNull(registeredClientRepository, "registeredClientRepository cannot be null");
-        getBuilder().setSharedObject(RegisteredClientRepository.class, registeredClientRepository);
-        return this;
-    }
-
-    /**
-     * Sets the authorization service.
-     *
-     * @param authorizationService the authorization service
-     * @return the {@link OAuth2AuthorizationServerConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationServerConfigurer authorizationService(OAuth2AuthorizationService authorizationService) {
-        Assert.notNull(authorizationService, "authorizationService cannot be null");
-        getBuilder().setSharedObject(OAuth2AuthorizationService.class, authorizationService);
-        return this;
-    }
-
-    /**
-     * Sets the authorization consent service.
-     *
-     * @param authorizationConsentService the authorization consent service
-     * @return the {@link OAuth2AuthorizationServerConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationServerConfigurer authorizationConsentService(OAuth2AuthorizationConsentService authorizationConsentService) {
-        Assert.notNull(authorizationConsentService, "authorizationConsentService cannot be null");
-        getBuilder().setSharedObject(OAuth2AuthorizationConsentService.class,
-            authorizationConsentService);
-        return this;
-    }
-
-    /**
-     * Sets the authorization server settings.
-     *
-     * @param authorizationServerSettings the authorization server settings
-     * @return the {@link OAuth2AuthorizationServerConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationServerConfigurer authorizationServerSettings(AuthorizationServerSettings authorizationServerSettings) {
-        Assert.notNull(authorizationServerSettings, "authorizationServerSettings cannot be null");
-        getBuilder().setSharedObject(AuthorizationServerSettings.class,
-            authorizationServerSettings);
-        return this;
-    }
-
-    /**
-     * Sets the token generator.
-     *
-     * @param tokenGenerator the token generator
-     * @return the {@link OAuth2AuthorizationServerConfigurer} for further configuration
-     * @since 0.2.3
-     */
-    public EiamOAuth2AuthorizationServerConfigurer tokenGenerator(OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
-        Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
-        getBuilder().setSharedObject(OAuth2TokenGenerator.class, tokenGenerator);
-        return this;
-    }
-
-    /**
-     * Configures OAuth 2.0 Client Authentication.
-     *
-     * @param clientAuthenticationCustomizer the {@link Customizer} providing access to the {@link OAuth2ClientAuthenticationConfigurer}
-     * @return the {@link OAuth2AuthorizationServerConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationServerConfigurer clientAuthentication(Customizer<OAuth2ClientAuthenticationConfigurer> clientAuthenticationCustomizer) {
-        clientAuthenticationCustomizer
-            .customize(getConfigurer(OAuth2ClientAuthenticationConfigurer.class));
-        return this;
-    }
-
-    /**
-     * Configures the OAuth 2.0 Authorization Endpoint.
-     *
-     * @param authorizationEndpointCustomizer the {@link Customizer} providing access to the {@link OAuth2AuthorizationEndpointConfigurer}
-     * @return the {@link OAuth2AuthorizationServerConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationServerConfigurer authorizationEndpoint(Customizer<OAuth2AuthorizationEndpointConfigurer> authorizationEndpointCustomizer) {
-        authorizationEndpointCustomizer
-            .customize(getConfigurer(OAuth2AuthorizationEndpointConfigurer.class));
-        return this;
-    }
-
-    /**
-     * Configures the OAuth 2.0 Token Endpoint.
-     *
-     * @param tokenEndpointCustomizer the {@link Customizer} providing access to the {@link OAuth2TokenEndpointConfigurer}
-     * @return the {@link OAuth2AuthorizationServerConfigurer} for further configuration
-     */
-    public EiamOAuth2AuthorizationServerConfigurer tokenEndpoint(Customizer<OAuth2TokenEndpointConfigurer> tokenEndpointCustomizer) {
-        tokenEndpointCustomizer.customize(getConfigurer(OAuth2TokenEndpointConfigurer.class));
-        return this;
-    }
-
-    /**
-     * Configures the OAuth 2.0 Token Introspection Endpoint.
-     *
-     * @param tokenIntrospectionEndpointCustomizer the {@link Customizer} providing access to the {@link OAuth2TokenIntrospectionEndpointConfigurer}
-     * @return the {@link EiamOAuth2AuthorizationServerConfigurer} for further configuration
-     * @since 0.2.3
-     */
-    public EiamOAuth2AuthorizationServerConfigurer tokenIntrospectionEndpoint(Customizer<OAuth2TokenIntrospectionEndpointConfigurer> tokenIntrospectionEndpointCustomizer) {
-        tokenIntrospectionEndpointCustomizer
-            .customize(getConfigurer(OAuth2TokenIntrospectionEndpointConfigurer.class));
-        return this;
-    }
-
-    /**
-     * Configures the OAuth 2.0 Token Revocation Endpoint.
-     *
-     * @param tokenRevocationEndpointCustomizer the {@link Customizer} providing access to the {@link OAuth2TokenRevocationEndpointConfigurer}
-     * @return the {@link EiamOAuth2AuthorizationServerConfigurer} for further configuration
-     * @since 0.2.2
-     */
-    public EiamOAuth2AuthorizationServerConfigurer tokenRevocationEndpoint(Customizer<OAuth2TokenRevocationEndpointConfigurer> tokenRevocationEndpointCustomizer) {
-        tokenRevocationEndpointCustomizer
-            .customize(getConfigurer(OAuth2TokenRevocationEndpointConfigurer.class));
-        return this;
-    }
-
     /**
      * Configures OpenID Connect 1.0 support (disabled by default).
      *
@@ -205,7 +91,8 @@ public final class EiamOAuth2AuthorizationServerConfigurer extends
     public EiamOAuth2AuthorizationServerConfigurer oidc(Customizer<EiamOidcConfigurer> oidcCustomizer) {
         EiamOidcConfigurer oidcConfigurer = getConfigurer(EiamOidcConfigurer.class);
         if (oidcConfigurer == null) {
-            addConfigurer(EiamOidcConfigurer.class, new EiamOidcConfigurer(this::postProcess));
+            this.configurers.put(EiamOidcConfigurer.class,
+                new EiamOidcConfigurer(this::postProcess));
             oidcConfigurer = getConfigurer(EiamOidcConfigurer.class);
         }
         oidcCustomizer.customize(oidcConfigurer);
@@ -230,8 +117,8 @@ public final class EiamOAuth2AuthorizationServerConfigurer extends
         if (oidcConfigurer == null) {
             // OpenID Connect is disabled.
             // Add an authentication validator that rejects authentication requests.
-            EiamOAuth2AuthorizationEndpointConfigurer authorizationEndpointConfigurer =
-                    getConfigurer(EiamOAuth2AuthorizationEndpointConfigurer.class);
+            EiamOAuth2AuthorizationCodeEndpointConfigurer authorizationEndpointConfigurer =
+                    getConfigurer(EiamOAuth2AuthorizationCodeEndpointConfigurer.class);
             //添加授权码请求身份验证验证器
             authorizationEndpointConfigurer.addAuthorizationCodeRequestAuthenticationValidator((authenticationContext) -> {
                 OAuth2AuthorizationCodeRequestAuthenticationToken authorizationCodeRequestAuthentication =
@@ -264,7 +151,7 @@ public final class EiamOAuth2AuthorizationServerConfigurer extends
         //配置
         this.configurers.values().forEach(configurer -> {
             configurer.init(httpSecurity);
-            configurer.init(httpSecurity);
+            //添加 RequestMatchers
             requestMatchers.add(configurer.getRequestMatcher());
         });
         requestMatchers.add(new AntPathRequestMatcher(ProtocolConstants.OidcEndpointConstants.JWK_SET_ENDPOINT, HttpMethod.GET.name()));
@@ -274,8 +161,8 @@ public final class EiamOAuth2AuthorizationServerConfigurer extends
         if (exceptionHandling != null) {
             //身份验证入口点
             exceptionHandling.defaultAuthenticationEntryPointFor(
-                    new PortalOAuth2AuthenticationEntryPoint(),
-                    new OrRequestMatcher(getRequestMatcher(EiamOAuth2AuthorizationEndpointConfigurer.class))
+                    authenticationEntryPoint,
+                    new OrRequestMatcher(getRequestMatcher(EiamOAuth2AuthorizationCodeEndpointConfigurer.class))
             );
             exceptionHandling.defaultAuthenticationEntryPointFor(
                     new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED),
@@ -309,21 +196,22 @@ public final class EiamOAuth2AuthorizationServerConfigurer extends
         Map<Class<? extends AbstractOAuth2Configurer>, AbstractOAuth2Configurer> configurers = new LinkedHashMap<>();
         configurers.put(EiamOAuth2ClientAuthenticationConfigurer.class,
             new EiamOAuth2ClientAuthenticationConfigurer(this::postProcess));
+        //OAuth2 同意端点配置器
+        String consentEndpoint = ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_CONSENT_ENDPOINT;
+        EiamOAuth2ConsentEndpointConfigurer consentEndpointConfigurer = new EiamOAuth2ConsentEndpointConfigurer(this::postProcess);
+        consentEndpointConfigurer.consentPage(consentEndpoint);
+        configurers.put(EiamOAuth2ConsentEndpointConfigurer.class,consentEndpointConfigurer);
         //OAuth2 隐式模式端点配置器
-        configurers.put(EiamOAuth2AuthorizationImplicitEndpointConfigurer.class,new EiamOAuth2AuthorizationImplicitEndpointConfigurer(this::postProcess) );
+        EiamOAuth2AuthorizationImplicitEndpointConfigurer implicitEndpointConfigurer = new EiamOAuth2AuthorizationImplicitEndpointConfigurer(this::postProcess);
+        implicitEndpointConfigurer.consentPage(consentEndpoint);
+        configurers.put(EiamOAuth2AuthorizationImplicitEndpointConfigurer.class,implicitEndpointConfigurer);
         //OAuth2 授权码端点配置器
-        configurers.put(EiamOAuth2AuthorizationEndpointConfigurer.class,new EiamOAuth2AuthorizationEndpointConfigurer(this::postProcess) );
+        EiamOAuth2AuthorizationCodeEndpointConfigurer codeEndpointConfigurer = new EiamOAuth2AuthorizationCodeEndpointConfigurer(this::postProcess);
+        codeEndpointConfigurer.consentPage(consentEndpoint);
+        configurers.put(EiamOAuth2AuthorizationCodeEndpointConfigurer.class,codeEndpointConfigurer);
         //token端点配置器
-        EiamOAuth2TokenEndpointConfigurer configurer = new EiamOAuth2TokenEndpointConfigurer(this::postProcess);
-        DelegatingAuthenticationConverter authenticationConverter = new DelegatingAuthenticationConverter(
-                Arrays.asList(
-                        //密码模式认证转换器
-                        new EiamOAuth2AuthorizationPasswordAuthenticationConverter(),
-                        new OAuth2AuthorizationCodeAuthenticationConverter(),
-                        new OAuth2RefreshTokenAuthenticationConverter(),
-                        new OAuth2ClientCredentialsAuthenticationConverter()));
-        configurer.accessTokenRequestConverter(authenticationConverter);
-        configurers.put(EiamOAuth2TokenEndpointConfigurer.class, configurer);
+        EiamOAuth2TokenEndpointConfigurer tokenEndpointConfigurer = new EiamOAuth2TokenEndpointConfigurer(this::postProcess);
+        configurers.put(EiamOAuth2TokenEndpointConfigurer.class, tokenEndpointConfigurer);
         configurers.put(EiamOAuth2TokenIntrospectionEndpointConfigurer.class, new EiamOAuth2TokenIntrospectionEndpointConfigurer(this::postProcess));
         configurers.put(EiamOAuth2TokenRevocationEndpointConfigurer.class, new EiamOAuth2TokenRevocationEndpointConfigurer(this::postProcess));
         //@formatter:no
@@ -335,11 +223,40 @@ public final class EiamOAuth2AuthorizationServerConfigurer extends
         return (T) this.configurers.get(type);
     }
 
-    private <T extends AbstractOAuth2Configurer> void addConfigurer(Class<T> configurerType, T configurer) {
-        this.configurers.put(configurerType, configurer);
-    }
     private <T extends AbstractOAuth2Configurer> RequestMatcher getRequestMatcher(Class<T> configurerType) {
         return getConfigurer(configurerType).getRequestMatcher();
     }
 
+    private final AuthenticationEntryPoint authenticationEntryPoint= new AuthenticationEntryPoint() {
+        /**
+         * 日志
+         */
+        private final Logger logger        = LoggerFactory.getLogger(this.getClass());
+
+        private final RedirectCache redirectCache = new HttpSessionRedirectCache();
+
+        @Override
+        public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
+            logger.info("----------------------------------------------------------");
+            logger.info("未登录, 或登录过期");
+            //记录
+            redirectCache.saveRedirect(request, response, RedirectCache.RedirectType.REQUEST);
+            //判断请求
+            boolean isTextHtml = acceptIncludeTextHtml(request);
+            //JSON
+            if (!isTextHtml) {
+                ApiRestResult<Object> result = ApiRestResult.builder()
+                        .status(String.valueOf(UNAUTHORIZED.value())).message(StringUtils
+                                .defaultString(authException.getMessage(), UNAUTHORIZED.getReasonPhrase()))
+                        .build();
+                HttpResponseUtils.flushResponseJson(response, UNAUTHORIZED.value(), result);
+            }
+            // HTML
+            else {
+                //跳转前端SESSION过期路由
+                response.sendRedirect(ServerContextHelp.getPortalPublicBaseUrl() + FE_LOGIN);
+            }
+            logger.info("----------------------------------------------------------");
+        }
+    };
 }
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2ClientAuthenticationConfigurer.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2ClientAuthenticationConfigurer.java
index 2a76cff7..c5aa8fd0 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2ClientAuthenticationConfigurer.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2ClientAuthenticationConfigurer.java
@@ -21,32 +21,24 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.function.Consumer;
 
