diff --git a/lab01/authcode-server/pom.xml b/lab01/authcode-server/pom.xml
index 1f03739..3546d8c 100644
--- a/lab01/authcode-server/pom.xml
+++ b/lab01/authcode-server/pom.xml
@@ -1,5 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 
@@ -14,7 +15,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>1.5.10.RELEASE</version>
+		<version>2.1.5.RELEASE</version>
 		<relativePath /> <!-- lookup parent from repository -->
 	</parent>
 
@@ -22,6 +23,7 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 		<java.version>1.8</java.version>
+		<oauth2.version>2.3.6.RELEASE</oauth2.version>
 	</properties>
 
 	<dependencies>
@@ -38,8 +40,8 @@
 		<dependency>
 			<groupId>org.springframework.security.oauth</groupId>
 			<artifactId>spring-security-oauth2</artifactId>
+			<version>${oauth2.version}</version>
 		</dependency>
-
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>
diff --git a/lab01/authcode-server/src/main/java/META-INF/MANIFEST.MF b/lab01/authcode-server/src/main/java/META-INF/MANIFEST.MF
deleted file mode 100644
index 254272e..0000000
--- a/lab01/authcode-server/src/main/java/META-INF/MANIFEST.MF
+++ /dev/null
@@ -1,3 +0,0 @@
-Manifest-Version: 1.0
-Class-Path: 
-
diff --git a/lab01/authcode-server/src/main/java/io/spring2go/authcodeserver/config/OAuth2AuthorizationServer.java b/lab01/authcode-server/src/main/java/io/spring2go/authcodeserver/config/OAuth2AuthorizationServer.java
index 0802fda..de3aa9b 100644
--- a/lab01/authcode-server/src/main/java/io/spring2go/authcodeserver/config/OAuth2AuthorizationServer.java
+++ b/lab01/authcode-server/src/main/java/io/spring2go/authcodeserver/config/OAuth2AuthorizationServer.java
@@ -1,6 +1,8 @@
 package io.spring2go.authcodeserver.config;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
@@ -8,19 +10,17 @@
 //授权服务器配置
 @Configuration
 @EnableAuthorizationServer
-public class OAuth2AuthorizationServer extends
-        AuthorizationServerConfigurerAdapter {
+public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter {
 
-    @Override
-    public void configure(ClientDetailsServiceConfigurer clients)
-            throws Exception {
-        clients.inMemory()
-            .withClient("clientapp")
-            .secret("112233")
-            .redirectUris("http://localhost:9001/callback")
-            // 授权码模式
-            .authorizedGrantTypes("authorization_code")
-            .scopes("read_userinfo", "read_contacts");
-    }
+	@Autowired
+	private BCryptPasswordEncoder passwordEncoder;
+
+	@Override
+	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+		clients.inMemory().withClient("clientapp").secret(passwordEncoder.encode("112233"))
+				.redirectUris("http://localhost:9001/callback")
+				// 授权码模式
+				.authorizedGrantTypes("authorization_code").scopes("read_userinfo", "read_contacts");
+	}
 
 }
diff --git a/lab01/authcode-server/src/main/java/io/spring2go/authcodeserver/config/SecurityConfig.java b/lab01/authcode-server/src/main/java/io/spring2go/authcodeserver/config/SecurityConfig.java
new file mode 100644
index 0000000..b9ce176
--- /dev/null
+++ b/lab01/authcode-server/src/main/java/io/spring2go/authcodeserver/config/SecurityConfig.java
@@ -0,0 +1,27 @@
+package io.spring2go.authcodeserver.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+@Configuration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+	@Override
+	protected void configure(HttpSecurity http) throws Exception { // @formatter:off
+		http.requestMatchers().antMatchers("/login", "/oauth/authorize").and().authorizeRequests().anyRequest()
+				.authenticated().and().formLogin().permitAll().and().csrf().disable();
+	} // @formatter:on
+
+	@Override
+	protected void configure(AuthenticationManagerBuilder auth) throws Exception { // @formatter:off
+		auth.inMemoryAuthentication().withUser("heshi").password(passwordEncoder().encode("1")).roles("USER");
+	} // @formatter:on
+//
+	@Bean
+	public BCryptPasswordEncoder passwordEncoder() {
+		return new BCryptPasswordEncoder();
+	}
+}
diff --git a/lab01/authcode-server/src/main/resources/application.properties b/lab01/authcode-server/src/main/resources/application.properties
index 4527ec0..4f41cb2 100644
--- a/lab01/authcode-server/src/main/resources/application.properties
+++ b/lab01/authcode-server/src/main/resources/application.properties
@@ -1,3 +1,4 @@
 # Spring Security Setting
-security.user.name=bobo
-security.user.password=xyz
\ No newline at end of file
+spring.security.user.name=heshi
+spring.security.user.password=1
+#server.port=8001
\ No newline at end of file
diff --git a/lab01/client-server/pom.xml b/lab01/client-server/pom.xml
index 19e5d00..a3cc068 100644
--- a/lab01/client-server/pom.xml
+++ b/lab01/client-server/pom.xml
@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>1.5.10.RELEASE</version>
+		<version>2.1.5.RELEASE</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
 
