diff --git a/sso-auth-server/pom.xml b/sso-auth-server/pom.xml
index 19cbb68d3d15499415ef2a6fa9a98f7aa3773faf..70a415cf32d45fb10ba4422aca650d251523b861 100644
--- a/sso-auth-server/pom.xml
+++ b/sso-auth-server/pom.xml
@@ -35,6 +35,17 @@
             <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.baomidou</groupId>
+            <artifactId>mybatis-plus-boot-starter</artifactId>
+            <version>3.4.0</version>
+        </dependency>
+
         <dependency>
             <groupId>org.springframework.security.oauth.boot</groupId>
             <artifactId>spring-security-oauth2-autoconfigure</artifactId>
diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/SsoAuthServerApplication.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/SsoAuthServerApplication.java
index 7c4560fb3b9f5dc320eec2cc7ed4644fa0f5f0f1..c84835c75ff27ccd610b4c6bc5812c434a89c49e 100644
--- a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/SsoAuthServerApplication.java
+++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/SsoAuthServerApplication.java
@@ -1,11 +1,14 @@
 package org.xbdframework.sample.sso.authserver;
 
+import org.mybatis.spring.annotation.MapperScan;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 
 @EnableWebSecurity
 @SpringBootApplication
+
+@MapperScan("org.xbdframework.sample.sso.authserver.mapper")
 public class SsoAuthServerApplication {
 
     public static void main(String[] args) {
diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/confg/AuthorizationServerConfiguration.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/confg/AuthorizationServerConfiguration.java
index a4adaee7bab688429fb08ade39b98b4429eda3b7..b66526807a0e2afed9426570f7e644bca1dd847d 100644
--- a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/confg/AuthorizationServerConfiguration.java
+++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/confg/AuthorizationServerConfiguration.java
@@ -22,27 +22,33 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
     @Autowired
     private PasswordEncoder passwordEncoder;
 
+    //用来配置令牌端点的安全约束
     @Override
     public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
-        security.allowFormAuthenticationForClients()
-                .tokenKeyAccess("isAuthenticated()");
+        security
+                .tokenKeyAccess("permitAll()")     //oauth/token_key是公开
+                .checkTokenAccess("permitAll()")   //oauth/check_token公开
+                .allowFormAuthenticationForClients();//表单认证（申请令牌）
     }
 
+    //客户端详情服务
     @Override
     public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
         clients.withClientDetails(inMemoryClientDetailsService());
     }
 
 
+    /// 使用in-memory存储
     @Bean
     public ClientDetailsService inMemoryClientDetailsService() throws Exception {
         return new InMemoryClientDetailsServiceBuilder()
                 // client oa application
-                .withClient("oa")
-                .secret(passwordEncoder.encode("oa_secret"))
-                .scopes("all")
+                .withClient("oa")// client_id 客户端标识
+                .secret(passwordEncoder.encode("oa_secret"))////客户端密钥
+                .scopes("all")// 允许的授权范围
+                // 该client允许的授权类型authorization_code,password,refresh_token,implicit,client_credentials
                 .authorizedGrantTypes("authorization_code", "refresh_token")
-                .redirectUris("http://localhost:8080/oa/login", "http://www.baidu.com")
+                .redirectUris("http://localhost:8080/oa/login", "http://www.baidu.com")//加上验证回调地址
                 .accessTokenValiditySeconds(7200)
                 .autoApprove(true)
 
@@ -61,6 +67,7 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
                 .build();
     }
 
+    //令牌访问端点:用来配置令牌（token）的访问端点和令牌服务(token services)
     @Override
     public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
         endpoints.accessTokenConverter(jwtAccessTokenConverter())
diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/confg/WebSecurityConfiguration.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/confg/WebSecurityConfiguration.java
index b715ff18c4792bf63f9ca11f7160ffcd2a327e12..f698befc2ac090e9ca077845b2d40af824f6a829 100644
--- a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/confg/WebSecurityConfiguration.java
+++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/confg/WebSecurityConfiguration.java
@@ -14,6 +14,7 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
+import javax.annotation.Resource;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
@@ -21,9 +22,12 @@ import java.util.List;
 @Configuration
 public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
+    @Resource
+    private UserDetailsService userDetailsService;
+
     @Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.userDetailsService(userDetailsServiceBean()).passwordEncoder(passwordEncoder());
+        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
     }
 
