From 0d07c53a284f93c5e41649670a047f2b35078b38 Mon Sep 17 00:00:00 2001
From: b2baccline <23131013+b2baccline@users.noreply.github.com>
Date: Thu, 15 Jul 2021 16:24:15 +0800
Subject: [PATCH] =?UTF-8?q?:recycle:=20ballcat-oauth=20=E6=9B=B4=E5=90=8D?=
 =?UTF-8?q?=E4=B8=BA=20ballcat-auth=EF=BC=8C=E5=B0=86=E6=8E=88=E6=9D=83?=
 =?UTF-8?q?=E7=9B=B8=E5=85=B3=E4=BB=A3=E7=A0=81=E5=89=A5=E7=A6=BB=E3=80=82?=
 =?UTF-8?q?=E6=96=B9=E4=BE=BF=E5=90=8E=E7=BB=AD=E5=B0=86=E6=8E=88=E6=9D=83?=
 =?UTF-8?q?=E6=9C=8D=E5=8A=A1=E5=92=8C=20upms=20=E8=B5=84=E6=BA=90?=
 =?UTF-8?q?=E6=9C=8D=E5=8A=A1=E5=88=86=E5=BC=80=E7=8B=AC=E7=AB=8B=E9=83=A8?=
 =?UTF-8?q?=E7=BD=B2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ballcat-admin/ballcat-admin-core/pom.xml      |  2 +-
 .../ballcat/admin/UpmsAutoConfiguration.java  | 36 ++----------
 .../ballcat-auth-biz}/pom.xml                 |  8 +--
 .../auth}/CaptchaCacheServiceRedisImpl.java   |  2 +-
 .../auth}/CustomAccessTokenConverter.java     |  2 +-
 .../ballcat/auth}/CustomTokenEnhancer.java    |  2 +-
 .../OAuth2AuthorizationServerProperties.java  | 24 ++++++++
 .../auth}/SysUserDetailsServiceImpl.java      |  2 +-
 .../ballcat/auth}/UserInfoCoordinator.java    |  2 +-
 .../EnableOauth2AuthorizationServer.java      | 21 +++++++
 .../AuthorizationAutoConfiguration.java       | 23 ++++++--
 .../AuthorizationFilterConfiguration.java     | 57 +++++++++++++++++++
 .../CustomAuthorizationServerConfigurer.java  | 13 ++---
 .../auth}/filter/LoginCaptchaFilter.java      |  2 +-
 .../filter/LoginPasswordDecoderFilter.java    | 13 +----
 .../mobile/MobileAuthenticationProvider.java  |  2 +-
 .../mobile/MobileAuthenticationToken.java     |  2 +-
 .../auth}/mobile/MobileTokenGranter.java      |  2 +-
 .../ballcat-auth-controller}/pom.xml          | 10 +---
 .../auth}/controller/AuthController.java      |  2 +-
 ...m.anji.captcha.service.CaptchaCacheService |  1 +
 {ballcat-oauth => ballcat-auth}/pom.xml       |  6 +-
 .../ResourceServerAutoConfiguration.java      |  3 +-
 ...rceServerWebSecurityConfigurerAdapter.java |  8 +--
 .../OAuth2ResourceServerProperties.java       | 13 +++++
 .../properties/SecurityProperties.java        | 17 +-----
 ballcat-dependencies/pom.xml                  |  6 +-
 ...m.anji.captcha.service.CaptchaCacheService |  1 -
 .../system/properties/UpmsProperties.java     |  5 --
 .../ballcat-system-controller/pom.xml         |  4 --
 .../system/controller/SysUserController.java  |  2 +-
 pom.xml                                       |  2 +-
 32 files changed, 180 insertions(+), 115 deletions(-)
 rename {ballcat-oauth/ballcat-oauth-biz => ballcat-auth/ballcat-auth-biz}/pom.xml (82%)
 rename {ballcat-oauth/ballcat-oauth-controller/src/main/java/com/hccake/ballcat/oauth => ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth}/CaptchaCacheServiceRedisImpl.java (97%)
 rename {ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth => ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth}/CustomAccessTokenConverter.java (98%)
 rename {ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth => ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth}/CustomTokenEnhancer.java (98%)
 create mode 100644 ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/OAuth2AuthorizationServerProperties.java
 rename {ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth => ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth}/SysUserDetailsServiceImpl.java (98%)
 rename {ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth => ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth}/UserInfoCoordinator.java (95%)
 create mode 100644 ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/annotation/EnableOauth2AuthorizationServer.java
 rename {ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/config => ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/configuration}/AuthorizationAutoConfiguration.java (79%)
 create mode 100644 ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/configuration/AuthorizationFilterConfiguration.java
 rename {ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/config => ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/confogurer}/CustomAuthorizationServerConfigurer.java (90%)
 rename {ballcat-oauth/ballcat-oauth-controller/src/main/java/com/hccake/ballcat/oauth => ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth}/filter/LoginCaptchaFilter.java (98%)
 rename {ballcat-oauth/ballcat-oauth-controller/src/main/java/com/hccake/ballcat/oauth => ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth}/filter/LoginPasswordDecoderFilter.java (85%)
 rename {ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth => ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth}/mobile/MobileAuthenticationProvider.java (97%)
 rename {ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth => ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth}/mobile/MobileAuthenticationToken.java (96%)
 rename {ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth => ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth}/mobile/MobileTokenGranter.java (98%)
 rename {ballcat-oauth/ballcat-oauth-controller => ballcat-auth/ballcat-auth-controller}/pom.xml (85%)
 rename {ballcat-oauth/ballcat-oauth-controller/src/main/java/com/hccake/ballcat/oauth => ballcat-auth/ballcat-auth-controller/src/main/java/com/hccake/ballcat/auth}/controller/AuthController.java (98%)
 create mode 100644 ballcat-auth/ballcat-auth-controller/src/main/resources/META-INF/services/com.anji.captcha.service.CaptchaCacheService
 rename {ballcat-oauth => ballcat-auth}/pom.xml (79%)
 delete mode 100644 ballcat-oauth/ballcat-oauth-biz/src/main/resources/META-INF/services/com.anji.captcha.service.CaptchaCacheService