-import javax.servlet.http.HttpServletRequest;
-
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
 import org.springframework.security.oauth2.server.authorization.authentication.ClientSecretAuthenticationProvider;
 import org.springframework.security.oauth2.server.authorization.authentication.JwtClientAssertionAuthenticationProvider;
-import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.authentication.PublicClientAuthenticationProvider;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.web.OAuth2ClientAuthenticationFilter;
 import org.springframework.security.oauth2.server.authorization.web.authentication.*;
 import org.springframework.security.web.authentication.AuthenticationConverter;
-import org.springframework.security.web.authentication.AuthenticationFailureHandler;
-import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.OrRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.util.Assert;
 
 import cn.topiam.employee.common.constants.ProtocolConstants;
 
@@ -65,8 +57,6 @@ public final class EiamOAuth2ClientAuthenticationConfigurer extends AbstractOAut
     private final List<AuthenticationProvider>      authenticationProviders          = new ArrayList<>();
     private Consumer<List<AuthenticationProvider>>  authenticationProvidersConsumer  = (authenticationProviders) -> {
                                                                                      };
-    private AuthenticationSuccessHandler            authenticationSuccessHandler;
-    private AuthenticationFailureHandler            errorResponseHandler;
 
     /**
      * Restrict for internal use only.
@@ -75,87 +65,6 @@ public final class EiamOAuth2ClientAuthenticationConfigurer extends AbstractOAut
         super(objectPostProcessor);
     }
 
-    /**
-     * Adds an {@link AuthenticationConverter} used when attempting to extract client credentials from {@link HttpServletRequest}
-     * to an instance of {@link OAuth2ClientAuthenticationToken} used for authenticating the client.
-     *
-     * @param authenticationConverter an {@link AuthenticationConverter} used when attempting to extract client credentials from {@link HttpServletRequest}
-     * @return the {@link OAuth2ClientAuthenticationConfigurer} for further configuration
-     */
-    public EiamOAuth2ClientAuthenticationConfigurer authenticationConverter(AuthenticationConverter authenticationConverter) {
-        Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
-        this.authenticationConverters.add(authenticationConverter);
-        return this;
-    }
-
-    /**
-     * Sets the {@code Consumer} providing access to the {@code List} of default
-     * and (optionally) added {@link #authenticationConverter(AuthenticationConverter) AuthenticationConverter}'s
-     * allowing the ability to add, remove, or customize a specific {@link AuthenticationConverter}.
-     *
-     * @param authenticationConvertersConsumer the {@code Consumer} providing access to the {@code List} of default and (optionally) added {@link AuthenticationConverter}'s
-     * @return the {@link OAuth2ClientAuthenticationConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOAuth2ClientAuthenticationConfigurer authenticationConverters(Consumer<List<AuthenticationConverter>> authenticationConvertersConsumer) {
-        Assert.notNull(authenticationConvertersConsumer,
-            "authenticationConvertersConsumer cannot be null");
-        this.authenticationConvertersConsumer = authenticationConvertersConsumer;
-        return this;
-    }
-
-    /**
-     * Adds an {@link AuthenticationProvider} used for authenticating an {@link OAuth2ClientAuthenticationToken}.
-     *
-     * @param authenticationProvider an {@link AuthenticationProvider} used for authenticating an {@link OAuth2ClientAuthenticationToken}
-     * @return the {@link OAuth2ClientAuthenticationConfigurer} for further configuration
-     */
-    public EiamOAuth2ClientAuthenticationConfigurer authenticationProvider(AuthenticationProvider authenticationProvider) {
-        Assert.notNull(authenticationProvider, "authenticationProvider cannot be null");
-        this.authenticationProviders.add(authenticationProvider);
-        return this;
-    }
-
-    /**
-     * Sets the {@code Consumer} providing access to the {@code List} of default
-     * and (optionally) added {@link #authenticationProvider(AuthenticationProvider) AuthenticationProvider}'s
-     * allowing the ability to add, remove, or customize a specific {@link AuthenticationProvider}.
-     *
-     * @param authenticationProvidersConsumer the {@code Consumer} providing access to the {@code List} of default and (optionally) added {@link AuthenticationProvider}'s
-     * @return the {@link OAuth2ClientAuthenticationConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOAuth2ClientAuthenticationConfigurer authenticationProviders(Consumer<List<AuthenticationProvider>> authenticationProvidersConsumer) {
-        Assert.notNull(authenticationProvidersConsumer,
-            "authenticationProvidersConsumer cannot be null");
-        this.authenticationProvidersConsumer = authenticationProvidersConsumer;
-        return this;
-    }
-
-    /**
-     * Sets the {@link AuthenticationSuccessHandler} used for handling a successful client authentication
-     * and associating the {@link OAuth2ClientAuthenticationToken} to the {@link SecurityContext}.
-     *
-     * @param authenticationSuccessHandler the {@link AuthenticationSuccessHandler} used for handling a successful client authentication
-     * @return the {@link OAuth2ClientAuthenticationConfigurer} for further configuration
-     */
-    public EiamOAuth2ClientAuthenticationConfigurer authenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler) {
-        this.authenticationSuccessHandler = authenticationSuccessHandler;
-        return this;
-    }
-
-    /**
-     * Sets the {@link AuthenticationFailureHandler} used for handling a failed client authentication
-     * and returning the {@link OAuth2Error Error Response}.
-     *
-     * @param errorResponseHandler the {@link AuthenticationFailureHandler} used for handling a failed client authentication
-     * @return the {@link OAuth2ClientAuthenticationConfigurer} for further configuration
-     */
-    public EiamOAuth2ClientAuthenticationConfigurer errorResponseHandler(AuthenticationFailureHandler errorResponseHandler) {
-        this.errorResponseHandler = errorResponseHandler;
-        return this;
-    }
-
     @Override
     void init(HttpSecurity httpSecurity) {
         this.requestMatcher = new OrRequestMatcher(
@@ -192,14 +101,6 @@ public final class EiamOAuth2ClientAuthenticationConfigurer extends AbstractOAut
         this.authenticationConvertersConsumer.accept(authenticationConverters);
         clientAuthenticationFilter.setAuthenticationConverter(
             new DelegatingAuthenticationConverter(authenticationConverters));
-        if (this.authenticationSuccessHandler != null) {
-            clientAuthenticationFilter
-                .setAuthenticationSuccessHandler(this.authenticationSuccessHandler);
-        }
-        if (this.errorResponseHandler != null) {
-            clientAuthenticationFilter.setAuthenticationFailureHandler(this.errorResponseHandler);
-        }
-
         builder.addFilterAfter(postProcess(clientAuthenticationFilter),
             AbstractPreAuthenticatedProcessingFilter.class);
     }
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2ConsentEndpointConfigurer.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2ConsentEndpointConfigurer.java
new file mode 100644
index 00000000..fbca5e04
--- /dev/null
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2ConsentEndpointConfigurer.java
@@ -0,0 +1,87 @@
+/*
+ * eiam-protocol-oidc - Employee Identity and Access Management Program
+ * Copyright © 2020-2023 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers;
+
+import java.util.Objects;
+import java.util.function.Consumer;
+
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.ObjectPostProcessor;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.server.authorization.oidc.OidcProviderConfiguration;
+import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+
+import cn.topiam.employee.common.constants.ProtocolConstants;
+import cn.topiam.employee.protocol.oidc.authentication.consent.EiamOAuth2AuthorizationConsentEndpointFilter;
+import cn.topiam.employee.protocol.oidc.util.EiamOAuth2Utils;
+
+/**
+ * 提供商端点适配器
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/11/9 22:53
+ */
+@SuppressWarnings("AlibabaClassNamingShouldBeCamel")
+public final class EiamOAuth2ConsentEndpointConfigurer extends AbstractOAuth2Configurer {
+    private RequestMatcher                              requestMatcher;
+    private Consumer<OidcProviderConfiguration.Builder> defaultProviderConfigurationCustomizer;
+
+    private String                                      consentPage;
+
+    /**
+     * Restrict for internal use only.
+     */
+    EiamOAuth2ConsentEndpointConfigurer(ObjectPostProcessor<Object> objectPostProcessor) {
+        super(objectPostProcessor);
+    }
+
+    void addDefaultProviderConfigurationCustomizer(Consumer<OidcProviderConfiguration.Builder> defaultProviderConfigurationCustomizer) {
+        this.defaultProviderConfigurationCustomizer = this.defaultProviderConfigurationCustomizer == null
+            ? defaultProviderConfigurationCustomizer
+            : this.defaultProviderConfigurationCustomizer
+                .andThen(defaultProviderConfigurationCustomizer);
+    }
+
+    @Override
+    void init(HttpSecurity httpSecurity) {
+        this.requestMatcher = new AntPathRequestMatcher(
+            Objects.requireNonNullElse(consentPage,
+                ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_CONSENT_ENDPOINT),
+            HttpMethod.GET.name());
+    }
+
+    @Override
+    void configure(HttpSecurity httpSecurity) {
+        EiamOAuth2AuthorizationConsentEndpointFilter consentEndpointFilter = new EiamOAuth2AuthorizationConsentEndpointFilter(
+            EiamOAuth2Utils.getAppOidcConfigRepository(httpSecurity), this.requestMatcher);
+        httpSecurity.addFilterAfter(postProcess(consentEndpointFilter),
+            AbstractPreAuthenticatedProcessingFilter.class);
+    }
+
+    @Override
+    RequestMatcher getRequestMatcher() {
+        return this.requestMatcher;
+    }
+
+    public void consentPage(String consentPage) {
+        this.consentPage = consentPage;
+    }
+
+}
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2TokenEndpointConfigurer.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2TokenEndpointConfigurer.java
index d74c8749..e20be07e 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2TokenEndpointConfigurer.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2TokenEndpointConfigurer.java
@@ -17,25 +17,35 @@
  */
 package org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers;
 
+import java.io.IOException;
+import java.time.temporal.ChronoUnit;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Map;
 import java.util.function.Consumer;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.converter.HttpMessageConverter;
+import org.springframework.http.server.ServletServerHttpResponse;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
-import org.springframework.security.oauth2.core.OAuth2Error;
-import org.springframework.security.oauth2.core.OAuth2Token;
+import org.springframework.security.oauth2.core.*;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
+import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
+import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
-import org.springframework.security.oauth2.server.authorization.authentication.*;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientCredentialsAuthenticationProvider;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
 import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter;
 import org.springframework.security.oauth2.server.authorization.web.authentication.DelegatingAuthenticationConverter;
@@ -48,11 +58,25 @@ import org.springframework.security.web.authentication.AuthenticationFailureHand
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.util.Assert;
-
+import org.springframework.util.CollectionUtils;
+
+import com.google.common.collect.Lists;
+
+import cn.topiam.employee.application.context.ApplicationContext;
+import cn.topiam.employee.application.context.ApplicationContextHolder;
+import cn.topiam.employee.audit.context.AuditContext;
+import cn.topiam.employee.audit.entity.Target;
+import cn.topiam.employee.audit.enums.EventStatus;
+import cn.topiam.employee.audit.enums.EventType;
+import cn.topiam.employee.audit.enums.TargetType;
+import cn.topiam.employee.audit.event.AuditEventPublish;
 import cn.topiam.employee.common.constants.ProtocolConstants;
+import cn.topiam.employee.protocol.oidc.authentication.authentication.EiamOAuth2AuthorizationCodeAuthenticationProvider;
+import cn.topiam.employee.protocol.oidc.authentication.authentication.EiamOAuth2RefreshTokenAuthenticationProvider;
+import cn.topiam.employee.protocol.oidc.authentication.password.EiamOAuth2AuthorizationPasswordAuthenticationConverter;
 import cn.topiam.employee.protocol.oidc.authentication.password.EiamOAuth2AuthorizationPasswordAuthenticationProvider;
 import cn.topiam.employee.protocol.oidc.util.EiamOAuth2Utils;
+import cn.topiam.employee.support.context.ApplicationContextHelp;
 
 /**
  * 配置OAuth2 token端点
@@ -62,14 +86,11 @@ import cn.topiam.employee.protocol.oidc.util.EiamOAuth2Utils;
 @SuppressWarnings("AlibabaClassNamingShouldBeCamel")
 public final class EiamOAuth2TokenEndpointConfigurer extends AbstractOAuth2Configurer {
     private RequestMatcher                          requestMatcher;
-    private final List<AuthenticationConverter>     accessTokenRequestConverters         = new ArrayList<>();
     private Consumer<List<AuthenticationConverter>> accessTokenRequestConvertersConsumer = (accessTokenRequestConverters) -> {
                                                                                          };
     private final List<AuthenticationProvider>      authenticationProviders              = new ArrayList<>();
     private Consumer<List<AuthenticationProvider>>  authenticationProvidersConsumer      = (authenticationProviders) -> {
                                                                                          };
-    private AuthenticationSuccessHandler            accessTokenResponseHandler;
-    private AuthenticationFailureHandler            errorResponseHandler;
 