@@ -38,6 +38,7 @@
 		<dependency>
 			<groupId>org.springframework.security.oauth</groupId>
 			<artifactId>spring-security-oauth2</artifactId>
+			<version>2.3.6.RELEASE</version>
 		</dependency>
 
 		<dependency>
diff --git a/lab01/client-server/src/main/java/io/spring2go/clientserver/config/OAuth2AuthorizationServer.java b/lab01/client-server/src/main/java/io/spring2go/clientserver/config/OAuth2AuthorizationServer.java
index 4fd35b5..3234cfa 100644
--- a/lab01/client-server/src/main/java/io/spring2go/clientserver/config/OAuth2AuthorizationServer.java
+++ b/lab01/client-server/src/main/java/io/spring2go/clientserver/config/OAuth2AuthorizationServer.java
@@ -1,6 +1,8 @@
 package io.spring2go.clientserver.config;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
@@ -8,18 +10,16 @@
 // 授权服务器配置
 @Configuration
 @EnableAuthorizationServer
-public class OAuth2AuthorizationServer extends
-        AuthorizationServerConfigurerAdapter {
+public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter {
 
-    @Override
-    public void configure(ClientDetailsServiceConfigurer clients)
-            throws Exception {
-        clients.inMemory()
-            .withClient("clientdevops")
-            // 密码模式
-            .secret("789")
-            .authorizedGrantTypes("client_credentials")
-            .scopes("devops");
-    }
+	@Autowired
+	private BCryptPasswordEncoder passwordEncoder;
+
+	@Override
+	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+		clients.inMemory().withClient("clientdevops")
+				// 密码模式
+				.secret(passwordEncoder.encode("789")).authorizedGrantTypes("client_credentials").scopes("devops");
+	}
 
 }
diff --git a/lab01/client-server/src/main/java/io/spring2go/clientserver/config/SecurityConfig.java b/lab01/client-server/src/main/java/io/spring2go/clientserver/config/SecurityConfig.java
new file mode 100644
index 0000000..a3c29e0
--- /dev/null
+++ b/lab01/client-server/src/main/java/io/spring2go/clientserver/config/SecurityConfig.java
@@ -0,0 +1,14 @@
+package io.spring2go.clientserver.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+@Configuration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+	@Bean
+	public BCryptPasswordEncoder passwordEncoder() {
+		return new BCryptPasswordEncoder();
+	}
+}
diff --git a/lab01/implicit-server/pom.xml b/lab01/implicit-server/pom.xml
index e5e22ef..23d42af 100644
--- a/lab01/implicit-server/pom.xml
+++ b/lab01/implicit-server/pom.xml
@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>1.5.10.RELEASE</version>
+		<version>2.1.5.RELEASE</version>
 		<relativePath /> <!-- lookup parent from repository -->
 	</parent>
 
@@ -38,6 +38,7 @@
 		<dependency>
 			<groupId>org.springframework.security.oauth</groupId>
 			<artifactId>spring-security-oauth2</artifactId>
+			<version>2.3.6.RELEASE</version>
 		</dependency>
 