diff --git a/ballcat-admin/ballcat-admin-core/pom.xml b/ballcat-admin/ballcat-admin-core/pom.xml
index 4aeb7808..77260ee3 100644
--- a/ballcat-admin/ballcat-admin-core/pom.xml
+++ b/ballcat-admin/ballcat-admin-core/pom.xml
@@ -59,7 +59,7 @@
 		</dependency>
         <dependency>
             <groupId>com.hccake</groupId>
-            <artifactId>ballcat-oauth-controller</artifactId>
+            <artifactId>ballcat-auth-controller</artifactId>
         </dependency>
 		<dependency>
 			<groupId>com.hccake</groupId>
diff --git a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/UpmsAutoConfiguration.java b/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/UpmsAutoConfiguration.java
index 430fc6ba..bfb27e9f 100644
--- a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/UpmsAutoConfiguration.java
+++ b/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/UpmsAutoConfiguration.java
@@ -1,18 +1,11 @@
 package com.hccake.ballcat.admin;
 
-import com.anji.captcha.service.CaptchaService;
+import com.hccake.ballcat.auth.annotation.EnableOauth2AuthorizationServer;
 import com.hccake.ballcat.common.security.annotation.EnableOauth2ResourceServer;
-import com.hccake.ballcat.common.security.constant.SecurityConstants;
-import com.hccake.ballcat.oauth.UserInfoCoordinator;
-import com.hccake.ballcat.oauth.filter.LoginCaptchaFilter;
+import com.hccake.ballcat.common.security.properties.SecurityProperties;
 import com.hccake.ballcat.system.properties.UpmsProperties;
 import org.mybatis.spring.annotation.MapperScan;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.boot.web.servlet.FilterRegistrationBean;
-import org.springframework.boot.web.servlet.ServletComponentScan;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 
@@ -22,31 +15,12 @@ import org.springframework.context.annotation.Configuration;
  * @date 2020/5/25 21:01
  */
 @MapperScan("com.hccake.ballcat.**.mapper")
-@ComponentScan({ "com.hccake.ballcat.admin", "com.hccake.ballcat.oauth", "com.hccake.ballcat.system",
+@ComponentScan({ "com.hccake.ballcat.admin", "com.hccake.ballcat.auth", "com.hccake.ballcat.system",
 		"com.hccake.ballcat.log", "com.hccake.ballcat.file", "com.hccake.ballcat.notify" })
-@ServletComponentScan("com.hccake.ballcat.oauth.filter")
 @Configuration(proxyBeanMethods = false)
-@EnableConfigurationProperties(UpmsProperties.class)
+@EnableConfigurationProperties({ UpmsProperties.class, SecurityProperties.class })
+@EnableOauth2AuthorizationServer
 @EnableOauth2ResourceServer
 public class UpmsAutoConfiguration {
 
-	@Bean
-	@ConditionalOnMissingBean
-	public UserInfoCoordinator userInfoCoordinator() {
-		return new UserInfoCoordinator();
-	}
-
-	@Bean
-	@ConditionalOnProperty(prefix = "ballcat.upms", name = "loginCaptchaEnabled", havingValue = "true",
-			matchIfMissing = true)
-	public FilterRegistrationBean<LoginCaptchaFilter> filterRegistrationBean(CaptchaService captchaService) {
-		FilterRegistrationBean<LoginCaptchaFilter> bean = new FilterRegistrationBean<>();
-		LoginCaptchaFilter filter = new LoginCaptchaFilter(captchaService);
-		bean.setFilter(filter);
-		// 比密码解密早一步
-		bean.setOrder(-1);
-		bean.addUrlPatterns(SecurityConstants.LOGIN_URL);
-		return bean;
-	}
-
 }
diff --git a/ballcat-oauth/ballcat-oauth-biz/pom.xml b/ballcat-auth/ballcat-auth-biz/pom.xml
similarity index 82%
rename from ballcat-oauth/ballcat-oauth-biz/pom.xml
rename to ballcat-auth/ballcat-auth-biz/pom.xml
index bdf34418..eb1683cf 100644
--- a/ballcat-oauth/ballcat-oauth-biz/pom.xml
+++ b/ballcat-auth/ballcat-auth-biz/pom.xml
@@ -3,21 +3,21 @@
 		 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 		 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<parent>
-		<artifactId>ballcat-oauth</artifactId>
+		<artifactId>ballcat-auth</artifactId>
 		<groupId>com.hccake</groupId>
 		<version>${revision}</version>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
 