     /**
      * Restrict for internal use only.
@@ -78,87 +99,6 @@ public final class EiamOAuth2TokenEndpointConfigurer extends AbstractOAuth2Confi
         super(objectPostProcessor);
     }
 
-    /**
-     * Adds an {@link AuthenticationConverter} used when attempting to extract an Access Token Request from {@link HttpServletRequest}
-     * to an instance of {@link OAuth2AuthorizationGrantAuthenticationToken} used for authenticating the authorization grant.
-     *
-     * @param accessTokenRequestConverter an {@link AuthenticationConverter} used when attempting to extract an Access Token Request from {@link HttpServletRequest}
-     * @return the {@link OAuth2TokenEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2TokenEndpointConfigurer accessTokenRequestConverter(AuthenticationConverter accessTokenRequestConverter) {
-        Assert.notNull(accessTokenRequestConverter, "accessTokenRequestConverter cannot be null");
-        this.accessTokenRequestConverters.add(accessTokenRequestConverter);
-        return this;
-    }
-
-    /**
-     * Sets the {@code Consumer} providing access to the {@code List} of default
-     * and (optionally) added {@link #accessTokenRequestConverter(AuthenticationConverter) AuthenticationConverter}'s
-     * allowing the ability to add, remove, or customize a specific {@link AuthenticationConverter}.
-     *
-     * @param accessTokenRequestConvertersConsumer the {@code Consumer} providing access to the {@code List} of default and (optionally) added {@link AuthenticationConverter}'s
-     * @return the {@link EiamOAuth2TokenEndpointConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOAuth2TokenEndpointConfigurer accessTokenRequestConverters(Consumer<List<AuthenticationConverter>> accessTokenRequestConvertersConsumer) {
-        Assert.notNull(accessTokenRequestConvertersConsumer,
-            "accessTokenRequestConvertersConsumer cannot be null");
-        this.accessTokenRequestConvertersConsumer = accessTokenRequestConvertersConsumer;
-        return this;
-    }
-
-    /**
-     * Adds an {@link AuthenticationProvider} used for authenticating a type of {@link OAuth2AuthorizationGrantAuthenticationToken}.
-     *
-     * @param authenticationProvider an {@link AuthenticationProvider} used for authenticating a type of {@link OAuth2AuthorizationGrantAuthenticationToken}
-     * @return the {@link EiamOAuth2TokenEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2TokenEndpointConfigurer authenticationProvider(AuthenticationProvider authenticationProvider) {
-        Assert.notNull(authenticationProvider, "authenticationProvider cannot be null");
-        this.authenticationProviders.add(authenticationProvider);
-        return this;
-    }
-
-    /**
-     * Sets the {@code Consumer} providing access to the {@code List} of default
-     * and (optionally) added {@link #authenticationProvider(AuthenticationProvider) AuthenticationProvider}'s
-     * allowing the ability to add, remove, or customize a specific {@link AuthenticationProvider}.
-     *
-     * @param authenticationProvidersConsumer the {@code Consumer} providing access to the {@code List} of default and (optionally) added {@link AuthenticationProvider}'s
-     * @return the {@link EiamOAuth2TokenEndpointConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOAuth2TokenEndpointConfigurer authenticationProviders(Consumer<List<AuthenticationProvider>> authenticationProvidersConsumer) {
-        Assert.notNull(authenticationProvidersConsumer,
-            "authenticationProvidersConsumer cannot be null");
-        this.authenticationProvidersConsumer = authenticationProvidersConsumer;
-        return this;
-    }
-
-    /**
-     * Sets the {@link AuthenticationSuccessHandler} used for handling an {@link OAuth2AccessTokenAuthenticationToken}
-     * and returning the {@link OAuth2AccessTokenResponse Access Token Response}.
-     *
-     * @param accessTokenResponseHandler the {@link AuthenticationSuccessHandler} used for handling an {@link OAuth2AccessTokenAuthenticationToken}
-     * @return the {@link EiamOAuth2TokenEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2TokenEndpointConfigurer accessTokenResponseHandler(AuthenticationSuccessHandler accessTokenResponseHandler) {
-        this.accessTokenResponseHandler = accessTokenResponseHandler;
-        return this;
-    }
-
-    /**
-     * Sets the {@link AuthenticationFailureHandler} used for handling an {@link OAuth2AuthenticationException}
-     * and returning the {@link OAuth2Error Error Response}.
-     *
-     * @param errorResponseHandler the {@link AuthenticationFailureHandler} used for handling an {@link OAuth2AuthenticationException}
-     * @return the {@link EiamOAuth2TokenEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2TokenEndpointConfigurer errorResponseHandler(AuthenticationFailureHandler errorResponseHandler) {
-        this.errorResponseHandler = errorResponseHandler;
-        return this;
-    }
-
     @Override
     void init(HttpSecurity httpSecurity) {
         this.requestMatcher = new AntPathRequestMatcher(
@@ -181,19 +121,12 @@ public final class EiamOAuth2TokenEndpointConfigurer extends AbstractOAuth2Confi
 
         OAuth2TokenEndpointFilter tokenEndpointFilter = new OAuth2TokenEndpointFilter(
             authenticationManager, ProtocolConstants.OidcEndpointConstants.TOKEN_ENDPOINT);
+        tokenEndpointFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
+        tokenEndpointFilter.setAuthenticationFailureHandler(authenticationFailureHandler);
         List<AuthenticationConverter> authenticationConverters = createDefaultAuthenticationConverters();
-        if (!this.accessTokenRequestConverters.isEmpty()) {
-            authenticationConverters.addAll(0, this.accessTokenRequestConverters);
-        }
         this.accessTokenRequestConvertersConsumer.accept(authenticationConverters);
         tokenEndpointFilter.setAuthenticationConverter(
             new DelegatingAuthenticationConverter(authenticationConverters));
-        if (this.accessTokenResponseHandler != null) {
-            tokenEndpointFilter.setAuthenticationSuccessHandler(this.accessTokenResponseHandler);
-        }
-        if (this.errorResponseHandler != null) {
-            tokenEndpointFilter.setAuthenticationFailureHandler(this.errorResponseHandler);
-        }
         httpSecurity.addFilterAfter(postProcess(tokenEndpointFilter),
             FilterSecurityInterceptor.class);
     }
@@ -209,6 +142,8 @@ public final class EiamOAuth2TokenEndpointConfigurer extends AbstractOAuth2Confi
         authenticationConverters.add(new OAuth2AuthorizationCodeAuthenticationConverter());
         authenticationConverters.add(new OAuth2RefreshTokenAuthenticationConverter());
         authenticationConverters.add(new OAuth2ClientCredentialsAuthenticationConverter());
+        //密码模式认证转换器
+        authenticationConverters.add(new EiamOAuth2AuthorizationPasswordAuthenticationConverter());
 
         return authenticationConverters;
     }
@@ -226,10 +161,10 @@ public final class EiamOAuth2TokenEndpointConfigurer extends AbstractOAuth2Confi
 
             OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator = EiamOAuth2Utils.getTokenGenerator(builder);
 
-            OAuth2AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider = new OAuth2AuthorizationCodeAuthenticationProvider(authorizationService, tokenGenerator);
+            EiamOAuth2AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider = new EiamOAuth2AuthorizationCodeAuthenticationProvider(authorizationService, tokenGenerator);
             authenticationProviders.add(authorizationCodeAuthenticationProvider);
 
-            OAuth2RefreshTokenAuthenticationProvider refreshTokenAuthenticationProvider = new OAuth2RefreshTokenAuthenticationProvider(authorizationService, tokenGenerator);
+            EiamOAuth2RefreshTokenAuthenticationProvider refreshTokenAuthenticationProvider = new EiamOAuth2RefreshTokenAuthenticationProvider(authorizationService, tokenGenerator);
             authenticationProviders.add(refreshTokenAuthenticationProvider);
 
             OAuth2ClientCredentialsAuthenticationProvider clientCredentialsAuthenticationProvider = new OAuth2ClientCredentialsAuthenticationProvider(authorizationService, tokenGenerator);
@@ -246,4 +181,68 @@ public final class EiamOAuth2TokenEndpointConfigurer extends AbstractOAuth2Confi
         //@formatter:on
     }
 
+    private final AuthenticationSuccessHandler authenticationSuccessHandler = this::sendAccessTokenResponse;
+    private final AuthenticationFailureHandler authenticationFailureHandler = this::sendErrorResponse;
+
+    private void sendAccessTokenResponse(HttpServletRequest request, HttpServletResponse response,
+                                         Authentication authentication) throws IOException {
+
+        OAuth2AccessTokenAuthenticationToken accessTokenAuthentication = (OAuth2AccessTokenAuthenticationToken) authentication;
+
+        OAuth2AccessToken accessToken = accessTokenAuthentication.getAccessToken();
+        OAuth2RefreshToken refreshToken = accessTokenAuthentication.getRefreshToken();
+        Map<String, Object> additionalParameters = accessTokenAuthentication
+            .getAdditionalParameters();
+
+        OAuth2AccessTokenResponse.Builder builder = OAuth2AccessTokenResponse
+            .withToken(accessToken.getTokenValue()).tokenType(accessToken.getTokenType())
+            .scopes(accessToken.getScopes());
+        if (accessToken.getIssuedAt() != null && accessToken.getExpiresAt() != null) {
+            builder.expiresIn(
+                ChronoUnit.SECONDS.between(accessToken.getIssuedAt(), accessToken.getExpiresAt()));
+        }
+        if (refreshToken != null) {
+            builder.refreshToken(refreshToken.getTokenValue());
+        }
+        if (!CollectionUtils.isEmpty(additionalParameters)) {
+            builder.additionalParameters(additionalParameters);
+        }
+        OAuth2AccessTokenResponse accessTokenResponse = builder.build();
+        ServletServerHttpResponse httpResponse = new ServletServerHttpResponse(response);
+
+        //审计
+        ApplicationContext applicationContext = ApplicationContextHolder.getApplicationContext();
+        Target target = Target.builder().id(applicationContext.getAppId().toString())
+            .type(TargetType.APPLICATION).build();
+        ArrayList<Target> targets = Lists.newArrayList(target);
+
+        AuditEventPublish publish = ApplicationContextHelp.getBean(AuditEventPublish.class);
+        publish.publish(EventType.APP_SSO, AuditContext.getAuthorization(), EventStatus.SUCCESS,
+            targets);
+
+        this.accessTokenHttpResponseConverter.write(accessTokenResponse, null, httpResponse);
+    }
+
+    private void sendErrorResponse(HttpServletRequest request, HttpServletResponse response,
+                                   AuthenticationException exception) throws IOException {
+
+        OAuth2Error error = ((OAuth2AuthenticationException) exception).getError();
+        ServletServerHttpResponse httpResponse = new ServletServerHttpResponse(response);
+        httpResponse.setStatusCode(HttpStatus.BAD_REQUEST);
+
+        //审计
+        ApplicationContext applicationContext = ApplicationContextHolder.getApplicationContext();
+        Target target = Target.builder().id(applicationContext.getAppId().toString())
+            .type(TargetType.APPLICATION).build();
+        ArrayList<Target> targets = Lists.newArrayList(target);
+
+        AuditEventPublish publish = ApplicationContextHelp.getBean(AuditEventPublish.class);
+        publish.publish(EventType.APP_SSO, AuditContext.getAuthorization(), EventStatus.FAIL,
+            targets, error.toString());
+        this.errorHttpResponseConverter.write(error, null, httpResponse);
+    }
+
+    private final HttpMessageConverter<OAuth2AccessTokenResponse> accessTokenHttpResponseConverter = new OAuth2AccessTokenResponseHttpMessageConverter();
+    private final HttpMessageConverter<OAuth2Error>               errorHttpResponseConverter       = new OAuth2ErrorHttpMessageConverter();
+
 }
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2TokenIntrospectionEndpointConfigurer.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2TokenIntrospectionEndpointConfigurer.java
index feb1c21e..20b07c8c 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2TokenIntrospectionEndpointConfigurer.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2TokenIntrospectionEndpointConfigurer.java
@@ -21,27 +21,19 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.function.Consumer;
 
-import javax.servlet.http.HttpServletRequest;
-
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
-import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenIntrospectionAuthenticationProvider;
-import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenIntrospectionAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenIntrospectionEndpointFilter;
 import org.springframework.security.oauth2.server.authorization.web.authentication.DelegatingAuthenticationConverter;
 import org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2TokenIntrospectionAuthenticationConverter;
 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import org.springframework.security.web.authentication.AuthenticationConverter;
-import org.springframework.security.web.authentication.AuthenticationFailureHandler;
-import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.util.Assert;
 
 import cn.topiam.employee.common.constants.ProtocolConstants;
 
@@ -60,8 +52,6 @@ public final class EiamOAuth2TokenIntrospectionEndpointConfigurer extends Abstra
                                                                                            };
     private Consumer<List<AuthenticationProvider>>  authenticationProvidersConsumer        = (authenticationProviders) -> {
                                                                                            };
-    private AuthenticationSuccessHandler            introspectionResponseHandler;
-    private AuthenticationFailureHandler            errorResponseHandler;
 
     /**
      * Restrict for internal use only.
@@ -89,87 +79,6 @@ public final class EiamOAuth2TokenIntrospectionEndpointConfigurer extends Abstra
         return authenticationProviders;
     }
 