 		<dependency>
diff --git a/lab01/implicit-server/src/main/java/META-INF/MANIFEST.MF b/lab01/implicit-server/src/main/java/META-INF/MANIFEST.MF
deleted file mode 100644
index 254272e..0000000
--- a/lab01/implicit-server/src/main/java/META-INF/MANIFEST.MF
+++ /dev/null
@@ -1,3 +0,0 @@
-Manifest-Version: 1.0
-Class-Path: 
-
diff --git a/lab01/implicit-server/src/main/java/io/spring2go/implicitserver/config/SecurityConfig.java b/lab01/implicit-server/src/main/java/io/spring2go/implicitserver/config/SecurityConfig.java
new file mode 100644
index 0000000..1f19bda
--- /dev/null
+++ b/lab01/implicit-server/src/main/java/io/spring2go/implicitserver/config/SecurityConfig.java
@@ -0,0 +1,28 @@
+package io.spring2go.implicitserver.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+@Configuration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+	@Override
+	protected void configure(HttpSecurity http) throws Exception { // @formatter:off
+		http.requestMatchers().antMatchers("/login", "/oauth/authorize").and().authorizeRequests().anyRequest()
+				.authenticated().and().formLogin().permitAll().and().csrf().disable();
+	} // @formatter:on
+
+	@Override
+	protected void configure(AuthenticationManagerBuilder auth) throws Exception { // @formatter:off
+		auth.inMemoryAuthentication().withUser("heshi").password(passwordEncoder().encode("1")).roles("USER");
+	} // @formatter:on
+//
+
+	@Bean
+	public BCryptPasswordEncoder passwordEncoder() {
+		return new BCryptPasswordEncoder();
+	}
+}
diff --git a/lab01/implicit-server/src/main/resources/application.properties b/lab01/implicit-server/src/main/resources/application.properties
index 4527ec0..a4d33d3 100644
--- a/lab01/implicit-server/src/main/resources/application.properties
+++ b/lab01/implicit-server/src/main/resources/application.properties
@@ -1,3 +1,3 @@
 # Spring Security Setting
-security.user.name=bobo
-security.user.password=xyz
\ No newline at end of file
+spring.security.user.name=heshi
+spring.security.user.password=1
\ No newline at end of file
diff --git a/lab01/password-server/pom.xml b/lab01/password-server/pom.xml
index 35fe92d..c752cbe 100644
--- a/lab01/password-server/pom.xml
+++ b/lab01/password-server/pom.xml
@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>1.5.10.RELEASE</version>
+		<version>2.1.5.RELEASE</version>
 		<relativePath /> <!-- lookup parent from repository -->
 	</parent>
 
@@ -38,6 +38,7 @@
 		<dependency>
 			<groupId>org.springframework.security.oauth</groupId>
 			<artifactId>spring-security-oauth2</artifactId>
+			<version>2.3.6.RELEASE</version>
 		</dependency>
 
 		<dependency>
diff --git a/lab01/password-server/src/main/java/io/spring2go/passwordserver/config/OAuth2AuthorizationServer.java b/lab01/password-server/src/main/java/io/spring2go/passwordserver/config/OAuth2AuthorizationServer.java
index 61aa64d..d6803e6 100644
--- a/lab01/password-server/src/main/java/io/spring2go/passwordserver/config/OAuth2AuthorizationServer.java
+++ b/lab01/password-server/src/main/java/io/spring2go/passwordserver/config/OAuth2AuthorizationServer.java
@@ -3,6 +3,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
@@ -11,28 +12,23 @@
 // 授权服务器配置
 @Configuration
 @EnableAuthorizationServer
-public class OAuth2AuthorizationServer extends
-        AuthorizationServerConfigurerAdapter {
-
+public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter {
+	@Autowired
+	private BCryptPasswordEncoder passwordEncoder;
 	// 用户认证
-    @Autowired
-    private AuthenticationManager authenticationManager;
+	@Autowired
+	private AuthenticationManager authenticationManager;
 
-    @Override
-    public void configure(AuthorizationServerEndpointsConfigurer endpoints)
-            throws Exception {
-        endpoints.authenticationManager(authenticationManager);
-    }
+	@Override
+	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+		endpoints.authenticationManager(authenticationManager);
+	}
 
-    @Override
-    public void configure(ClientDetailsServiceConfigurer clients)
-            throws Exception {
-        clients.inMemory()
-            .withClient("clientapp")
-            .secret("112233")
-            // 密码模式
-            .authorizedGrantTypes("password")
-            .scopes("read_userinfo", "read_contacts");
-    }
+	@Override
+	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+		clients.inMemory().withClient("clientapp").secret(passwordEncoder.encode("112233"))
+				// 密码模式
+				.authorizedGrantTypes("password").scopes("read_userinfo", "read_contacts");
+	}
 