-	<artifactId>ballcat-oauth-biz</artifactId>
+	<artifactId>ballcat-auth-biz</artifactId>
 	<dependencies>
 		<dependency>
 			<groupId>com.hccake</groupId>
 			<artifactId>ballcat-system-biz</artifactId>
 		</dependency>
 		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot</artifactId>
+			<groupId>com.anji-plus</groupId>
+			<artifactId>captcha</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
diff --git a/ballcat-oauth/ballcat-oauth-controller/src/main/java/com/hccake/ballcat/oauth/CaptchaCacheServiceRedisImpl.java b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/CaptchaCacheServiceRedisImpl.java
similarity index 97%
rename from ballcat-oauth/ballcat-oauth-controller/src/main/java/com/hccake/ballcat/oauth/CaptchaCacheServiceRedisImpl.java
rename to ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/CaptchaCacheServiceRedisImpl.java
index a4a714e8..6c51feca 100644
--- a/ballcat-oauth/ballcat-oauth-controller/src/main/java/com/hccake/ballcat/oauth/CaptchaCacheServiceRedisImpl.java
+++ b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/CaptchaCacheServiceRedisImpl.java
@@ -1,4 +1,4 @@
-package com.hccake.ballcat.oauth;
+package com.hccake.ballcat.auth;
 
 import com.anji.captcha.service.CaptchaCacheService;
 import org.springframework.beans.factory.annotation.Autowired;
diff --git a/ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/CustomAccessTokenConverter.java b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/CustomAccessTokenConverter.java
similarity index 98%
rename from ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/CustomAccessTokenConverter.java
rename to ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/CustomAccessTokenConverter.java
index c0cedb33..099e49fb 100644
--- a/ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/CustomAccessTokenConverter.java
+++ b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/CustomAccessTokenConverter.java
@@ -1,4 +1,4 @@
-package com.hccake.ballcat.oauth;
+package com.hccake.ballcat.auth;
 
 import cn.hutool.core.collection.CollectionUtil;
 import com.hccake.ballcat.common.security.userdetails.User;
diff --git a/ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/CustomTokenEnhancer.java b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/CustomTokenEnhancer.java
similarity index 98%
rename from ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/CustomTokenEnhancer.java
rename to ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/CustomTokenEnhancer.java
index 07a1aece..23a78598 100644
--- a/ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/CustomTokenEnhancer.java
+++ b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/CustomTokenEnhancer.java
@@ -1,4 +1,4 @@
-package com.hccake.ballcat.oauth;
+package com.hccake.ballcat.auth;
 
 import com.hccake.ballcat.common.security.constant.TokenAttributeNameConstants;
 import com.hccake.ballcat.common.security.userdetails.User;
diff --git a/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/OAuth2AuthorizationServerProperties.java b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/OAuth2AuthorizationServerProperties.java
new file mode 100644
index 00000000..af8bd738
--- /dev/null
+++ b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/OAuth2AuthorizationServerProperties.java
@@ -0,0 +1,24 @@
+package com.hccake.ballcat.auth;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+/**
+ * 授权服务器的配置文件
+ *
+ * @author hccake
+ */
+@Getter
+@Setter
+@ConfigurationProperties(prefix = OAuth2AuthorizationServerProperties.PREFIX)
+public class OAuth2AuthorizationServerProperties {
+
+	public static final String PREFIX = "ballcat.security.oauth2.authorizationserver";
+
+	/**
+	 * 登陆验证码开关
+	 */
+	private boolean loginCaptchaEnabled = true;
+
+}
diff --git a/ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/SysUserDetailsServiceImpl.java b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/SysUserDetailsServiceImpl.java
similarity index 98%
rename from ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/SysUserDetailsServiceImpl.java
rename to ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/SysUserDetailsServiceImpl.java
index 8aede1cb..044b9559 100644
--- a/ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/SysUserDetailsServiceImpl.java
+++ b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/SysUserDetailsServiceImpl.java
@@ -1,4 +1,4 @@
-package com.hccake.ballcat.oauth;
+package com.hccake.ballcat.auth;
 
 import cn.hutool.core.collection.CollectionUtil;
 import com.hccake.ballcat.common.security.constant.TokenAttributeNameConstants;
diff --git a/ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/UserInfoCoordinator.java b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/UserInfoCoordinator.java
similarity index 95%
rename from ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/UserInfoCoordinator.java
rename to ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/UserInfoCoordinator.java
index 082f9def..683fd2df 100644
--- a/ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/UserInfoCoordinator.java
+++ b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/UserInfoCoordinator.java
@@ -1,4 +1,4 @@
-package com.hccake.ballcat.oauth;
+package com.hccake.ballcat.auth;
 
 import com.hccake.ballcat.system.model.entity.SysUser;
 
diff --git a/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/annotation/EnableOauth2AuthorizationServer.java b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/annotation/EnableOauth2AuthorizationServer.java
new file mode 100644
index 00000000..8796fd54
--- /dev/null
+++ b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/annotation/EnableOauth2AuthorizationServer.java
@@ -0,0 +1,21 @@
+package com.hccake.ballcat.auth.annotation;
+
+import com.hccake.ballcat.auth.configuration.AuthorizationAutoConfiguration;
+import org.springframework.context.annotation.Import;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+
+import java.lang.annotation.*;
+
+/**
+ * 开启 Oauth2 授权服务器
+ * @author hccake
+ */
+@Target({ ElementType.TYPE })
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+@Inherited
+@Import({ AuthorizationAutoConfiguration.class })
+@EnableAuthorizationServer
+public @interface EnableOauth2AuthorizationServer {
+
+}
diff --git a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/config/AuthorizationAutoConfiguration.java b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/configuration/AuthorizationAutoConfiguration.java
similarity index 79%
rename from ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/config/AuthorizationAutoConfiguration.java
rename to ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/configuration/AuthorizationAutoConfiguration.java
index 5a36703d..ae514b56 100644
--- a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/config/AuthorizationAutoConfiguration.java
+++ b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/configuration/AuthorizationAutoConfiguration.java
@@ -1,5 +1,9 @@
-package com.hccake.ballcat.admin.config;
+package com.hccake.ballcat.auth.configuration;
 