-    /**
-     * Adds an {@link AuthenticationConverter} used when attempting to extract an Introspection Request from {@link HttpServletRequest}
-     * to an instance of {@link OAuth2TokenIntrospectionAuthenticationToken} used for authenticating the request.
-     *
-     * @param introspectionRequestConverter an {@link AuthenticationConverter} used when attempting to extract an Introspection Request from {@link HttpServletRequest}
-     * @return the {@link EiamOAuth2TokenEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2TokenIntrospectionEndpointConfigurer introspectionRequestConverter(AuthenticationConverter introspectionRequestConverter) {
-        Assert.notNull(introspectionRequestConverter,
-            "introspectionRequestConverter cannot be null");
-        this.introspectionRequestConverters.add(introspectionRequestConverter);
-        return this;
-    }
-
-    /**
-     * Sets the {@code Consumer} providing access to the {@code List} of default
-     * and (optionally) added {@link #introspectionRequestConverter(AuthenticationConverter) AuthenticationConverter}'s
-     * allowing the ability to add, remove, or customize a specific {@link AuthenticationConverter}.
-     *
-     * @param introspectionRequestConvertersConsumer the {@code Consumer} providing access to the {@code List} of default and (optionally) added {@link AuthenticationConverter}'s
-     * @return the {@link EiamOAuth2TokenEndpointConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOAuth2TokenIntrospectionEndpointConfigurer introspectionRequestConverters(Consumer<List<AuthenticationConverter>> introspectionRequestConvertersConsumer) {
-        Assert.notNull(introspectionRequestConvertersConsumer,
-            "introspectionRequestConvertersConsumer cannot be null");
-        this.introspectionRequestConvertersConsumer = introspectionRequestConvertersConsumer;
-        return this;
-    }
-
-    /**
-     * Adds an {@link AuthenticationProvider} used for authenticating a type of {@link OAuth2TokenIntrospectionAuthenticationToken}.
-     *
-     * @param authenticationProvider an {@link AuthenticationProvider} used for authenticating a type of {@link OAuth2TokenIntrospectionAuthenticationToken}
-     * @return the {@link EiamOAuth2TokenEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2TokenIntrospectionEndpointConfigurer authenticationProvider(AuthenticationProvider authenticationProvider) {
-        Assert.notNull(authenticationProvider, "authenticationProvider cannot be null");
-        this.authenticationProviders.add(authenticationProvider);
-        return this;
-    }
-
-    /**
-     * Sets the {@code Consumer} providing access to the {@code List} of default
-     * and (optionally) added {@link #authenticationProvider(AuthenticationProvider) AuthenticationProvider}'s
-     * allowing the ability to add, remove, or customize a specific {@link AuthenticationProvider}.
-     *
-     * @param authenticationProvidersConsumer the {@code Consumer} providing access to the {@code List} of default and (optionally) added {@link AuthenticationProvider}'s
-     * @return the {@link EiamOAuth2TokenEndpointConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOAuth2TokenIntrospectionEndpointConfigurer authenticationProviders(Consumer<List<AuthenticationProvider>> authenticationProvidersConsumer) {
-        Assert.notNull(authenticationProvidersConsumer,
-            "authenticationProvidersConsumer cannot be null");
-        this.authenticationProvidersConsumer = authenticationProvidersConsumer;
-        return this;
-    }
-
-    /**
-     * Sets the {@link AuthenticationSuccessHandler} used for handling an {@link OAuth2TokenIntrospectionAuthenticationToken}.
-     *
-     * @param introspectionResponseHandler the {@link AuthenticationSuccessHandler} used for handling an {@link OAuth2TokenIntrospectionAuthenticationToken}
-     * @return the {@link EiamOAuth2TokenEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2TokenIntrospectionEndpointConfigurer introspectionResponseHandler(AuthenticationSuccessHandler introspectionResponseHandler) {
-        this.introspectionResponseHandler = introspectionResponseHandler;
-        return this;
-    }
-
-    /**
-     * Sets the {@link AuthenticationFailureHandler} used for handling an {@link OAuth2AuthenticationException}
-     * and returning the {@link OAuth2Error Error Response}.
-     *
-     * @param errorResponseHandler the {@link AuthenticationFailureHandler} used for handling an {@link OAuth2AuthenticationException}
-     * @return the {@link EiamOAuth2TokenEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2TokenIntrospectionEndpointConfigurer errorResponseHandler(AuthenticationFailureHandler errorResponseHandler) {
-        this.errorResponseHandler = errorResponseHandler;
-        return this;
-    }
-
     @Override
     void init(HttpSecurity httpSecurity) {
         this.requestMatcher = new AntPathRequestMatcher(
@@ -201,13 +110,6 @@ public final class EiamOAuth2TokenIntrospectionEndpointConfigurer extends Abstra
         this.introspectionRequestConvertersConsumer.accept(authenticationConverters);
         introspectionEndpointFilter.setAuthenticationConverter(
             new DelegatingAuthenticationConverter(authenticationConverters));
-        if (this.introspectionResponseHandler != null) {
-            introspectionEndpointFilter
-                .setAuthenticationSuccessHandler(this.introspectionResponseHandler);
-        }
-        if (this.errorResponseHandler != null) {
-            introspectionEndpointFilter.setAuthenticationFailureHandler(this.errorResponseHandler);
-        }
         httpSecurity.addFilterAfter(postProcess(introspectionEndpointFilter),
             FilterSecurityInterceptor.class);
     }
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2TokenRevocationEndpointConfigurer.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2TokenRevocationEndpointConfigurer.java
index c3580cba..75f9f4ad 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2TokenRevocationEndpointConfigurer.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOAuth2TokenRevocationEndpointConfigurer.java
@@ -17,21 +17,28 @@
  */
 package org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers;
 
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.function.Consumer;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.converter.HttpMessageConverter;
+import org.springframework.http.server.ServletServerHttpResponse;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
+import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationProvider;
-import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenRevocationEndpointFilter;
 import org.springframework.security.oauth2.server.authorization.web.authentication.DelegatingAuthenticationConverter;
 import org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2TokenRevocationAuthenticationConverter;
@@ -41,7 +48,6 @@ import org.springframework.security.web.authentication.AuthenticationFailureHand
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.util.Assert;
 
 import cn.topiam.employee.common.constants.ProtocolConstants;
 
@@ -60,8 +66,9 @@ public final class EiamOAuth2TokenRevocationEndpointConfigurer extends AbstractO
     private final List<AuthenticationProvider>      authenticationProviders             = new ArrayList<>();
     private Consumer<List<AuthenticationProvider>>  authenticationProvidersConsumer     = (authenticationProviders) -> {
                                                                                         };
-    private AuthenticationSuccessHandler            revocationResponseHandler;
-    private AuthenticationFailureHandler            errorResponseHandler;
+    private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter          = new OAuth2ErrorHttpMessageConverter();
+    private final AuthenticationSuccessHandler      authenticationSuccessHandler        = this::sendRevocationSuccessResponse;
+    private final AuthenticationFailureHandler      authenticationFailureHandler        = this::sendErrorResponse;
 
     /**
      * Restrict for internal use only.
@@ -70,86 +77,6 @@ public final class EiamOAuth2TokenRevocationEndpointConfigurer extends AbstractO
         super(objectPostProcessor);
     }
 
-    /**
-     * Adds an {@link AuthenticationConverter} used when attempting to extract a Revoke Token Request from {@link HttpServletRequest}
-     * to an instance of {@link OAuth2TokenRevocationAuthenticationToken} used for authenticating the request.
-     *
-     * @param revocationRequestConverter an {@link AuthenticationConverter} used when attempting to extract a Revoke Token Request from {@link HttpServletRequest}
-     * @return the {@link EiamOAuth2TokenRevocationEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2TokenRevocationEndpointConfigurer revocationRequestConverter(AuthenticationConverter revocationRequestConverter) {
-        Assert.notNull(revocationRequestConverter, "revocationRequestConverter cannot be null");
-        this.revocationRequestConverters.add(revocationRequestConverter);
-        return this;
-    }
-
-    /**
-     * Sets the {@code Consumer} providing access to the {@code List} of default
-     * and (optionally) added {@link #revocationRequestConverter(AuthenticationConverter) AuthenticationConverter}'s
-     * allowing the ability to add, remove, or customize a specific {@link AuthenticationConverter}.
-     *
-     * @param revocationRequestConvertersConsumer the {@code Consumer} providing access to the {@code List} of default and (optionally) added {@link AuthenticationConverter}'s
-     * @return the {@link EiamOAuth2TokenRevocationEndpointConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOAuth2TokenRevocationEndpointConfigurer revocationRequestConverters(Consumer<List<AuthenticationConverter>> revocationRequestConvertersConsumer) {
-        Assert.notNull(revocationRequestConvertersConsumer,
-            "revocationRequestConvertersConsumer cannot be null");
-        this.revocationRequestConvertersConsumer = revocationRequestConvertersConsumer;
-        return this;
-    }
-
-    /**
-     * Adds an {@link AuthenticationProvider} used for authenticating a type of {@link OAuth2TokenRevocationAuthenticationToken}.
-     *
-     * @param authenticationProvider an {@link AuthenticationProvider} used for authenticating a type of {@link OAuth2TokenRevocationAuthenticationToken}
-     * @return the {@link EiamOAuth2TokenRevocationEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2TokenRevocationEndpointConfigurer authenticationProvider(AuthenticationProvider authenticationProvider) {
-        Assert.notNull(authenticationProvider, "authenticationProvider cannot be null");
-        this.authenticationProviders.add(authenticationProvider);
-        return this;
-    }
-
-    /**
-     * Sets the {@code Consumer} providing access to the {@code List} of default
-     * and (optionally) added {@link #authenticationProvider(AuthenticationProvider) AuthenticationProvider}'s
-     * allowing the ability to add, remove, or customize a specific {@link AuthenticationProvider}.
-     *
-     * @param authenticationProvidersConsumer the {@code Consumer} providing access to the {@code List} of default and (optionally) added {@link AuthenticationProvider}'s
-     * @return the {@link EiamOAuth2TokenRevocationEndpointConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOAuth2TokenRevocationEndpointConfigurer authenticationProviders(Consumer<List<AuthenticationProvider>> authenticationProvidersConsumer) {
-        Assert.notNull(authenticationProvidersConsumer,
-            "authenticationProvidersConsumer cannot be null");
-        this.authenticationProvidersConsumer = authenticationProvidersConsumer;
-        return this;
-    }
-
-    /**
-     * Sets the {@link AuthenticationSuccessHandler} used for handling an {@link OAuth2TokenRevocationAuthenticationToken}.
-     *
-     * @param revocationResponseHandler the {@link AuthenticationSuccessHandler} used for handling an {@link OAuth2TokenRevocationAuthenticationToken}
-     * @return the {@link EiamOAuth2TokenRevocationEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2TokenRevocationEndpointConfigurer revocationResponseHandler(AuthenticationSuccessHandler revocationResponseHandler) {
-        this.revocationResponseHandler = revocationResponseHandler;
-        return this;
-    }
-
-    /**
-     * Sets the {@link AuthenticationFailureHandler} used for handling an {@link OAuth2AuthenticationException}
-     * and returning the {@link OAuth2Error Error Response}.
-     *
-     * @param errorResponseHandler the {@link AuthenticationFailureHandler} used for handling an {@link OAuth2AuthenticationException}
-     * @return the {@link EiamOAuth2TokenRevocationEndpointConfigurer} for further configuration
-     */
-    public EiamOAuth2TokenRevocationEndpointConfigurer errorResponseHandler(AuthenticationFailureHandler errorResponseHandler) {
-        this.errorResponseHandler = errorResponseHandler;
-        return this;
-    }
-
     @Override
     void init(HttpSecurity httpSecurity) {
         this.requestMatcher = new AntPathRequestMatcher(
@@ -174,6 +101,8 @@ public final class EiamOAuth2TokenRevocationEndpointConfigurer extends AbstractO
         OAuth2TokenRevocationEndpointFilter revocationEndpointFilter = new OAuth2TokenRevocationEndpointFilter(
             authenticationManager,
             ProtocolConstants.OidcEndpointConstants.TOKEN_REVOCATION_ENDPOINT);
+        revocationEndpointFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
+        revocationEndpointFilter.setAuthenticationFailureHandler(authenticationFailureHandler);
         List<AuthenticationConverter> authenticationConverters = createDefaultAuthenticationConverters();
         if (!this.revocationRequestConverters.isEmpty()) {
             authenticationConverters.addAll(0, this.revocationRequestConverters);
@@ -181,13 +110,6 @@ public final class EiamOAuth2TokenRevocationEndpointConfigurer extends AbstractO
         this.revocationRequestConvertersConsumer.accept(authenticationConverters);
         revocationEndpointFilter.setAuthenticationConverter(
             new DelegatingAuthenticationConverter(authenticationConverters));
-        if (this.revocationResponseHandler != null) {
-            revocationEndpointFilter
-                .setAuthenticationSuccessHandler(this.revocationResponseHandler);
-        }
-        if (this.errorResponseHandler != null) {
-            revocationEndpointFilter.setAuthenticationFailureHandler(this.errorResponseHandler);
-        }
         httpSecurity.addFilterAfter(postProcess(revocationEndpointFilter),
             FilterSecurityInterceptor.class);
     }
@@ -215,4 +137,32 @@ public final class EiamOAuth2TokenRevocationEndpointConfigurer extends AbstractO
         return authenticationProviders;
     }
 