 }
diff --git a/lab01/password-server/src/main/java/io/spring2go/passwordserver/config/SecurityConfig.java b/lab01/password-server/src/main/java/io/spring2go/passwordserver/config/SecurityConfig.java
new file mode 100644
index 0000000..ddea981
--- /dev/null
+++ b/lab01/password-server/src/main/java/io/spring2go/passwordserver/config/SecurityConfig.java
@@ -0,0 +1,35 @@
+package io.spring2go.passwordserver.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+@Configuration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+	@Override
+	protected void configure(HttpSecurity http) throws Exception { // @formatter:off
+		http.requestMatchers().antMatchers("/login", "/oauth/authorize").and().authorizeRequests().anyRequest()
+				.authenticated().and().formLogin().permitAll().and().csrf().disable();
+	} // @formatter:on
+
+	@Override
+	protected void configure(AuthenticationManagerBuilder auth) throws Exception { // @formatter:off
+		auth.inMemoryAuthentication().withUser("heshi").password(passwordEncoder().encode("1")).roles("USER");
+	} // @formatter:on
+//
+
+	@Bean
+	@Override
+	public AuthenticationManager authenticationManagerBean() throws Exception {
+		return super.authenticationManagerBean();
+	}
+
+	@Bean
+	public BCryptPasswordEncoder passwordEncoder() {
+		return new BCryptPasswordEncoder();
+	}
+}
diff --git a/lab01/password-server/src/main/resources/application.properties b/lab01/password-server/src/main/resources/application.properties
index 4527ec0..a4d33d3 100644
--- a/lab01/password-server/src/main/resources/application.properties
+++ b/lab01/password-server/src/main/resources/application.properties
@@ -1,3 +1,3 @@
 # Spring Security Setting
-security.user.name=bobo
-security.user.password=xyz
\ No newline at end of file
+spring.security.user.name=heshi
+spring.security.user.password=1
\ No newline at end of file
diff --git a/lab02/client-resttemplate/pom.xml b/lab02/client-resttemplate/pom.xml
index 0fd928a..11c8d20 100644
--- a/lab02/client-resttemplate/pom.xml
+++ b/lab02/client-resttemplate/pom.xml
@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>1.5.10.RELEASE</version>
+		<version>2.1.5.RELEASE</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
 
diff --git a/lab02/client-resttemplate/src/main/java/io/spring2go/clientresttemplate/ClientRestTemplateApplication.java b/lab02/client-resttemplate/src/main/java/io/spring2go/clientresttemplate/ClientRestTemplateApplication.java
index 98540ff..2d376d8 100644
--- a/lab02/client-resttemplate/src/main/java/io/spring2go/clientresttemplate/ClientRestTemplateApplication.java
+++ b/lab02/client-resttemplate/src/main/java/io/spring2go/clientresttemplate/ClientRestTemplateApplication.java
@@ -10,13 +10,13 @@
 @SpringBootApplication
 public class ClientRestTemplateApplication implements ServletContextInitializer {
 
-    public static void main(String[] args) {
-        SpringApplication.run(ClientRestTemplateApplication.class, args);
-    }
+	public static void main(String[] args) {
+		SpringApplication.run(ClientRestTemplateApplication.class, args);
+	}
 
-    @Override
-    public void onStartup(ServletContext context) throws ServletException {
-        context.getSessionCookieConfig().setName("client-session");
-    }
+	@Override
+	public void onStartup(ServletContext context) throws ServletException {
+		context.getSessionCookieConfig().setName("client-session");
+	}
 
 }
diff --git a/lab02/client-resttemplate/src/main/java/io/spring2go/clientresttemplate/security/ClientUserDetailsService.java b/lab02/client-resttemplate/src/main/java/io/spring2go/clientresttemplate/security/ClientUserDetailsService.java
index 278bee4..c517c5b 100644
--- a/lab02/client-resttemplate/src/main/java/io/spring2go/clientresttemplate/security/ClientUserDetailsService.java
+++ b/lab02/client-resttemplate/src/main/java/io/spring2go/clientresttemplate/security/ClientUserDetailsService.java
@@ -14,19 +14,21 @@
 @Service
 public class ClientUserDetailsService implements UserDetailsService {
 