+import com.hccake.ballcat.auth.CustomTokenEnhancer;
+import com.hccake.ballcat.auth.OAuth2AuthorizationServerProperties;
+import com.hccake.ballcat.auth.UserInfoCoordinator;
+import com.hccake.ballcat.auth.confogurer.CustomAuthorizationServerConfigurer;
 import com.hccake.ballcat.common.redis.config.CachePropertiesHolder;
 import com.hccake.ballcat.common.security.component.CustomRedisTokenStore;
 import com.hccake.ballcat.common.security.constant.SecurityConstants;
@@ -7,12 +11,11 @@ import com.hccake.ballcat.common.security.exception.CustomAuthenticationEntryPoi
 import com.hccake.ballcat.common.security.exception.CustomWebResponseExceptionTranslator;
 import com.hccake.ballcat.common.security.properties.SecurityProperties;
 import com.hccake.ballcat.common.security.util.PasswordUtils;
-import com.hccake.ballcat.oauth.CustomTokenEnhancer;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.DependsOn;
+import org.springframework.context.annotation.Import;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
@@ -26,8 +29,8 @@ import org.springframework.security.web.AuthenticationEntryPoint;
  *
  * @author hccake
  */
-@Configuration(proxyBeanMethods = false)
-@EnableConfigurationProperties(SecurityProperties.class)
+@Import({ CustomAuthorizationServerConfigurer.class, AuthorizationFilterConfiguration.class })
+@EnableConfigurationProperties({ SecurityProperties.class, OAuth2AuthorizationServerProperties.class })
 public class AuthorizationAutoConfiguration {
 
 	/**
@@ -83,4 +86,14 @@ public class AuthorizationAutoConfiguration {
 		return new CustomAuthenticationEntryPoint();
 	}
 
+	/**
+	 * 用户信息协调者
+	 * @return UserInfoCoordinator
+	 */
+	@Bean
+	@ConditionalOnMissingBean
+	public UserInfoCoordinator userInfoCoordinator() {
+		return new UserInfoCoordinator();
+	}
+
 }
diff --git a/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/configuration/AuthorizationFilterConfiguration.java b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/configuration/AuthorizationFilterConfiguration.java
new file mode 100644
index 00000000..1d950cc7
--- /dev/null
+++ b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/configuration/AuthorizationFilterConfiguration.java
@@ -0,0 +1,57 @@
+package com.hccake.ballcat.auth.configuration;
+
+import com.anji.captcha.service.CaptchaService;
+import com.hccake.ballcat.auth.OAuth2AuthorizationServerProperties;
+import com.hccake.ballcat.auth.filter.LoginCaptchaFilter;
+import com.hccake.ballcat.auth.filter.LoginPasswordDecoderFilter;
+import com.hccake.ballcat.common.security.constant.SecurityConstants;
+import com.hccake.ballcat.common.security.properties.SecurityProperties;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * 授权服务器用到的一些过滤器
+ *
+ * @author hccake
+ */
+@Configuration(proxyBeanMethods = false)
+public class AuthorizationFilterConfiguration {
+
+	/**
+	 * password 模式下，密码入参要求 AES 加密。 在进入令牌端点前，通过过滤器进行解密处理。
+	 * @param securityProperties 安全配置相关
+	 * @return FilterRegistrationBean<LoginPasswordDecoderFilter>
+	 */
+	@Bean
+	@ConditionalOnProperty(prefix = SecurityProperties.PREFIX, name = "password-secret-key")
+	public FilterRegistrationBean<LoginPasswordDecoderFilter> loginPasswordDecoderFilter(
+			SecurityProperties securityProperties) {
+		FilterRegistrationBean<LoginPasswordDecoderFilter> bean = new FilterRegistrationBean<>();
+		LoginPasswordDecoderFilter filter = new LoginPasswordDecoderFilter(securityProperties.getPasswordSecretKey());
+		bean.setFilter(filter);
+		bean.setOrder(0);
+		bean.addUrlPatterns(SecurityConstants.LOGIN_URL);
+		return bean;
+	}
+
+	/**
+	 * 登录验证码拦截判断
+	 * @param captchaService 验证码处理类
+	 * @return FilterRegistrationBean<LoginCaptchaFilter>
+	 */
+	@Bean
+	@ConditionalOnProperty(prefix = OAuth2AuthorizationServerProperties.PREFIX, name = "login-captcha-enabled",
+			havingValue = "true", matchIfMissing = true)
+	public FilterRegistrationBean<LoginCaptchaFilter> loginCaptchaFilter(CaptchaService captchaService) {
+		FilterRegistrationBean<LoginCaptchaFilter> bean = new FilterRegistrationBean<>();
+		LoginCaptchaFilter filter = new LoginCaptchaFilter(captchaService);
+		bean.setFilter(filter);
+		// 比密码解密早一步
+		bean.setOrder(-1);
+		bean.addUrlPatterns(SecurityConstants.LOGIN_URL);
+		return bean;
+	}
+
+}
diff --git a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/config/CustomAuthorizationServerConfigurer.java b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/confogurer/CustomAuthorizationServerConfigurer.java
similarity index 90%
rename from ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/config/CustomAuthorizationServerConfigurer.java
rename to ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/confogurer/CustomAuthorizationServerConfigurer.java
index e2195239..4aa2c97d 100644
--- a/ballcat-admin/ballcat-admin-core/src/main/java/com/hccake/ballcat/admin/config/CustomAuthorizationServerConfigurer.java
+++ b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/confogurer/CustomAuthorizationServerConfigurer.java
@@ -1,8 +1,8 @@
-package com.hccake.ballcat.admin.config;
+package com.hccake.ballcat.auth.confogurer;
 