+    /**
+     * 撤销成功
+     *
+     * @param request {@link HttpServletRequest}
+     * @param response {@link HttpServletResponse}
+     * @param authentication {@link Authentication}
+     */
+    private void sendRevocationSuccessResponse(HttpServletRequest request,
+                                               HttpServletResponse response,
+                                               Authentication authentication) {
+        response.setStatus(HttpStatus.OK.value());
+    }
+
+    /**
+     * 响应失败
+     *
+     * @param request {@link HttpServletRequest}
+     * @param response {@link HttpServletResponse}
+     * @param exception {@link AuthenticationException}
+     * @throws IOException IOException
+     */
+    private void sendErrorResponse(HttpServletRequest request, HttpServletResponse response,
+                                   AuthenticationException exception) throws IOException {
+        OAuth2Error error = ((OAuth2AuthenticationException) exception).getError();
+        ServletServerHttpResponse httpResponse = new ServletServerHttpResponse(response);
+        httpResponse.setStatusCode(HttpStatus.BAD_REQUEST);
+        this.errorHttpResponseConverter.write(error, null, httpResponse);
+    }
 }
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOidcClientRegistrationEndpointConfigurer.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOidcClientRegistrationEndpointConfigurer.java
deleted file mode 100644
index 62afe9bf..00000000
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOidcClientRegistrationEndpointConfigurer.java
+++ /dev/null
@@ -1,239 +0,0 @@
-/*
- * eiam-protocol-oidc - Employee Identity and Access Management Program
- * Copyright © 2020-2023 TopIAM (support@topiam.cn)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.function.Consumer;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.springframework.http.HttpMethod;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.config.annotation.ObjectPostProcessor;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
-import org.springframework.security.oauth2.core.OAuth2Error;
-import org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration;
-import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcClientConfigurationAuthenticationProvider;
-import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcClientRegistrationAuthenticationProvider;
-import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcClientRegistrationAuthenticationToken;
-import org.springframework.security.oauth2.server.authorization.oidc.web.OidcClientRegistrationEndpointFilter;
-import org.springframework.security.oauth2.server.authorization.oidc.web.authentication.OidcClientRegistrationAuthenticationConverter;
-import org.springframework.security.oauth2.server.authorization.web.authentication.DelegatingAuthenticationConverter;
-import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
-import org.springframework.security.web.authentication.AuthenticationConverter;
-import org.springframework.security.web.authentication.AuthenticationFailureHandler;
-import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
-import org.springframework.security.web.util.matcher.OrRequestMatcher;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.util.Assert;
-
-import cn.topiam.employee.common.constants.ProtocolConstants;
-
-/**
- * Configurer for OpenID Connect Dynamic Client Registration 1.0 Endpoint.
- *
- * @author TopIAM
- * Created by support@topiam.cn on  2022/10/26 19:21
- */
-public final class EiamOidcClientRegistrationEndpointConfigurer extends AbstractOAuth2Configurer {
-    private RequestMatcher                          requestMatcher;
-    private final List<AuthenticationConverter>     clientRegistrationRequestConverters         = new ArrayList<>();
-    private Consumer<List<AuthenticationConverter>> clientRegistrationRequestConvertersConsumer = (clientRegistrationRequestConverters) -> {
-                                                                                                };
-    private final List<AuthenticationProvider>      authenticationProviders                     = new ArrayList<>();
-    private Consumer<List<AuthenticationProvider>>  authenticationProvidersConsumer             = (authenticationProviders) -> {
-                                                                                                };
-    private AuthenticationSuccessHandler            clientRegistrationResponseHandler;
-    private AuthenticationFailureHandler            errorResponseHandler;
-
-    /**
-     * Restrict for internal use only.
-     */
-    EiamOidcClientRegistrationEndpointConfigurer(ObjectPostProcessor<Object> objectPostProcessor) {
-        super(objectPostProcessor);
-    }
-
-    /**
-     * Adds an {@link AuthenticationConverter} used when attempting to extract a Client Registration Request from {@link HttpServletRequest}
-     * to an instance of {@link OidcClientRegistrationAuthenticationToken} used for authenticating the request.
-     *
-     * @param clientRegistrationRequestConverter an {@link AuthenticationConverter} used when attempting to extract a Client Registration Request from {@link HttpServletRequest}
-     * @return the {@link EiamOidcClientRegistrationEndpointConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOidcClientRegistrationEndpointConfigurer clientRegistrationRequestConverter(AuthenticationConverter clientRegistrationRequestConverter) {
-        Assert.notNull(clientRegistrationRequestConverter,
-            "clientRegistrationRequestConverter cannot be null");
-        this.clientRegistrationRequestConverters.add(clientRegistrationRequestConverter);
-        return this;
-    }
-
-    /**
-     * Sets the {@code Consumer} providing access to the {@code List} of default
-     * and (optionally) added {@link #clientRegistrationRequestConverter(AuthenticationConverter) AuthenticationConverter}'s
-     * allowing the ability to add, remove, or customize a specific {@link AuthenticationConverter}.
-     *
-     * @param clientRegistrationRequestConvertersConsumer the {@code Consumer} providing access to the {@code List} of default and (optionally) added {@link AuthenticationConverter}'s
-     * @return the {@link EiamOidcClientRegistrationEndpointConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOidcClientRegistrationEndpointConfigurer clientRegistrationRequestConverters(Consumer<List<AuthenticationConverter>> clientRegistrationRequestConvertersConsumer) {
-        Assert.notNull(clientRegistrationRequestConvertersConsumer,
-            "clientRegistrationRequestConvertersConsumer cannot be null");
-        this.clientRegistrationRequestConvertersConsumer = clientRegistrationRequestConvertersConsumer;
-        return this;
-    }
-
-    /**
-     * Adds an {@link AuthenticationProvider} used for authenticating an {@link OidcClientRegistrationAuthenticationToken}.
-     *
-     * @param authenticationProvider an {@link AuthenticationProvider} used for authenticating an {@link OidcClientRegistrationAuthenticationToken}
-     * @return the {@link EiamOidcClientRegistrationEndpointConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOidcClientRegistrationEndpointConfigurer authenticationProvider(AuthenticationProvider authenticationProvider) {
-        Assert.notNull(authenticationProvider, "authenticationProvider cannot be null");
-        this.authenticationProviders.add(authenticationProvider);
-        return this;
-    }
-
-    /**
-     * Sets the {@code Consumer} providing access to the {@code List} of default
-     * and (optionally) added {@link #authenticationProvider(AuthenticationProvider) AuthenticationProvider}'s
-     * allowing the ability to add, remove, or customize a specific {@link AuthenticationProvider}.
-     *
-     * @param authenticationProvidersConsumer the {@code Consumer} providing access to the {@code List} of default and (optionally) added {@link AuthenticationProvider}'s
-     * @return the {@link EiamOidcClientRegistrationEndpointConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOidcClientRegistrationEndpointConfigurer authenticationProviders(Consumer<List<AuthenticationProvider>> authenticationProvidersConsumer) {
-        Assert.notNull(authenticationProvidersConsumer,
-            "authenticationProvidersConsumer cannot be null");
-        this.authenticationProvidersConsumer = authenticationProvidersConsumer;
-        return this;
-    }
-
-    /**
-     * Sets the {@link AuthenticationSuccessHandler} used for handling an {@link OidcClientRegistrationAuthenticationToken}
-     * and returning the {@link OidcClientRegistration Client Registration Response}.
-     *
-     * @param clientRegistrationResponseHandler the {@link AuthenticationSuccessHandler} used for handling an {@link OidcClientRegistrationAuthenticationToken}
-     * @return the {@link EiamOidcClientRegistrationEndpointConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOidcClientRegistrationEndpointConfigurer clientRegistrationResponseHandler(AuthenticationSuccessHandler clientRegistrationResponseHandler) {
-        this.clientRegistrationResponseHandler = clientRegistrationResponseHandler;
-        return this;
-    }
-
-    /**
-     * Sets the {@link AuthenticationFailureHandler} used for handling an {@link OAuth2AuthenticationException}
-     * and returning the {@link OAuth2Error Error Response}.
-     *
-     * @param errorResponseHandler the {@link AuthenticationFailureHandler} used for handling an {@link OAuth2AuthenticationException}
-     * @return the {@link EiamOidcClientRegistrationEndpointConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOidcClientRegistrationEndpointConfigurer errorResponseHandler(AuthenticationFailureHandler errorResponseHandler) {
-        this.errorResponseHandler = errorResponseHandler;
-        return this;
-    }
-
-    @Override
-    void init(HttpSecurity httpSecurity) {
-        this.requestMatcher = new OrRequestMatcher(
-            new AntPathRequestMatcher(
-                ProtocolConstants.OidcEndpointConstants.OIDC_CLIENT_REGISTRATION_ENDPOINT,
-                HttpMethod.POST.name()),
-            new AntPathRequestMatcher(
-                ProtocolConstants.OidcEndpointConstants.OIDC_CLIENT_REGISTRATION_ENDPOINT,
-                HttpMethod.GET.name()));
-
-        List<AuthenticationProvider> authenticationProviders = createDefaultAuthenticationProviders(
-            httpSecurity);
-        if (!this.authenticationProviders.isEmpty()) {
-            authenticationProviders.addAll(0, this.authenticationProviders);
-        }
-        this.authenticationProvidersConsumer.accept(authenticationProviders);
-        authenticationProviders.forEach(authenticationProvider -> httpSecurity
-            .authenticationProvider(postProcess(authenticationProvider)));
-    }
-
-    @Override
-    void configure(HttpSecurity httpSecurity) {
-        AuthenticationManager authenticationManager = httpSecurity
-            .getSharedObject(AuthenticationManager.class);
-
-        OidcClientRegistrationEndpointFilter oidcClientRegistrationEndpointFilter = new OidcClientRegistrationEndpointFilter(
-            authenticationManager,
-            ProtocolConstants.OidcEndpointConstants.OIDC_CLIENT_REGISTRATION_ENDPOINT);
-
-        List<AuthenticationConverter> authenticationConverters = createDefaultAuthenticationConverters();
-        if (!this.clientRegistrationRequestConverters.isEmpty()) {
-            authenticationConverters.addAll(0, this.clientRegistrationRequestConverters);
-        }
-        this.clientRegistrationRequestConvertersConsumer.accept(authenticationConverters);
-        oidcClientRegistrationEndpointFilter.setAuthenticationConverter(
-            new DelegatingAuthenticationConverter(authenticationConverters));
-        if (this.clientRegistrationResponseHandler != null) {
-            oidcClientRegistrationEndpointFilter
-                .setAuthenticationSuccessHandler(this.clientRegistrationResponseHandler);
-        }
-        if (this.errorResponseHandler != null) {
-            oidcClientRegistrationEndpointFilter
-                .setAuthenticationFailureHandler(this.errorResponseHandler);
-        }
-        httpSecurity.addFilterAfter(postProcess(oidcClientRegistrationEndpointFilter),
-            FilterSecurityInterceptor.class);
-    }
-
-    @Override
-    RequestMatcher getRequestMatcher() {
-        return this.requestMatcher;
-    }
-
-    private static List<AuthenticationConverter> createDefaultAuthenticationConverters() {
-        List<AuthenticationConverter> authenticationConverters = new ArrayList<>();
-
-        authenticationConverters.add(new OidcClientRegistrationAuthenticationConverter());
-
-        return authenticationConverters;
-    }
-
-    private static List<AuthenticationProvider> createDefaultAuthenticationProviders(HttpSecurity httpSecurity) {
-        List<AuthenticationProvider> authenticationProviders = new ArrayList<>();
-
-        OidcClientRegistrationAuthenticationProvider oidcClientRegistrationAuthenticationProvider = new OidcClientRegistrationAuthenticationProvider(
-            OAuth2ConfigurerUtils.getRegisteredClientRepository(httpSecurity),
-            OAuth2ConfigurerUtils.getAuthorizationService(httpSecurity),
-            OAuth2ConfigurerUtils.getTokenGenerator(httpSecurity));
-        authenticationProviders.add(oidcClientRegistrationAuthenticationProvider);
-
-        OidcClientConfigurationAuthenticationProvider oidcClientConfigurationAuthenticationProvider = new OidcClientConfigurationAuthenticationProvider(
-            OAuth2ConfigurerUtils.getRegisteredClientRepository(httpSecurity),
-            OAuth2ConfigurerUtils.getAuthorizationService(httpSecurity));
-        authenticationProviders.add(oidcClientConfigurationAuthenticationProvider);
-
-        return authenticationProviders;
-    }
-
-}
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOidcConfigurer.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOidcConfigurer.java
index dcc5b9bb..12e823c2 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOidcConfigurer.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOidcConfigurer.java
@@ -22,12 +22,10 @@ import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
-import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.util.matcher.OrRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
-import static cn.topiam.employee.common.constants.ProtocolConstants.OidcEndpointConstants.OIDC_CLIENT_REGISTRATION_ENDPOINT;
 
 /**
  * Configurer for OpenID Connect 1.0 support.
@@ -50,50 +48,6 @@ public final class EiamOidcConfigurer extends AbstractOAuth2Configurer {
             new EiamOidcUserInfoEndpointConfigurer(objectPostProcessor));
     }
 