-    @Autowired
-    private UserRepository users;
-
-    @Override
-    public UserDetails loadUserByUsername(String username)
-            throws UsernameNotFoundException {
-        Optional<ClientUser> optionalUser = users.findByUsername(username);
-
-        if (!optionalUser.isPresent()) {
-            throw new UsernameNotFoundException("invalid username or password");
-        }
-
-        return new ClientUserDetails(optionalUser.get());
-    }
+	@Autowired
+	private UserRepository users;
+
+	@Autowired
+	private OrchidPasswordEncoder passwordEncoder;
+
+	@Override
+	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+		Optional<ClientUser> optionalUser = users.findByUsername(username);
+
+		if (!optionalUser.isPresent()) {
+			throw new UsernameNotFoundException("invalid username or password");
+		}
+		optionalUser.get().setPassword(passwordEncoder.encode(optionalUser.get().getPassword()));
+		return new ClientUserDetails(optionalUser.get());
+	}
 
 }
diff --git a/lab02/client-resttemplate/src/main/java/io/spring2go/clientresttemplate/security/OrchidPasswordEncoder.java b/lab02/client-resttemplate/src/main/java/io/spring2go/clientresttemplate/security/OrchidPasswordEncoder.java
new file mode 100644
index 0000000..c309663
--- /dev/null
+++ b/lab02/client-resttemplate/src/main/java/io/spring2go/clientresttemplate/security/OrchidPasswordEncoder.java
@@ -0,0 +1,21 @@
+package io.spring2go.clientresttemplate.security;
+
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+public class OrchidPasswordEncoder implements PasswordEncoder {
+
+	@Override
+	public String encode(CharSequence rawPassword) {
+		return rawPassword.toString();
+	}
+
+	@Override
+	public boolean matches(CharSequence rawPassword, String encodedPassword) {
+		if (encodedPassword == null || encodedPassword.length() == 0) {
+			return false;
+		}
+		
+		return rawPassword.equals(encodedPassword);
+	}
+
+}
diff --git a/lab02/client-resttemplate/src/main/java/io/spring2go/clientresttemplate/security/SecurityConfiguration.java b/lab02/client-resttemplate/src/main/java/io/spring2go/clientresttemplate/security/SecurityConfiguration.java
index 0a2907c..ff1a219 100644
--- a/lab02/client-resttemplate/src/main/java/io/spring2go/clientresttemplate/security/SecurityConfiguration.java
+++ b/lab02/client-resttemplate/src/main/java/io/spring2go/clientresttemplate/security/SecurityConfiguration.java
@@ -1,33 +1,35 @@
 package io.spring2go.clientresttemplate.security;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
 @Configuration
 @EnableWebSecurity
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 
-    @Autowired
-    private UserDetailsService userDetailsService;
+	@Autowired
+	private UserDetailsService userDetailsService;
 
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth)
-            throws Exception {
-        auth.userDetailsService(userDetailsService);
-    }
+	@Override
+	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+		auth.userDetailsService(userDetailsService);
+	}
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http
-            .authorizeRequests().antMatchers("/", "/index.html").permitAll().anyRequest().authenticated().and()
-            .formLogin().and()
-            .logout().permitAll().and()
-            .csrf().disable();
-    }
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		http.authorizeRequests().antMatchers("/", "/index.html").permitAll().anyRequest().authenticated().and()
+				.formLogin().and().logout().permitAll().and().csrf().disable();
+	}
 
+	@Bean
+	public OrchidPasswordEncoder passwordEncoder() {
+		return new OrchidPasswordEncoder();
+	}
 }
diff --git a/lab02/client-resttemplate/src/main/resources/application.properties b/lab02/client-resttemplate/src/main/resources/application.properties
index f361daf..76acccb 100644
--- a/lab02/client-resttemplate/src/main/resources/application.properties
+++ b/lab02/client-resttemplate/src/main/resources/application.properties
@@ -3,9 +3,9 @@ server.port=9001
 spring.http.converters.preferred-json-mapper=jackson
 spring.thymeleaf.cache=false
 