-import com.hccake.ballcat.oauth.CustomAccessTokenConverter;
-import com.hccake.ballcat.oauth.SysUserDetailsServiceImpl;
-import com.hccake.ballcat.oauth.mobile.MobileTokenGranter;
+import com.hccake.ballcat.auth.CustomAccessTokenConverter;
+import com.hccake.ballcat.auth.SysUserDetailsServiceImpl;
+import com.hccake.ballcat.auth.mobile.MobileTokenGranter;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
@@ -12,7 +12,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer;
-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
 import org.springframework.security.oauth2.provider.CompositeTokenGranter;
@@ -32,10 +31,6 @@ import java.util.List;
  * @version 1.0
  * @date 2019/9/27 16:14 OAuth2 授权服务器配置
  */
-@Configuration(proxyBeanMethods = false)
-@EnableAuthorizationServer
-// @Import({ AuthorizationServerEndpointsConfiguration.class,
-// AuthorizationServerSecurityConfiguration.class })
 @RequiredArgsConstructor
 public class CustomAuthorizationServerConfigurer implements AuthorizationServerConfigurer {
 
diff --git a/ballcat-oauth/ballcat-oauth-controller/src/main/java/com/hccake/ballcat/oauth/filter/LoginCaptchaFilter.java b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/filter/LoginCaptchaFilter.java
similarity index 98%
rename from ballcat-oauth/ballcat-oauth-controller/src/main/java/com/hccake/ballcat/oauth/filter/LoginCaptchaFilter.java
rename to ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/filter/LoginCaptchaFilter.java
index 8b2beb24..9b4d9189 100644
--- a/ballcat-oauth/ballcat-oauth-controller/src/main/java/com/hccake/ballcat/oauth/filter/LoginCaptchaFilter.java
+++ b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/filter/LoginCaptchaFilter.java
@@ -1,4 +1,4 @@
-package com.hccake.ballcat.oauth.filter;
+package com.hccake.ballcat.auth.filter;
 
 import com.anji.captcha.model.common.ResponseModel;
 import com.anji.captcha.model.vo.CaptchaVO;
diff --git a/ballcat-oauth/ballcat-oauth-controller/src/main/java/com/hccake/ballcat/oauth/filter/LoginPasswordDecoderFilter.java b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/filter/LoginPasswordDecoderFilter.java
similarity index 85%
rename from ballcat-oauth/ballcat-oauth-controller/src/main/java/com/hccake/ballcat/oauth/filter/LoginPasswordDecoderFilter.java
rename to ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/filter/LoginPasswordDecoderFilter.java
index 0a196834..dbf4a472 100644
--- a/ballcat-oauth/ballcat-oauth-controller/src/main/java/com/hccake/ballcat/oauth/filter/LoginPasswordDecoderFilter.java
+++ b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/filter/LoginPasswordDecoderFilter.java
@@ -1,23 +1,19 @@
-package com.hccake.ballcat.oauth.filter;
+package com.hccake.ballcat.auth.filter;
 
 import com.hccake.ballcat.common.core.request.wrapper.ModifyParamMapRequestWrapper;
 import com.hccake.ballcat.common.model.result.R;
 import com.hccake.ballcat.common.model.result.SystemResultCode;
-import com.hccake.ballcat.common.security.constant.SecurityConstants;
-import com.hccake.ballcat.common.util.JsonUtils;
 import com.hccake.ballcat.common.security.util.PasswordUtils;
-import com.hccake.ballcat.common.security.properties.SecurityProperties;
 import com.hccake.ballcat.common.security.util.SecurityUtils;
+import com.hccake.ballcat.common.util.JsonUtils;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
-import javax.servlet.annotation.WebFilter;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
@@ -30,12 +26,10 @@ import java.util.Map;
  * @date 2019/9/28 16:57 前端传递过来的加密密码，需要在登陆之前先解密
  */
 @Slf4j
-@Order(0)
-@WebFilter(urlPatterns = { SecurityConstants.LOGIN_URL })
 @RequiredArgsConstructor
 public class LoginPasswordDecoderFilter extends OncePerRequestFilter {
 
-	private final SecurityProperties securityProperties;
+	private final String passwordSecretKey;
 
 	private static final String PASSWORD = "password";
 
@@ -46,7 +40,6 @@ public class LoginPasswordDecoderFilter extends OncePerRequestFilter {
 			throws ServletException, IOException {
 