-    /**
-     * Configures the OpenID Connect 1.0 Provider Configuration Endpoint.
-     *
-     * @param providerConfigurationEndpointCustomizer the {@link Customizer} providing access to the {@link EiamOidcProviderConfigurationEndpointConfigurer}
-     * @return the {@link EiamOidcConfigurer} for further configuration
-     * @since 0.4.0
-     */
-    public EiamOidcConfigurer providerConfigurationEndpoint(Customizer<EiamOidcProviderConfigurationEndpointConfigurer> providerConfigurationEndpointCustomizer) {
-        providerConfigurationEndpointCustomizer
-            .customize(getConfigurer(EiamOidcProviderConfigurationEndpointConfigurer.class));
-        return this;
-    }
-
-    /**
-     * Configures the OpenID Connect Dynamic Client Registration 1.0 Endpoint.
-     *
-     * @param clientRegistrationEndpointCustomizer the {@link Customizer} providing access to the {@link EiamOidcClientRegistrationEndpointConfigurer}
-     * @return the {@link EiamOidcConfigurer} for further configuration
-     */
-    public EiamOidcConfigurer clientRegistrationEndpoint(Customizer<EiamOidcClientRegistrationEndpointConfigurer> clientRegistrationEndpointCustomizer) {
-        EiamOidcClientRegistrationEndpointConfigurer clientRegistrationEndpointConfigurer = getConfigurer(
-            EiamOidcClientRegistrationEndpointConfigurer.class);
-        if (clientRegistrationEndpointConfigurer == null) {
-            addConfigurer(EiamOidcClientRegistrationEndpointConfigurer.class,
-                new EiamOidcClientRegistrationEndpointConfigurer(getObjectPostProcessor()));
-            clientRegistrationEndpointConfigurer = getConfigurer(
-                EiamOidcClientRegistrationEndpointConfigurer.class);
-        }
-        clientRegistrationEndpointCustomizer.customize(clientRegistrationEndpointConfigurer);
-        return this;
-    }
-
-    /**
-     * Configures the OpenID Connect 1.0 UserInfo Endpoint.
-     *
-     * @param userInfoEndpointCustomizer the {@link Customizer} providing access to the {@link EiamOidcUserInfoEndpointConfigurer}
-     * @return the {@link OidcConfigurer} for further configuration
-     */
-    public EiamOidcConfigurer userInfoEndpoint(Customizer<EiamOidcUserInfoEndpointConfigurer> userInfoEndpointCustomizer) {
-        userInfoEndpointCustomizer
-            .customize(getConfigurer(EiamOidcUserInfoEndpointConfigurer.class));
-        return this;
-    }
-
     @Override
     void init(HttpSecurity httpSecurity) {
         List<RequestMatcher> requestMatchers = new ArrayList<>();
@@ -106,16 +60,6 @@ public final class EiamOidcConfigurer extends AbstractOAuth2Configurer {
 
     @Override
     void configure(HttpSecurity httpSecurity) {
-        EiamOidcClientRegistrationEndpointConfigurer clientRegistrationEndpointConfigurer = getConfigurer(
-            EiamOidcClientRegistrationEndpointConfigurer.class);
-        if (clientRegistrationEndpointConfigurer != null) {
-            EiamOidcProviderConfigurationEndpointConfigurer providerConfigurationEndpointConfigurer = getConfigurer(
-                EiamOidcProviderConfigurationEndpointConfigurer.class);
-
-            providerConfigurationEndpointConfigurer.addDefaultProviderConfigurationCustomizer(
-                (builder) -> builder.clientRegistrationEndpoint(OIDC_CLIENT_REGISTRATION_ENDPOINT));
-        }
-
         this.configurers.values().forEach(configurer -> configurer.configure(httpSecurity));
     }
 
diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOidcUserInfoEndpointConfigurer.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOidcUserInfoEndpointConfigurer.java
index 4a3d8141..90f05310 100644
--- a/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOidcUserInfoEndpointConfigurer.java
+++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/EiamOidcUserInfoEndpointConfigurer.java
@@ -17,18 +17,11 @@
  */
 package org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers;
 
-import java.util.function.Function;
-
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
-import org.springframework.security.oauth2.core.oidc.OidcIdToken;
-import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
-import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcUserInfoAuthenticationContext;
 import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcUserInfoAuthenticationProvider;
-import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcUserInfoAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.oidc.web.OidcUserInfoEndpointFilter;
 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -44,8 +37,7 @@ import cn.topiam.employee.common.constants.ProtocolConstants;
  * Created by support@topiam.cn on  2022/10/26 19:24
  */
 public final class EiamOidcUserInfoEndpointConfigurer extends AbstractOAuth2Configurer {
-    private RequestMatcher                                            requestMatcher;
-    private Function<OidcUserInfoAuthenticationContext, OidcUserInfo> userInfoMapper;
+    private RequestMatcher requestMatcher;
 
     /**
      * Restrict for internal use only.
@@ -54,27 +46,6 @@ public final class EiamOidcUserInfoEndpointConfigurer extends AbstractOAuth2Conf
         super(objectPostProcessor);
     }
 
-    /**
-     * Sets the {@link Function} used to extract claims from {@link OidcUserInfoAuthenticationContext}
-     * to an instance of {@link OidcUserInfo} for the UserInfo response.
-     *
-     * <p>
-     * The {@link OidcUserInfoAuthenticationContext} gives the mapper access to the {@link OidcUserInfoAuthenticationToken},
-     * as well as, the following context attributes:
-     * <ul>
-     * <li>{@link OidcUserInfoAuthenticationContext#getAccessToken()} containing the bearer token used to make the request.</li>
-     * <li>{@link OidcUserInfoAuthenticationContext#getAuthorization()} containing the {@link OidcIdToken} and
-     * {@link OAuth2AccessToken} associated with the bearer token used to make the request.</li>
-     * </ul>
-     *
-     * @param userInfoMapper the {@link Function} used to extract claims from {@link OidcUserInfoAuthenticationContext} to an instance of {@link OidcUserInfo}
-     * @return the {@link EiamOidcUserInfoEndpointConfigurer} for further configuration
-     */
-    public EiamOidcUserInfoEndpointConfigurer userInfoMapper(Function<OidcUserInfoAuthenticationContext, OidcUserInfo> userInfoMapper) {
-        this.userInfoMapper = userInfoMapper;
-        return this;
-    }
-
     @Override
     void init(HttpSecurity httpSecurity) {
         String userInfoEndpointUri = ProtocolConstants.OidcEndpointConstants.OIDC_USER_INFO_ENDPOINT;
@@ -84,9 +55,6 @@ public final class EiamOidcUserInfoEndpointConfigurer extends AbstractOAuth2Conf
 
         OidcUserInfoAuthenticationProvider oidcUserInfoAuthenticationProvider = new OidcUserInfoAuthenticationProvider(
             OAuth2ConfigurerUtils.getAuthorizationService(httpSecurity));
-        if (this.userInfoMapper != null) {
-            oidcUserInfoAuthenticationProvider.setUserInfoMapper(this.userInfoMapper);
-        }
         httpSecurity.authenticationProvider(postProcess(oidcUserInfoAuthenticationProvider));
     }
 
diff --git a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/Saml2IdpConfigurer.java b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/Saml2IdpConfigurer.java
index 2587aaa4..7ccf7054 100644
--- a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/Saml2IdpConfigurer.java
+++ b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/Saml2IdpConfigurer.java
@@ -34,7 +34,9 @@ import cn.topiam.employee.protocol.saml2.idp.endpoint.Saml2IdpSingleSignOnEndpoi
 import cn.topiam.employee.protocol.saml2.idp.endpoint.Saml2IdpSingleSignOutEndpointFilter;
 import cn.topiam.employee.protocol.saml2.idp.endpoint.Saml2InitSingleSignOnEndpointFilter;
 import cn.topiam.employee.protocol.saml2.idp.filter.EiamSaml2AuthorizationServerContextFilter;
-import static cn.topiam.employee.protocol.saml2.idp.util.Saml2Utils.*;
+import static cn.topiam.employee.protocol.cas.util.ProtocolUtils.getApplicationServiceLoader;
+import static cn.topiam.employee.protocol.saml2.idp.util.Saml2Utils.getAppSaml2ConfigRepository;
+import static cn.topiam.employee.protocol.saml2.idp.util.Saml2Utils.getSessionRegistry;
 
 /**
  * 认证配置
diff --git a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/Saml2IdpMetadataEndpointFilter.java b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/Saml2IdpMetadataEndpointFilter.java
index 88679ddc..55d459ed 100644
--- a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/Saml2IdpMetadataEndpointFilter.java
+++ b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/Saml2IdpMetadataEndpointFilter.java
@@ -38,11 +38,11 @@ import org.springframework.web.filter.OncePerRequestFilter;
 
 import cn.topiam.employee.application.ApplicationService;
 import cn.topiam.employee.application.ApplicationServiceLoader;
-import cn.topiam.employee.application.Saml2ApplicationService;
 import cn.topiam.employee.application.context.ApplicationContext;
 import cn.topiam.employee.application.context.ApplicationContextHolder;
+import cn.topiam.employee.application.saml2.Saml2ApplicationService;
+import cn.topiam.employee.application.saml2.model.Saml2ProtocolConfig;
 import cn.topiam.employee.common.constants.ProtocolConstants;
-import cn.topiam.employee.core.protocol.Saml2ProtocolConfig;
 import static cn.topiam.employee.common.util.SamlUtils.initOpenSaml;
 import static cn.topiam.employee.common.util.SamlUtils.transformSamlObject2String;
 import static cn.topiam.employee.protocol.saml2.idp.util.Saml2Utils.getEntityDescriptor;
diff --git a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/Saml2IdpSingleSignOnEndpointFilter.java b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/Saml2IdpSingleSignOnEndpointFilter.java
index 1e60bc7c..793b7ce5 100644
--- a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/Saml2IdpSingleSignOnEndpointFilter.java
+++ b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/Saml2IdpSingleSignOnEndpointFilter.java
@@ -56,16 +56,16 @@ import com.google.common.collect.Lists;
 
 import cn.topiam.employee.application.ApplicationService;
 import cn.topiam.employee.application.ApplicationServiceLoader;
-import cn.topiam.employee.application.Saml2ApplicationService;
 import cn.topiam.employee.application.context.ApplicationContext;
 import cn.topiam.employee.application.context.ApplicationContextHolder;
+import cn.topiam.employee.application.saml2.Saml2ApplicationService;
+import cn.topiam.employee.application.saml2.model.Saml2SsoModel;
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.EventStatus;
 import cn.topiam.employee.audit.enums.TargetType;
 import cn.topiam.employee.audit.event.AuditEventPublish;
 import cn.topiam.employee.common.util.SamlUtils;
 import cn.topiam.employee.core.context.ServerContextHelp;
-import cn.topiam.employee.core.protocol.Saml2SsoModel;
 import cn.topiam.employee.core.security.savedredirect.HttpSessionRedirectCache;
 import cn.topiam.employee.core.security.savedredirect.RedirectCache;
 import cn.topiam.employee.protocol.saml2.idp.endpoint.xml.ResponseGenerator;
@@ -82,7 +82,8 @@ import static org.springframework.util.StringUtils.hasText;
 
 import static cn.topiam.employee.audit.enums.EventType.APP_SSO;
 import static cn.topiam.employee.common.constants.AuthorizeConstants.FE_LOGIN;
-import static cn.topiam.employee.common.constants.ProtocolConstants.*;
+import static cn.topiam.employee.common.constants.ProtocolConstants.APP_CODE_VARIABLE;
+import static cn.topiam.employee.common.constants.ProtocolConstants.Saml2EndpointConstants;
 import static cn.topiam.employee.common.util.SamlKeyStoreProvider.getKeyStoreCredentialResolver;
 import static cn.topiam.employee.common.util.SamlUtils.getMessageContext;
 import static cn.topiam.employee.core.security.util.SecurityUtils.isAuthenticated;
@@ -257,7 +258,7 @@ public class Saml2IdpSingleSignOnEndpointFilter extends OncePerRequestFilter
     /**
      * Velocity 引擎
      */
-    public static final VelocityEngine VELOCITY_ENGINE;
+    public final static VelocityEngine VELOCITY_ENGINE;
 
     static {
         VELOCITY_ENGINE = new VelocityEngine();
diff --git a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/Saml2IdpSingleSignOutEndpointFilter.java b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/Saml2IdpSingleSignOutEndpointFilter.java
index 4c4638e3..77d1bdaf 100644
--- a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/Saml2IdpSingleSignOutEndpointFilter.java
+++ b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/Saml2IdpSingleSignOutEndpointFilter.java
@@ -17,10 +17,13 @@
  */
 package cn.topiam.employee.protocol.saml2.idp.endpoint;
 