     @Override
@@ -43,28 +47,6 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
                 .and().csrf().disable().cors();
     }
 
-    @Bean
-    @Override
-    public UserDetailsService userDetailsServiceBean() {
-        Collection<UserDetails> users = buildUsers();
-
-        return new InMemoryUserDetailsManager(users);
-    }
-
-    private Collection<UserDetails> buildUsers() {
-        String password = passwordEncoder().encode("123456");
-
-        List<UserDetails> users = new ArrayList<>();
-
-        UserDetails user_admin = User.withUsername("admin").password(password).authorities("ADMIN", "USER").build();
-        UserDetails user_user1 = User.withUsername("user 1").password(password).authorities("USER").build();
-
-        users.add(user_admin);
-        users.add(user_user1);
-
-        return users;
-    }
-
     @Bean
     public PasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/mapper/UserInfoMapper.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/mapper/UserInfoMapper.java
new file mode 100644
index 0000000000000000000000000000000000000000..5f32077a9e6ae7a0a70ca87197897099db209ef7
--- /dev/null
+++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/mapper/UserInfoMapper.java
@@ -0,0 +1,26 @@
+package org.xbdframework.sample.sso.authserver.mapper;
+
+
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import org.xbdframework.sample.sso.authserver.model.Menu;
+import org.xbdframework.sample.sso.authserver.model.Role;
+import org.xbdframework.sample.sso.authserver.model.Users;
+
+import java.util.List;
+
+public interface UserInfoMapper extends BaseMapper<Users> {
+    /**
+     * 根据用户 Id 查询用户角色
+     * @param id
+     * @return
+     */
+    List<Role> selectRoleByUserId(Integer id);
+    /**
+     * 根据用户 Id 查询菜单
+     * @param id
+     * @return
+     */
+    List<Menu> selectMenuByUserId(Integer id);
+
+}
diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Menu.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Menu.java
new file mode 100644
index 0000000000000000000000000000000000000000..367f80ce1932f7ab74366da16a6801b5264721e1
--- /dev/null
+++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Menu.java
@@ -0,0 +1,32 @@
+package org.xbdframework.sample.sso.authserver.model;
+
+public class Menu {
+    private Integer id;
+    private String name;
+    private String permission;
+
+    public Integer getId() {
+        return id;
+    }
+
+    public void setId(Integer id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getPermission() {
+        return permission;
+    }
+
+    public void setPermission(String permission) {
+        this.permission = permission;
+    }
+}
+
diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Role.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Role.java
new file mode 100644
index 0000000000000000000000000000000000000000..0969db102f48ee049cebbad722307fc88c648eba
--- /dev/null
+++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Role.java
@@ -0,0 +1,22 @@
+package org.xbdframework.sample.sso.authserver.model;
+
+public class Role {
+    private Integer id;
+    private String name;
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public Integer getId() {
+        return id;
+    }
+
+    public void setId(Integer id) {
+        this.id = id;
+    }
+}
diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Users.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Users.java
new file mode 100644
index 0000000000000000000000000000000000000000..d95531393e4a3acf2c6f974a0bf3483810a969b0
--- /dev/null
+++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/model/Users.java
@@ -0,0 +1,31 @@
+package org.xbdframework.sample.sso.authserver.model;
+
+public class Users {
+    private Integer id;
+    private String username;
+    private String password;
+
+    public Integer getId() {
+        return id;
+    }
+
+    public void setId(Integer id) {
+        this.id = id;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+}
diff --git a/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/service/MyUserDetailsService.java b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/service/MyUserDetailsService.java
new file mode 100644
index 0000000000000000000000000000000000000000..5c036bffef6770bf0b9c0526cc18bdbb83bab7a8
--- /dev/null
+++ b/sso-auth-server/src/main/java/org/xbdframework/sample/sso/authserver/service/MyUserDetailsService.java
@@ -0,0 +1,61 @@
+package org.xbdframework.sample.sso.authserver.service;
+
+
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.stereotype.Service;
+import org.xbdframework.sample.sso.authserver.mapper.UserInfoMapper;
+import org.xbdframework.sample.sso.authserver.model.Menu;
+import org.xbdframework.sample.sso.authserver.model.Role;
+import org.xbdframework.sample.sso.authserver.model.Users;
+
+import javax.annotation.Resource;
+import java.util.ArrayList;
+import java.util.List;
+
+@Service("userDetailsService")
+public class MyUserDetailsService implements UserDetailsService {
+
+    @Resource
+    private UserInfoMapper userInfoMapper;
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        //根据用户名查询数据库
+        QueryWrapper<Users> wrapper = new QueryWrapper<>();
+        wrapper.eq("username",username);
+        Users users = userInfoMapper.selectOne(wrapper);
+        if (users == null){
+            throw new UsernameNotFoundException("用户不存在!");
+        }
+
+        //获得用户角色,菜单列表
+        List<Role> roles = userInfoMapper.selectRoleByUserId(users.getId());
+        List<Menu> menus = userInfoMapper.selectMenuByUserId(users.getId());
+
+        //声明一个权限集合List<GrantedAuthority>
+        List<GrantedAuthority> authorityList = new ArrayList<>();
+        //加入角色
+        for (Role role : roles) {
+            SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority("ROLE_" + role.getName());
+            authorityList.add(simpleGrantedAuthority);
+        }
+        //加入权限
+        for (Menu menu : menus) {
+            SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(menu.getPermission());
+            authorityList.add(simpleGrantedAuthority);
+        }
+        /*
+        * 参数一  用户名
+        * 参数二 加密后的密码
+        * 参数三 权限集合
+        * */
+      return new User(users.getUsername(),new BCryptPasswordEncoder().encode(users.getPassword()),authorityList);
+    }
+}
diff --git a/sso-auth-server/src/main/resources/application.yml b/sso-auth-server/src/main/resources/application.yml
index bd653a84ec0f394cd7be69693847cfe84495a8a4..2758ab0a1b8cf4b1a2ccabb6f97a550d626f7f7a 100644
--- a/sso-auth-server/src/main/resources/application.yml
+++ b/sso-auth-server/src/main/resources/application.yml
@@ -5,6 +5,12 @@ spring:
   application:
     name: auth server application
     version: 1.0
+  datasource:
+    username: root
+    password: 7357
+    url: jdbc:mysql://localhost:3306/java?serverTimezone=GMT%2B8
+    driver-class-name: com.mysql.cj.jdbc.Driver
+
 