 		// 未配置密码密钥时，直接跳过
-		String passwordSecretKey = securityProperties.getPasswordSecretKey();
 		if (passwordSecretKey == null) {
 			log.warn("passwordSecretKey not configured, skip password decoder");
 			filterChain.doFilter(request, response);
diff --git a/ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/mobile/MobileAuthenticationProvider.java b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/mobile/MobileAuthenticationProvider.java
similarity index 97%
rename from ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/mobile/MobileAuthenticationProvider.java
rename to ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/mobile/MobileAuthenticationProvider.java
index d9ed0444..97d82af3 100644
--- a/ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/mobile/MobileAuthenticationProvider.java
+++ b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/mobile/MobileAuthenticationProvider.java
@@ -1,4 +1,4 @@
-package com.hccake.ballcat.oauth.mobile;
+package com.hccake.ballcat.auth.mobile;
 
 import lombok.Getter;
 import lombok.Setter;
diff --git a/ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/mobile/MobileAuthenticationToken.java b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/mobile/MobileAuthenticationToken.java
similarity index 96%
rename from ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/mobile/MobileAuthenticationToken.java
rename to ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/mobile/MobileAuthenticationToken.java
index 88c7cd29..c6b3759f 100644
--- a/ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/mobile/MobileAuthenticationToken.java
+++ b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/mobile/MobileAuthenticationToken.java
@@ -1,4 +1,4 @@
-package com.hccake.ballcat.oauth.mobile;
+package com.hccake.ballcat.auth.mobile;
 
 import lombok.SneakyThrows;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
diff --git a/ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/mobile/MobileTokenGranter.java b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/mobile/MobileTokenGranter.java
similarity index 98%
rename from ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/mobile/MobileTokenGranter.java
rename to ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/mobile/MobileTokenGranter.java
index 71aa6f5f..60fb499b 100644
--- a/ballcat-oauth/ballcat-oauth-biz/src/main/java/com/hccake/ballcat/oauth/mobile/MobileTokenGranter.java
+++ b/ballcat-auth/ballcat-auth-biz/src/main/java/com/hccake/ballcat/auth/mobile/MobileTokenGranter.java
@@ -1,4 +1,4 @@
-package com.hccake.ballcat.oauth.mobile;
+package com.hccake.ballcat.auth.mobile;
 
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.core.Authentication;
diff --git a/ballcat-oauth/ballcat-oauth-controller/pom.xml b/ballcat-auth/ballcat-auth-controller/pom.xml
similarity index 85%
rename from ballcat-oauth/ballcat-oauth-controller/pom.xml
rename to ballcat-auth/ballcat-auth-controller/pom.xml
index 80ee3b72..c9c4c0ec 100644
--- a/ballcat-oauth/ballcat-oauth-controller/pom.xml
+++ b/ballcat-auth/ballcat-auth-controller/pom.xml
@@ -3,13 +3,13 @@
 		 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 		 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<parent>
-		<artifactId>ballcat-oauth</artifactId>
+		<artifactId>ballcat-auth</artifactId>
 		<groupId>com.hccake</groupId>
 		<version>${revision}</version>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
 
-	<artifactId>ballcat-oauth-controller</artifactId>
+	<artifactId>ballcat-auth-controller</artifactId>
 	<dependencies>
 		<dependency>
 			<groupId>com.hccake</groupId>
@@ -29,7 +29,7 @@
 		</dependency>
 		<dependency>
 			<groupId>com.hccake</groupId>
-			<artifactId>ballcat-oauth-biz</artifactId>
+			<artifactId>ballcat-auth-biz</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
@@ -39,10 +39,6 @@
 			<groupId>org.springframework.security.oauth</groupId>
 			<artifactId>spring-security-oauth2</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>com.anji-plus</groupId>
-			<artifactId>captcha</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>org.springframework.data</groupId>
 			<artifactId>spring-data-redis</artifactId>
diff --git a/ballcat-oauth/ballcat-oauth-controller/src/main/java/com/hccake/ballcat/oauth/controller/AuthController.java b/ballcat-auth/ballcat-auth-controller/src/main/java/com/hccake/ballcat/auth/controller/AuthController.java
similarity index 98%
rename from ballcat-oauth/ballcat-oauth-controller/src/main/java/com/hccake/ballcat/oauth/controller/AuthController.java
rename to ballcat-auth/ballcat-auth-controller/src/main/java/com/hccake/ballcat/auth/controller/AuthController.java
index 3dda1673..56ce9a98 100644
--- a/ballcat-oauth/ballcat-oauth-controller/src/main/java/com/hccake/ballcat/oauth/controller/AuthController.java
+++ b/ballcat-auth/ballcat-auth-controller/src/main/java/com/hccake/ballcat/auth/controller/AuthController.java
@@ -1,4 +1,4 @@
-package com.hccake.ballcat.oauth.controller;
+package com.hccake.ballcat.auth.controller;
 
 import cn.hutool.core.util.StrUtil;
 import com.hccake.ballcat.common.model.result.R;
diff --git a/ballcat-auth/ballcat-auth-controller/src/main/resources/META-INF/services/com.anji.captcha.service.CaptchaCacheService b/ballcat-auth/ballcat-auth-controller/src/main/resources/META-INF/services/com.anji.captcha.service.CaptchaCacheService
new file mode 100644
index 00000000..a18468ce
--- /dev/null
+++ b/ballcat-auth/ballcat-auth-controller/src/main/resources/META-INF/services/com.anji.captcha.service.CaptchaCacheService
@@ -0,0 +1 @@
+com.hccake.ballcat.auth.CaptchaCacheServiceRedisImpl
\ No newline at end of file
diff --git a/ballcat-oauth/pom.xml b/ballcat-auth/pom.xml
similarity index 79%
rename from ballcat-oauth/pom.xml
rename to ballcat-auth/pom.xml
index 5a0b2f90..d220e16e 100644
--- a/ballcat-oauth/pom.xml
+++ b/ballcat-auth/pom.xml
@@ -9,12 +9,12 @@
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
 
-	<artifactId>ballcat-oauth</artifactId>
+	<artifactId>ballcat-auth</artifactId>
 	<packaging>pom</packaging>
 