+import java.util.Objects;
+
 import javax.servlet.FilterChain;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.StringUtils;
 import org.opensaml.messaging.context.MessageContext;
 import org.opensaml.saml.saml2.core.LogoutRequest;
 import org.opensaml.security.credential.CredentialResolver;
@@ -31,6 +34,7 @@ import org.springframework.core.Ordered;
 import org.springframework.http.HttpMethod;
 import org.springframework.lang.NonNull;
 import org.springframework.security.core.session.SessionRegistry;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.web.filter.OncePerRequestFilter;
@@ -39,9 +43,10 @@ import com.google.common.collect.Lists;
 
 import cn.topiam.employee.application.ApplicationService;
 import cn.topiam.employee.application.ApplicationServiceLoader;
-import cn.topiam.employee.application.Saml2ApplicationService;
 import cn.topiam.employee.application.context.ApplicationContext;
 import cn.topiam.employee.application.context.ApplicationContextHolder;
+import cn.topiam.employee.application.saml2.Saml2ApplicationService;
+import cn.topiam.employee.application.saml2.model.Saml2ProtocolConfig;
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.EventStatus;
 import cn.topiam.employee.audit.enums.TargetType;
@@ -49,7 +54,6 @@ import cn.topiam.employee.audit.event.AuditEventPublish;
 import cn.topiam.employee.common.constants.ProtocolConstants;
 import cn.topiam.employee.common.util.SamlUtils;
 import cn.topiam.employee.core.context.ServerContextHelp;
-import cn.topiam.employee.core.protocol.Saml2ProtocolConfig;
 import cn.topiam.employee.protocol.saml2.idp.endpoint.xml.Saml2ValidatorSuite;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
 import cn.topiam.employee.support.exception.TopIamException;
@@ -104,13 +108,19 @@ public class Saml2IdpSingleSignOutEndpointFilter extends OncePerRequestFilter
                     LogoutRequest logoutRequest = (LogoutRequest) messageContext.getMessage();
                     logger.info("LogoutRequest: ");
                     SamlUtils.logSamlObject(logoutRequest);
-                    CredentialResolver credentialResolver = getKeyStoreCredentialResolver(protocolConfig.getSpEntityId(), protocolConfig.getSpSignCert());
-                    Saml2ValidatorSuite.verifySignatureUsingSignatureValidator(logoutRequest.getSignature(), credentialResolver, protocolConfig.getSpEntityId());
-                    Saml2ValidatorSuite.verifySignatureUsingMessageHandler(messageContext, credentialResolver, protocolConfig.getSpEntityId());
+                    if (protocolConfig.getSpRequestsSigned()){
+                        CredentialResolver credentialResolver = getKeyStoreCredentialResolver(protocolConfig.getSpEntityId(), protocolConfig.getSpSignCert());
+                        Saml2ValidatorSuite.verifySignatureUsingSignatureValidator(logoutRequest.getSignature(), credentialResolver, protocolConfig.getSpEntityId());
+                        Saml2ValidatorSuite.verifySignatureUsingMessageHandler(messageContext, credentialResolver, protocolConfig.getSpEntityId());
+                    }
                     //根据 SessionIndexes 清除会话
-                    logoutRequest.getSessionIndexes().forEach((i) -> sessionRegistry.removeSessionInformation(i.getValue()));
+                    Objects.requireNonNull(logoutRequest).getSessionIndexes().forEach((i) -> sessionRegistry.removeSessionInformation(i.getValue()));
                     //跳转登录
-                    response.sendRedirect(ServerContextHelp.getPortalPublicBaseUrl() + FE_LOGIN);
+                    StringBuilder loginUrl = new StringBuilder(ServerContextHelp.getPortalPublicBaseUrl() + FE_LOGIN);
+                    if(StringUtils.isNotBlank(logoutRequest.getDestination())) {
+                        loginUrl.append("?").append(OAuth2ParameterNames.REDIRECT_URI+"=").append(logoutRequest.getDestination());
+                    }
+                    response.sendRedirect(loginUrl.toString());
                 } catch (Exception e) {
                     success=false;
                     result=e.getMessage();
diff --git a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/Saml2InitSingleSignOnEndpointFilter.java b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/Saml2InitSingleSignOnEndpointFilter.java
index 8e4890f0..8eab2274 100644
--- a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/Saml2InitSingleSignOnEndpointFilter.java
+++ b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/Saml2InitSingleSignOnEndpointFilter.java
@@ -37,15 +37,15 @@ import com.google.common.collect.Lists;
 
 import cn.topiam.employee.application.ApplicationService;
 import cn.topiam.employee.application.ApplicationServiceLoader;
-import cn.topiam.employee.application.Saml2ApplicationService;
 import cn.topiam.employee.application.context.ApplicationContext;
 import cn.topiam.employee.application.context.ApplicationContextHolder;
+import cn.topiam.employee.application.saml2.Saml2ApplicationService;
+import cn.topiam.employee.application.saml2.model.Saml2SsoModel;
 import cn.topiam.employee.audit.entity.Target;
 import cn.topiam.employee.audit.enums.EventStatus;
 import cn.topiam.employee.audit.enums.TargetType;
 import cn.topiam.employee.audit.event.AuditEventPublish;
 import cn.topiam.employee.core.context.ServerContextHelp;
-import cn.topiam.employee.core.protocol.Saml2SsoModel;
 import cn.topiam.employee.core.security.savedredirect.HttpSessionRedirectCache;
 import cn.topiam.employee.core.security.savedredirect.RedirectCache;
 import cn.topiam.employee.support.context.ApplicationContextHelp;
diff --git a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/xml/AssertionGenerator.java b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/xml/AssertionGenerator.java
index ff7ed754..05fd01a0 100644
--- a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/xml/AssertionGenerator.java
+++ b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/xml/AssertionGenerator.java
@@ -39,11 +39,11 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.util.CollectionUtils;
 
+import cn.topiam.employee.application.saml2.model.Saml2SsoModel;
 import cn.topiam.employee.common.enums.app.AuthnContextClassRefType;
 import cn.topiam.employee.common.enums.app.SamlEncryptAssertAlgorithmType;
 import cn.topiam.employee.common.enums.app.SamlNameIdFormatType;
 import cn.topiam.employee.common.enums.app.SamlSignAssertAlgorithmType;
-import cn.topiam.employee.core.protocol.Saml2SsoModel;
 
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
diff --git a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/xml/AttributeStatementGenerator.java b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/xml/AttributeStatementGenerator.java
index ebf19e38..8ef15737 100644
--- a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/xml/AttributeStatementGenerator.java
+++ b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/xml/AttributeStatementGenerator.java
@@ -29,7 +29,7 @@ import org.opensaml.saml.saml2.core.impl.AttributeStatementBuilder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import cn.topiam.employee.core.protocol.Saml2SsoModel;
+import cn.topiam.employee.application.saml2.model.Saml2SsoModel;
 
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
diff --git a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/xml/ResponseGenerator.java b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/xml/ResponseGenerator.java
index 04958c59..86c5fe5a 100644
--- a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/xml/ResponseGenerator.java
+++ b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/xml/ResponseGenerator.java
@@ -36,11 +36,11 @@ import org.opensaml.xmlsec.signature.support.SignatureConstants;
 import org.opensaml.xmlsec.signature.support.SignatureException;
 import org.opensaml.xmlsec.signature.support.Signer;
 
+import cn.topiam.employee.application.saml2.model.Saml2SsoModel;
 import cn.topiam.employee.common.enums.app.AuthnContextClassRefType;
 import cn.topiam.employee.common.enums.app.SamlEncryptAssertAlgorithmType;
 import cn.topiam.employee.common.enums.app.SamlNameIdFormatType;
 import cn.topiam.employee.common.enums.app.SamlSignAssertAlgorithmType;
-import cn.topiam.employee.core.protocol.Saml2SsoModel;
 
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
diff --git a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/xml/Saml2ValidatorSuite.java b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/xml/Saml2ValidatorSuite.java
index 3807d2a8..3f28d68b 100644
--- a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/xml/Saml2ValidatorSuite.java
+++ b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/endpoint/xml/Saml2ValidatorSuite.java
@@ -27,7 +27,6 @@ import org.opensaml.saml.common.messaging.context.SAMLProtocolContext;
 import org.opensaml.saml.common.xml.SAMLConstants;
 import org.opensaml.saml.criterion.EntityRoleCriterion;
 import org.opensaml.saml.criterion.ProtocolCriterion;
-import org.opensaml.saml.saml2.core.AuthnRequest;
 import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
 import org.opensaml.security.credential.Credential;
@@ -56,7 +55,7 @@ public class Saml2ValidatorSuite {
     /**
      * 验证签名
      *
-     * @param authnRequest       {@link AuthnRequest}
+     * @param signature       {@link Signature}
      * @param credentialResolver {@link CredentialResolver}
      * @throws Exception Exception
      */
diff --git a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/util/Saml2Utils.java b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/util/Saml2Utils.java
index 26dbba58..7b1c5615 100644
--- a/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/util/Saml2Utils.java
+++ b/eiam-protocol/eiam-protocol-saml2/src/main/java/cn/topiam/employee/protocol/saml2/idp/util/Saml2Utils.java
@@ -24,20 +24,20 @@ import org.opensaml.saml.saml2.core.NameIDType;
 import org.opensaml.saml.saml2.metadata.*;
 import org.opensaml.saml.saml2.metadata.impl.*;
 import org.opensaml.security.credential.UsageType;
-import org.springframework.context.ApplicationContext;
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
 import org.springframework.security.core.session.SessionRegistry;
 
-import cn.topiam.employee.application.ApplicationServiceLoader;
+import cn.topiam.employee.application.saml2.model.Saml2ProtocolConfig;
 import cn.topiam.employee.common.repository.app.AppSaml2ConfigRepository;
 import cn.topiam.employee.common.util.SamlKeyStoreProvider;
 import cn.topiam.employee.core.context.ServerContextHelp;
-import cn.topiam.employee.core.protocol.Saml2ProtocolConfig;
 import cn.topiam.employee.support.exception.TopIamException;
 import static org.opensaml.saml.common.xml.SAMLConstants.SAML2_POST_BINDING_URI;
 import static org.opensaml.saml.common.xml.SAMLConstants.SAML2_REDIRECT_BINDING_URI;
 
-import static cn.topiam.employee.common.constants.ProtocolConstants.*;
+import static cn.topiam.employee.common.constants.ProtocolConstants.APP_CODE_VARIABLE;
+import static cn.topiam.employee.common.constants.ProtocolConstants.Saml2EndpointConstants;
+import static cn.topiam.employee.protocol.cas.util.ProtocolUtils.getBean;
 
 /**
  *
@@ -65,20 +65,6 @@ public class Saml2Utils {
         return sessionRegistry;
     }
 