-spring.datasource.url=jdbc:mysql://localhost/clientdb
-spring.datasource.username=testuser
-spring.datasource.password=test
-spring.datasource.driver-class-name=com.mysql.jdbc.Driver
+spring.datasource.url=jdbc:mysql://localhost/clientdb?serverTimezone=Asia/Shanghai
+spring.datasource.username=heshi
+spring.datasource.password=1
+spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
 spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
 spring.jpa.properties.hibernate.hbm2ddl.auto=validate
diff --git a/lab03/jwt-authserver/pom.xml b/lab03/jwt-authserver/pom.xml
index b378b5b..a646fe5 100644
--- a/lab03/jwt-authserver/pom.xml
+++ b/lab03/jwt-authserver/pom.xml
@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>1.5.9.RELEASE</version>
+		<version>2.1.5.RELEASE</version>
 		<relativePath /> <!-- lookup parent from repository -->
 	</parent>
 
@@ -38,11 +38,13 @@
 		<dependency>
 			<groupId>org.springframework.security.oauth</groupId>
 			<artifactId>spring-security-oauth2</artifactId>
+			<version>2.3.6.RELEASE</version>
 		</dependency>
 
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-jwt</artifactId>
+			<version>1.0.10.RELEASE</version>
 		</dependency>
 
 		<dependency>
diff --git a/lab03/jwt-authserver/src/main/java/io/spring2go/jwtauthserver/config/OrchidPasswordEncoder.java b/lab03/jwt-authserver/src/main/java/io/spring2go/jwtauthserver/config/OrchidPasswordEncoder.java
new file mode 100644
index 0000000..b1f54c1
--- /dev/null
+++ b/lab03/jwt-authserver/src/main/java/io/spring2go/jwtauthserver/config/OrchidPasswordEncoder.java
@@ -0,0 +1,21 @@
+package io.spring2go.jwtauthserver.config;
+
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+public class OrchidPasswordEncoder implements PasswordEncoder {
+
+	@Override
+	public String encode(CharSequence rawPassword) {
+		return rawPassword.toString();
+	}
+
+	@Override
+	public boolean matches(CharSequence rawPassword, String encodedPassword) {
+		if (encodedPassword == null || encodedPassword.length() == 0) {
+			return false;
+		}
+		
+		return rawPassword.equals(encodedPassword);
+	}
+
+}
diff --git a/lab03/jwt-authserver/src/main/java/io/spring2go/jwtauthserver/config/SecurityConfig.java b/lab03/jwt-authserver/src/main/java/io/spring2go/jwtauthserver/config/SecurityConfig.java
new file mode 100644
index 0000000..816ccc6
--- /dev/null
+++ b/lab03/jwt-authserver/src/main/java/io/spring2go/jwtauthserver/config/SecurityConfig.java
@@ -0,0 +1,33 @@
+package io.spring2go.jwtauthserver.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+	@Override
+	protected void configure(HttpSecurity http) throws Exception { // @formatter:off
+		http.requestMatchers().antMatchers("/login", "/oauth/authorize").and().authorizeRequests().anyRequest()
+				.authenticated().and().formLogin().permitAll().and().csrf().disable();
+	} // @formatter:on
+
+	@Override
+	protected void configure(AuthenticationManagerBuilder auth) throws Exception { // @formatter:off
+		auth.inMemoryAuthentication().withUser("heshi").password(passwordEncoder().encode("1")).roles("USER");
+	}
+
+	@Bean
+	@Override
+	public AuthenticationManager authenticationManagerBean() throws Exception {
+		return super.authenticationManagerBean();
+	}
+
+	@Bean
+	public OrchidPasswordEncoder passwordEncoder() {
+		return new OrchidPasswordEncoder();
+	}
+}
diff --git a/lab03/jwt-authserver/src/main/resources/application.properties b/lab03/jwt-authserver/src/main/resources/application.properties
index 58f12a5..a853cc2 100644
--- a/lab03/jwt-authserver/src/main/resources/application.properties
+++ b/lab03/jwt-authserver/src/main/resources/application.properties
@@ -1,2 +1,5 @@
-security.user.name=bobo
-security.user.password=xyz
\ No newline at end of file
+security.user.name=heshi
+security.user.password=1
+server.port=8080
+#logging.path=
+logging.file=D:/logs/authServer.log
\ No newline at end of file
diff --git a/lab03/jwt-resourceserver/pom.xml b/lab03/jwt-resourceserver/pom.xml
index 0aefcd0..f14ce93 100644
--- a/lab03/jwt-resourceserver/pom.xml
+++ b/lab03/jwt-resourceserver/pom.xml
@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>1.5.9.RELEASE</version>
+		<version>2.1.5.RELEASE</version>
 		<relativePath /> <!-- lookup parent from repository -->
 	</parent>
 