 	<modules>
-		<module>ballcat-oauth-biz</module>
-		<module>ballcat-oauth-controller</module>
+		<module>ballcat-auth-biz</module>
+		<module>ballcat-auth-controller</module>
 	</modules>
 
 </project>
\ No newline at end of file
diff --git a/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/ResourceServerAutoConfiguration.java b/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/ResourceServerAutoConfiguration.java
index 2968c2c5..9102e97d 100644
--- a/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/ResourceServerAutoConfiguration.java
+++ b/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/ResourceServerAutoConfiguration.java
@@ -3,7 +3,6 @@ package com.hccake.ballcat.common.security.oauth2.server.resource;
 import com.hccake.ballcat.common.security.component.CustomPermissionEvaluator;
 import com.hccake.ballcat.common.security.exception.CustomAuthenticationEntryPoint;
 import com.hccake.ballcat.common.security.properties.OAuth2ResourceServerProperties;
-import com.hccake.ballcat.common.security.properties.SecurityProperties;
 import lombok.RequiredArgsConstructor;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -25,7 +24,7 @@ import org.springframework.security.web.AuthenticationEntryPoint;
 @RequiredArgsConstructor
 @Configuration(proxyBeanMethods = false)
 @EnableGlobalMethodSecurity(prePostEnabled = true)
-@EnableConfigurationProperties({ SecurityProperties.class, OAuth2ResourceServerProperties.class })
+@EnableConfigurationProperties(OAuth2ResourceServerProperties.class)
 @Import(ResourceServerWebSecurityConfigurerAdapter.class)
 public class ResourceServerAutoConfiguration {
 
diff --git a/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/ResourceServerWebSecurityConfigurerAdapter.java b/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/ResourceServerWebSecurityConfigurerAdapter.java
index 9b388772..1ec65134 100644
--- a/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/ResourceServerWebSecurityConfigurerAdapter.java
+++ b/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/oauth2/server/resource/ResourceServerWebSecurityConfigurerAdapter.java
@@ -1,7 +1,7 @@
 package com.hccake.ballcat.common.security.oauth2.server.resource;
 
 import cn.hutool.core.util.ArrayUtil;
-import com.hccake.ballcat.common.security.properties.SecurityProperties;
+import com.hccake.ballcat.common.security.properties.OAuth2ResourceServerProperties;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
@@ -26,7 +26,7 @@ import org.springframework.security.web.AuthenticationEntryPoint;
 @RequiredArgsConstructor
 public class ResourceServerWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
 
-	private final SecurityProperties securityProperties;
+	private final OAuth2ResourceServerProperties oAuth2ResourceServerProperties;
 
 	private final OpaqueTokenAuthenticationProvider opaqueTokenAuthenticationProvider;
 
@@ -55,7 +55,7 @@ public class ResourceServerWebSecurityConfigurerAdapter extends WebSecurityConfi
 			// 拦截 url 配置
 			.and()
 				.authorizeRequests()
-				.antMatchers(ArrayUtil.toArray(securityProperties.getIgnoreUrls(), String.class))
+				.antMatchers(ArrayUtil.toArray(oAuth2ResourceServerProperties.getIgnoreUrls(), String.class))
 				.permitAll()
 				.anyRequest().authenticated()
 
@@ -74,7 +74,7 @@ public class ResourceServerWebSecurityConfigurerAdapter extends WebSecurityConfi
 		// @formatter:on
 
 		// 允许嵌入iframe
-		if (!securityProperties.isIframeDeny()) {
+		if (!oAuth2ResourceServerProperties.isIframeDeny()) {
 			http.headers().frameOptions().disable();
 		}
 	}
diff --git a/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/properties/OAuth2ResourceServerProperties.java b/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/properties/OAuth2ResourceServerProperties.java
index add7445f..f29a3e37 100644
--- a/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/properties/OAuth2ResourceServerProperties.java
+++ b/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/properties/OAuth2ResourceServerProperties.java
@@ -4,6 +4,9 @@ import lombok.Getter;
 import lombok.Setter;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 
+import java.util.ArrayList;
+import java.util.List;
+
 /**
  * 资源服务器的配置文件，用于配置 token 鉴定方式。由于目前 ballcat 授权服务器使用 不透明令牌，所以这里也暂时不做 jwt令牌支持的扩展
  *
@@ -15,6 +18,16 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
 @ConfigurationProperties(prefix = "ballcat.security.oauth2.resourceserver")
 public class OAuth2ResourceServerProperties {
 
+	/**
+	 * 忽略鉴权的 url 列表
+	 */
+	private List<String> ignoreUrls = new ArrayList<>();
+
+	/**
+	 * 是否禁止嵌入iframe
+	 */
+	private boolean iframeDeny = true;
+
 	/**
 	 * 共享存储的token，这种情况下，利用 tokenStore 可以直接获取 token 信息
 	 */
diff --git a/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/properties/SecurityProperties.java b/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/properties/SecurityProperties.java
index c5896e00..adc6989c 100644
--- a/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/properties/SecurityProperties.java
+++ b/ballcat-common/ballcat-common-security/src/main/java/com/hccake/ballcat/common/security/properties/SecurityProperties.java
@@ -4,9 +4,6 @@ import lombok.Getter;
 import lombok.Setter;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 
-import java.util.ArrayList;
-import java.util.List;
-
 /**
  * @author Hccake
  * @version 1.0
@@ -14,22 +11,14 @@ import java.util.List;
  */
 @Getter
 @Setter
-@ConfigurationProperties(prefix = "ballcat.security")
+@ConfigurationProperties(prefix = SecurityProperties.PREFIX)
 public class SecurityProperties {
 