-    public static <B extends HttpSecurityBuilder<B>> ApplicationServiceLoader getApplicationServiceLoader(B builder) {
-        ApplicationServiceLoader applicationServiceLoader = builder
-            .getSharedObject(ApplicationServiceLoader.class);
-        if (applicationServiceLoader == null) {
-            applicationServiceLoader = getBean(builder, ApplicationServiceLoader.class);
-            builder.setSharedObject(ApplicationServiceLoader.class, applicationServiceLoader);
-        }
-        return applicationServiceLoader;
-    }
-
-    public static <B extends HttpSecurityBuilder<B>, T> T getBean(B builder, Class<T> type) {
-        return builder.getSharedObject(ApplicationContext.class).getBean(type);
-    }
-
     /**
      * 获取EntityDescriptor
      *
diff --git a/eiam-protocol/eiam-protocol-saml2/src/main/resources/templates/form_redirect.ftlh b/eiam-protocol/eiam-protocol-saml2/src/main/resources/templates/form_redirect.ftlh
deleted file mode 100644
index 2f480981..00000000
--- a/eiam-protocol/eiam-protocol-saml2/src/main/resources/templates/form_redirect.ftlh
+++ /dev/null
@@ -1,198 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <title>Redirect - TopIAM</title>
-    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
-    <meta name="robots" content="noindex, nofollow, nocache, noarchive"/>
-    <meta
-            name="viewport"
-            content="width=device-width,initial-scale=1,maximum-scale=1,minimum-scale=1,user-scalable=no"
-    />
-</head>
-<style>
-    html,
-    body,
-    #root {
-        height: 100%;
-        margin: 0;
-        padding: 0;
-    }
-
-    #root {
-        background-repeat: no-repeat;
-        background-size: 100% auto;
-    }
-
-    .page-loading-warp {
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        padding: 98px;
-    }
-
-    .ant-spin {
-        position: absolute;
-        display: none;
-        -webkit-box-sizing: border-box;
-        box-sizing: border-box;
-        margin: 0;
-        padding: 0;
-        color: rgba(0, 0, 0, 0.65);
-        color: #1890ff;
-        font-size: 14px;
-        font-variant: tabular-nums;
-        line-height: 1.5;
-        text-align: center;
-        list-style: none;
-        opacity: 0;
-        -webkit-transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        -webkit-font-feature-settings: 'tnum';
-        font-feature-settings: 'tnum';
-    }
-
-    .ant-spin-spinning {
-        position: static;
-        display: inline-block;
-        opacity: 1;
-    }
-
-    .ant-spin-dot {
-        position: relative;
-        display: inline-block;
-        width: 20px;
-        height: 20px;
-        font-size: 20px;
-    }
-
-    .ant-spin-dot-item {
-        position: absolute;
-        display: block;
-        width: 9px;
-        height: 9px;
-        background-color: #1890ff;
-        border-radius: 100%;
-        -webkit-transform: scale(0.75);
-        -ms-transform: scale(0.75);
-        transform: scale(0.75);
-        -webkit-transform-origin: 50% 50%;
-        -ms-transform-origin: 50% 50%;
-        transform-origin: 50% 50%;
-        opacity: 0.3;
-        -webkit-animation: antspinmove 1s infinite linear alternate;
-        animation: antSpinMove 1s infinite linear alternate;
-    }
-
-    .ant-spin-dot-item:nth-child(1) {
-        top: 0;
-        left: 0;
-    }
-
-    .ant-spin-dot-item:nth-child(2) {
-        top: 0;
-        right: 0;
-        -webkit-animation-delay: 0.4s;
-        animation-delay: 0.4s;
-    }
-
-    .ant-spin-dot-item:nth-child(3) {
-        right: 0;
-        bottom: 0;
-        -webkit-animation-delay: 0.8s;
-        animation-delay: 0.8s;
-    }
-
-    .ant-spin-dot-item:nth-child(4) {
-        bottom: 0;
-        left: 0;
-        -webkit-animation-delay: 1.2s;
-        animation-delay: 1.2s;
-    }
-
-    .ant-spin-dot-spin {
-        -webkit-transform: rotate(45deg);
-        -ms-transform: rotate(45deg);
-        transform: rotate(45deg);
-        -webkit-animation: antrotate 1.2s infinite linear;
-        animation: antRotate 1.2s infinite linear;
-    }
-
-    .ant-spin-lg .ant-spin-dot {
-        width: 32px;
-        height: 32px;
-        font-size: 32px;
-    }
-
-    .ant-spin-lg .ant-spin-dot i {
-        width: 14px;
-        height: 14px;
-    }
-
-    @media all and (-ms-high-contrast: none), (-ms-high-contrast: active) {
-        .ant-spin-blur {
-            background: #fff;
-            opacity: 0.5;
-        }
-    }
-
-    @-webkit-keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @-webkit-keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-
-    @keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-</style>
-<body>
-<noscript>
-    <p>
-        <strong>Note:</strong> Since your browser does not support JavaScript, you must press the
-        Continue button once to proceed.
-    </p>
-</noscript>
-<div id="root">
-    <div
-            style="
-          display: flex;
-          flex-direction: column;
-          align-items: center;
-          justify-content: center;
-          height: 100%;
-          min-height: 420px;
-        "
-    >
-        <div class="page-loading-warp">
-            <div class="ant-spin ant-spin-lg ant-spin-spinning">
-            <span class="ant-spin-dot ant-spin-dot-spin">
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-            </span>
-            </div>
-        </div>
-    </div>
-</div>
-<script type="text/javascript" nonce="${nonce}">
-
-</script>
-</body>
-</html>
diff --git a/eiam-protocol/eiam-protocol-saml2/src/main/resources/templates/jwt_redirect.ftlh b/eiam-protocol/eiam-protocol-saml2/src/main/resources/templates/jwt_redirect.ftlh
deleted file mode 100644
index b802a686..00000000
--- a/eiam-protocol/eiam-protocol-saml2/src/main/resources/templates/jwt_redirect.ftlh
+++ /dev/null
@@ -1,198 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <title>Redirecting - TopIAM</title>
-    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
-    <meta name="robots" content="noindex, nofollow, nocache, noarchive"/>
-    <meta
-            name="viewport"
-            content="width=device-width,initial-scale=1,maximum-scale=1,minimum-scale=1,user-scalable=no"
-    />
-</head>
-<style>
-    html,
-    body,
-    #root {
-        height: 100%;
-        margin: 0;
-        padding: 0;
-    }
-
-    #root {
-        background-repeat: no-repeat;
-        background-size: 100% auto;
-    }
-
-    .page-loading-warp {
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        padding: 98px;
-    }
-
-    .ant-spin {
-        position: absolute;
-        display: none;
-        -webkit-box-sizing: border-box;
-        box-sizing: border-box;
-        margin: 0;
-        padding: 0;
-        color: rgba(0, 0, 0, 0.65);
-        color: #1890ff;
-        font-size: 14px;
-        font-variant: tabular-nums;
-        line-height: 1.5;
-        text-align: center;
-        list-style: none;
-        opacity: 0;
-        -webkit-transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        transition: -webkit-transform 0.3s cubic-bezier(0.78, 0.14, 0.15, 0.86);
-        -webkit-font-feature-settings: 'tnum';
-        font-feature-settings: 'tnum';
-    }
-
-    .ant-spin-spinning {
-        position: static;
-        display: inline-block;
-        opacity: 1;
-    }
-
-    .ant-spin-dot {
-        position: relative;
-        display: inline-block;
-        width: 20px;
-        height: 20px;
-        font-size: 20px;
-    }
-
-    .ant-spin-dot-item {
-        position: absolute;
-        display: block;
-        width: 9px;
-        height: 9px;
-        background-color: #1890ff;
-        border-radius: 100%;
-        -webkit-transform: scale(0.75);
-        -ms-transform: scale(0.75);
-        transform: scale(0.75);
-        -webkit-transform-origin: 50% 50%;
-        -ms-transform-origin: 50% 50%;
-        transform-origin: 50% 50%;
-        opacity: 0.3;
-        -webkit-animation: antspinmove 1s infinite linear alternate;
-        animation: antSpinMove 1s infinite linear alternate;
-    }
-
-    .ant-spin-dot-item:nth-child(1) {
-        top: 0;
-        left: 0;
-    }
-
-    .ant-spin-dot-item:nth-child(2) {
-        top: 0;
-        right: 0;
-        -webkit-animation-delay: 0.4s;
-        animation-delay: 0.4s;
-    }
-
-    .ant-spin-dot-item:nth-child(3) {
-        right: 0;
-        bottom: 0;
-        -webkit-animation-delay: 0.8s;
-        animation-delay: 0.8s;
-    }
-
-    .ant-spin-dot-item:nth-child(4) {
-        bottom: 0;
-        left: 0;
-        -webkit-animation-delay: 1.2s;
-        animation-delay: 1.2s;
-    }
-
-    .ant-spin-dot-spin {
-        -webkit-transform: rotate(45deg);
-        -ms-transform: rotate(45deg);
-        transform: rotate(45deg);
-        -webkit-animation: antrotate 1.2s infinite linear;
-        animation: antRotate 1.2s infinite linear;
-    }
-
-    .ant-spin-lg .ant-spin-dot {
-        width: 32px;
-        height: 32px;
-        font-size: 32px;
-    }
-
-    .ant-spin-lg .ant-spin-dot i {
-        width: 14px;
-        height: 14px;
-    }
-
-    @media all and (-ms-high-contrast: none), (-ms-high-contrast: active) {
-        .ant-spin-blur {
-            background: #fff;
-            opacity: 0.5;
-        }
-    }
-
-    @-webkit-keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @keyframes antSpinMove {
-        to {
-            opacity: 1;
-        }
-    }
-
-    @-webkit-keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-
-    @keyframes antRotate {
-        to {
-            -webkit-transform: rotate(405deg);
-            transform: rotate(405deg);
-        }
-    }
-</style>
-<body>
-<noscript>
-    <p>
-        <strong>Note:</strong> Since your browser does not support JavaScript, you must press the
-        Continue button once to proceed.
-    </p>
-</noscript>
-<div id="root">
-    <div
-            style="
-          display: flex;
-          flex-direction: column;
-          align-items: center;
-          justify-content: center;
-          height: 100%;
-          min-height: 420px;
-        "
-    >
-        <div class="page-loading-warp">
-            <div class="ant-spin ant-spin-lg ant-spin-spinning">
-            <span class="ant-spin-dot ant-spin-dot-spin">
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-              <i class="ant-spin-dot-item"></i>
-            </span>
-            </div>
-        </div>
-    </div>
-</div>
-<script type="text/javascript" nonce="${nonce}">
-
-</script>
-</body>
-</html>
diff --git a/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/configuration/IdentitySourceBeanRegistry.java b/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/configuration/IdentitySourceBeanRegistry.java
index 5fbfa96c..ed047b45 100644
--- a/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/configuration/IdentitySourceBeanRegistry.java
+++ b/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/configuration/IdentitySourceBeanRegistry.java
@@ -45,7 +45,7 @@ import com.cronutils.model.CronType;
 import cn.topiam.employee.common.constants.SettingConstants;
 import cn.topiam.employee.common.entity.identitysource.IdentitySourceEntity;
 import cn.topiam.employee.common.enums.TriggerType;
-import cn.topiam.employee.common.enums.identityprovider.IdentitySourceProvider;
+import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider;
 import cn.topiam.employee.common.repository.identitysource.IdentitySourceRepository;
 import cn.topiam.employee.identitysource.core.IdentitySource;
 import cn.topiam.employee.identitysource.core.IdentitySourceConfig;
@@ -69,7 +69,7 @@ import cn.topiam.employee.support.trace.TraceUtils;
 import cn.topiam.employee.synchronizer.task.IdentitySourceSyncTask;
 
 import lombok.extern.slf4j.Slf4j;
-import static cn.topiam.employee.common.enums.identityprovider.IdentitySourceProvider.DINGTALK;
+import static cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider.DINGTALK;
 import static cn.topiam.employee.support.lock.LockAspect.getTopiamLockKeyPrefix;
 import static cn.topiam.employee.synchronizer.configuration.IdentitySourceBeanUtils.getSourceBeanName;
 
diff --git a/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/constants/SynchronizerConstants.java b/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/constants/SynchronizerConstants.java
index 4f61b1df..204a9393 100644
--- a/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/constants/SynchronizerConstants.java
+++ b/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/constants/SynchronizerConstants.java
@@ -30,10 +30,10 @@ public final class SynchronizerConstants {
     /**
      * 同步器事件接收路径
      */
-    public static final String EVENT_PATH         = EiamConstants.API_PATH + "/event";
+    public final static String EVENT_PATH         = EiamConstants.API_PATH + "/event";
 
     /**
      * 同步器事件接收路径
      */
-    public static final String EVENT_RECEIVE_PATH = EVENT_PATH + "/receive";
+    public final static String EVENT_RECEIVE_PATH = EVENT_PATH + "/receive";
 }
diff --git a/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/processor/AbstractIdentitySourcePostProcessor.java b/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/processor/AbstractIdentitySourcePostProcessor.java
index 427c2d7a..8f567957 100644
--- a/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/processor/AbstractIdentitySourcePostProcessor.java
+++ b/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/processor/AbstractIdentitySourcePostProcessor.java
@@ -39,7 +39,7 @@ import cn.topiam.employee.common.enums.DataOrigin;
 import cn.topiam.employee.common.enums.MailType;
 import cn.topiam.employee.common.enums.SmsType;
 import cn.topiam.employee.common.enums.UserStatus;
-import cn.topiam.employee.common.enums.identityprovider.IdentitySourceProvider;
+import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider;
 import cn.topiam.employee.common.repository.identitysource.IdentitySourceRepository;
 import cn.topiam.employee.common.repository.identitysource.IdentitySourceSyncHistoryRepository;
 import cn.topiam.employee.common.repository.identitysource.IdentitySourceSyncRecordRepository;
@@ -55,7 +55,7 @@ import lombok.extern.slf4j.Slf4j;
 import static cn.topiam.employee.common.constants.CommonConstants.SYSTEM_DEFAULT_USER_NAME;
 import static cn.topiam.employee.common.enums.UserStatus.DISABLE;
 import static cn.topiam.employee.common.enums.UserStatus.ENABLE;
-import static cn.topiam.employee.common.enums.identityprovider.IdentitySourceProvider.*;
+import static cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider.*;
 import static cn.topiam.employee.core.message.sms.SmsMsgEventPublish.PASSWORD;
 import static cn.topiam.employee.core.message.sms.SmsMsgEventPublish.USERNAME;
 
diff --git a/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/processor/DefaultIdentitySourceEventPostProcessor.java b/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/processor/DefaultIdentitySourceEventPostProcessor.java
index 18f29cab..7ce9c3d2 100644
--- a/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/processor/DefaultIdentitySourceEventPostProcessor.java
+++ b/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/processor/DefaultIdentitySourceEventPostProcessor.java
@@ -42,7 +42,9 @@ import cn.topiam.employee.common.entity.account.OrganizationMemberEntity;
 import cn.topiam.employee.common.entity.account.UserEntity;
 import cn.topiam.employee.common.entity.identitysource.IdentitySourceEntity;
 import cn.topiam.employee.common.entity.identitysource.IdentitySourceEventRecordEntity;
-import cn.topiam.employee.common.enums.*;
+import cn.topiam.employee.common.enums.OrganizationType;
+import cn.topiam.employee.common.enums.SyncStatus;
+import cn.topiam.employee.common.enums.UserStatus;
 import cn.topiam.employee.common.enums.identitysource.IdentitySourceActionType;
 import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType;
 import cn.topiam.employee.common.repository.account.OrganizationMemberRepository;
diff --git a/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/processor/DefaultIdentitySourceUserPostProcessor.java b/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/processor/DefaultIdentitySourceUserPostProcessor.java
index ac649928..f0b906bb 100644
--- a/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/processor/DefaultIdentitySourceUserPostProcessor.java
+++ b/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/processor/DefaultIdentitySourceUserPostProcessor.java
@@ -116,7 +116,7 @@ public class DefaultIdentitySourceUserPostProcessor extends AbstractIdentitySour
                 //删除用户
                 userRepository.deleteAllById(deleteUserIds);
                 //删除用户详情
-                userDetailRepository.deleteAllByUserId(deleteUserIds);
+                userDetailRepository.deleteAllByUserIds(deleteUserIds);
                 //删除组织用户关联关系
                 organizationMemberRepository.deleteAllByUserId(deleteUserIds);
                 //删除用户组关系