 oa:
   profile-uri: http://localhost:8080/oa/system/profile
@@ -12,5 +18,7 @@ oa:
 crm:
   profile-uri: http://localhost:8090/crm/system/profile
 
+mybatis-plus:
+  config-location:mapper/*.xml
 
 
diff --git a/sso-auth-server/src/main/resources/mapper/UserInfoMapper.xml b/sso-auth-server/src/main/resources/mapper/UserInfoMapper.xml
new file mode 100644
index 0000000000000000000000000000000000000000..6c2182c1736d91170d7193cd1a834e3e3accaa43
--- /dev/null
+++ b/sso-auth-server/src/main/resources/mapper/UserInfoMapper.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper
+        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="org.xbdframework.sample.sso.authserver.mapper.UserInfoMapper">
+
+    <!--根据用户 Id 查询角色信息-->
+    <select id="selectRoleByUserId" resultType="org.xbdframework.sample.sso.authserver.model.Role">
+ SELECT r.id,r.name FROM role r INNER JOIN users ru ON
+ru.id=r.id where ru.id=#{id}
+</select>
+    <!--根据用户 Id 查询权限信息-->
+    <select id="selectMenuByUserId" resultType="org.xbdframework.sample.sso.authserver.model.Menu">
+ SELECT m.id,m.name,m.permission FROM menu m
+INNER JOIN users ru ON m.id=ru.id
+WHERE ru.id=#{id}
+</select>
+</mapper>
+
+