+	public static final String PREFIX = "ballcat.security";
+
 	/**
 	 * 前后端交互使用的对称加密算法的密钥，必须 16 位字符
 	 */
 	private String passwordSecretKey;
 
-	/**
-	 * 忽略鉴权的 url 列表
-	 */
-	private List<String> ignoreUrls = new ArrayList<>();
-
-	/**
-	 * 是否禁止嵌入iframe
-	 */
-	private boolean iframeDeny = true;
-
 }
diff --git a/ballcat-dependencies/pom.xml b/ballcat-dependencies/pom.xml
index 95398a89..d94d0ae1 100644
--- a/ballcat-dependencies/pom.xml
+++ b/ballcat-dependencies/pom.xml
@@ -292,15 +292,15 @@
 				<artifactId>ballcat-system-model</artifactId>
 				<version>${revision}</version>
 			</dependency>
-			<!-- oauth 授权模块 -->
+			<!-- auth 授权模块 -->
 			<dependency>
 				<groupId>com.hccake</groupId>
-				<artifactId>ballcat-oauth-controller</artifactId>
+				<artifactId>ballcat-auth-controller</artifactId>
 				<version>${revision}</version>
 			</dependency>
 			<dependency>
 				<groupId>com.hccake</groupId>
-				<artifactId>ballcat-oauth-biz</artifactId>
+				<artifactId>ballcat-auth-biz</artifactId>
 				<version>${revision}</version>
 			</dependency>
 			<!-- notify 通知模块 -->
diff --git a/ballcat-oauth/ballcat-oauth-biz/src/main/resources/META-INF/services/com.anji.captcha.service.CaptchaCacheService b/ballcat-oauth/ballcat-oauth-biz/src/main/resources/META-INF/services/com.anji.captcha.service.CaptchaCacheService
deleted file mode 100644
index b1e7ba85..00000000
--- a/ballcat-oauth/ballcat-oauth-biz/src/main/resources/META-INF/services/com.anji.captcha.service.CaptchaCacheService
+++ /dev/null
@@ -1 +0,0 @@
-com.hccake.ballcat.oauth.CaptchaCacheServiceRedisImpl
\ No newline at end of file
diff --git a/ballcat-system/ballcat-system-biz/src/main/java/com/hccake/ballcat/system/properties/UpmsProperties.java b/ballcat-system/ballcat-system-biz/src/main/java/com/hccake/ballcat/system/properties/UpmsProperties.java
index b31e4f13..62ed4592 100644
--- a/ballcat-system/ballcat-system-biz/src/main/java/com/hccake/ballcat/system/properties/UpmsProperties.java
+++ b/ballcat-system/ballcat-system-biz/src/main/java/com/hccake/ballcat/system/properties/UpmsProperties.java
@@ -15,11 +15,6 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
 @ConfigurationProperties(prefix = "ballcat.upms")
 public class UpmsProperties {
 
-	/**
-	 * 登陆验证码开关
-	 */
-	private boolean loginCaptchaEnabled = true;
-
 	/**
 	 * 超级管理员的配置
 	 */
diff --git a/ballcat-system/ballcat-system-controller/pom.xml b/ballcat-system/ballcat-system-controller/pom.xml
index 4fd2c818..0339ceb9 100644
--- a/ballcat-system/ballcat-system-controller/pom.xml
+++ b/ballcat-system/ballcat-system-controller/pom.xml
@@ -16,10 +16,6 @@
 			<groupId>com.hccake</groupId>
 			<artifactId>ballcat-system-biz</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>com.hccake</groupId>
-			<artifactId>ballcat-oauth-biz</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>com.hccake</groupId>
 			<artifactId>ballcat-spring-boot-starter-log</artifactId>
diff --git a/ballcat-system/ballcat-system-controller/src/main/java/com/hccake/ballcat/system/controller/SysUserController.java b/ballcat-system/ballcat-system-controller/src/main/java/com/hccake/ballcat/system/controller/SysUserController.java
index ed6b594f..726d01fa 100644
--- a/ballcat-system/ballcat-system-controller/src/main/java/com/hccake/ballcat/system/controller/SysUserController.java
+++ b/ballcat-system/ballcat-system-controller/src/main/java/com/hccake/ballcat/system/controller/SysUserController.java
@@ -10,8 +10,8 @@ import com.hccake.ballcat.common.model.domain.SelectData;
 import com.hccake.ballcat.common.model.result.BaseResultCode;
 import com.hccake.ballcat.common.model.result.R;
 import com.hccake.ballcat.common.model.result.SystemResultCode;
-import com.hccake.ballcat.common.security.util.PasswordUtils;
 import com.hccake.ballcat.common.security.properties.SecurityProperties;
+import com.hccake.ballcat.common.security.util.PasswordUtils;
 import com.hccake.ballcat.system.constant.SysUserConst;
 import com.hccake.ballcat.system.converter.SysUserConverter;
 import com.hccake.ballcat.system.model.dto.SysUserDTO;
diff --git a/pom.xml b/pom.xml
index 3f161bb9..d62ffe36 100644
--- a/pom.xml
+++ b/pom.xml
@@ -13,7 +13,7 @@
 		<module>ballcat-dependencies</module>
 		<module>ballcat-extends</module>
         <module>ballcat-system</module>
-		<module>ballcat-oauth</module>
+		<module>ballcat-auth</module>
 		<module>ballcat-notify</module>
 		<module>ballcat-log</module>
 	</modules>