@@ -37,10 +37,12 @@
 		<dependency>
 			<groupId>org.springframework.security.oauth</groupId>
 			<artifactId>spring-security-oauth2</artifactId>
+			<version>2.3.6.RELEASE</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-jwt</artifactId>
+			<version>1.0.10.RELEASE</version>
 		</dependency>
 
 		<dependency>
diff --git a/lab03/jwt-resourceserver/src/main/java/io/spring2go/jwtresourceserver/config/SecurityConfiguration.java b/lab03/jwt-resourceserver/src/main/java/io/spring2go/jwtresourceserver/config/SecurityConfiguration.java
new file mode 100644
index 0000000..0232b83
--- /dev/null
+++ b/lab03/jwt-resourceserver/src/main/java/io/spring2go/jwtresourceserver/config/SecurityConfiguration.java
@@ -0,0 +1,20 @@
+package io.spring2go.jwtresourceserver.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+@EnableWebSecurity
+public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		http.authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll().anyRequest().authenticated().and()
+				.httpBasic().and().csrf().disable();
+	}
+}
diff --git a/lab03/jwt-resourceserver/src/main/java/io/spring2go/jwtresourceserver/oauth/OAuth2ResourceServer.java b/lab03/jwt-resourceserver/src/main/java/io/spring2go/jwtresourceserver/oauth/OAuth2ResourceServer.java
index 90845ba..b1a3c21 100644
--- a/lab03/jwt-resourceserver/src/main/java/io/spring2go/jwtresourceserver/oauth/OAuth2ResourceServer.java
+++ b/lab03/jwt-resourceserver/src/main/java/io/spring2go/jwtresourceserver/oauth/OAuth2ResourceServer.java
@@ -1,19 +1,54 @@
 package io.spring2go.jwtresourceserver.oauth;
 
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
+import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
 
 @Configuration
 @EnableResourceServer
-public class OAuth2ResourceServer extends
-    ResourceServerConfigurerAdapter {
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
-        http
-            .authorizeRequests()
-            .anyRequest().authenticated().and()
-            .requestMatchers().antMatchers("/api/**");
-    }
+public class OAuth2ResourceServer extends ResourceServerConfigurerAdapter {
+
+	@Value("${security.oauth2.resource.jwt.key-value}")
+	private String signingKey;
+
+	@Override
+	public void configure(ResourceServerSecurityConfigurer resources) {
+		resources.tokenServices(defaultTokenServices());
+	}
+
+	@Override
+	public void configure(HttpSecurity http) throws Exception {
+		http.authorizeRequests().anyRequest().authenticated().and().requestMatchers().antMatchers("/api/**");
+	}
+
+	@Bean
+	public TokenStore tokenStore() {
+		TokenStore tokenStore = new JwtTokenStore(accessTokenConverter());
+		return tokenStore;
+	}
+
+	@Bean
+	public JwtAccessTokenConverter accessTokenConverter() {
+		JwtAccessTokenConverter accessTokenConverter = new JwtAccessTokenConverter() {
+		};
+		accessTokenConverter.setSigningKey(signingKey);// 测试用,授权服务使用相同的字符达到一个对称加密的效果,生产时候使用RSA非对称加密方式
+		return accessTokenConverter;
+	}
+
+	@Bean
+	public ResourceServerTokenServices defaultTokenServices() {
+		final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
+		defaultTokenServices.setTokenEnhancer(accessTokenConverter());
+		defaultTokenServices.setTokenStore(tokenStore());
+		return defaultTokenServices;
+	}
 }
diff --git a/lab03/jwt-resourceserver/src/main/resources/application.properties b/lab03/jwt-resourceserver/src/main/resources/application.properties
index 22d1aed..5ae4f9b 100644
--- a/lab03/jwt-resourceserver/src/main/resources/application.properties
+++ b/lab03/jwt-resourceserver/src/main/resources/application.properties
@@ -1,3 +1,3 @@
 server.port=8081
-
 security.oauth2.resource.jwt.key-value=test-secret
+#logging.file=D:/logs/resourceServer.log
\ No newline at end of file