Merge branch 'dev' into dev_frank

1905d7b7 · frank.xa.zhang · f89cb5ba · fa165dab · 1905d7b7 · f89cb5ba
Commit 1905d7b7 authored Aug 06, 2018 by frank.xa.zhang
43 changed files
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,4 @@ rebel.xml
 **/*.iml
 **/.idea/
 atms-api/~
+/bin/
--- a/atms-api/etc/generator/mysql-connector-java-5.1.41.jar
+++ b/atms-api/etc/generator/mysql-connector-java-5.1.41.jar
--- a/atms-api/etc/generator/vat_run.bat
+++ b/atms-api/etc/generator/vat_run.bat
--- a/atms-api/pom.xml
+++ b/atms-api/pom.xml
@@ -188,7 +188,7 @@
        <dependency>
            <groupId>commons-codec</groupId>
            <artifactId>commons-codec</artifactId>
-            <version>1.10</version>
+            <version>1.11</version>
        </dependency>

        <!-- https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api -->
@@ -230,7 +230,7 @@
        <dependency>
            <groupId>commons-collections</groupId>
            <artifactId>commons-collections</artifactId>
-            <version>3.2.1</version>
+            <version>3.2.2</version>
        </dependency>
        <dependency>
            <groupId>commons-beanutils</groupId>
@@ -316,6 +316,30 @@
            <artifactId>guava</artifactId>
            <version>24.0-jre</version>
        </dependency>
+        <dependency>
+            <groupId>org.mybatis.generator</groupId>
+            <artifactId>mybatis-generator-maven-plugin</artifactId>
+            <version>1.3.6</version>
+        </dependency>
+        <!-- https://mvnrepository.com/artifact/com.github.pagehelper/pagehelper -->
+        <dependency>
+            <groupId>com.github.pagehelper</groupId>
+            <artifactId>pagehelper</artifactId>
+            <version>5.1.4</version>
+        </dependency>
+
+        <dependency>
+            <groupId>net.sf.ehcache</groupId>
+            <artifactId>ehcache</artifactId>
+            <version>2.10.5</version>
+        </dependency>
+
+        <!-- reflectasm -->
+        <dependency>
+            <groupId>com.esotericsoftware</groupId>
+            <artifactId>reflectasm</artifactId>
+            <version>1.11.7</version>
+        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>

--- a/atms-api/src/main/java/pwc/taxtech/atms/AppCachePool.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/AppCachePool.java
--- a/atms-api/src/main/java/pwc/taxtech/atms/WebMvcConfig.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/WebMvcConfig.java
@@ -8,8 +8,11 @@ import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.support.ResourceBundleMessageSource;
+import org.springframework.http.client.ClientHttpRequestFactory;
+import org.springframework.http.client.SimpleClientHttpRequestFactory;
 import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
+import org.springframework.web.client.RestTemplate;
 import org.springframework.web.multipart.commons.CommonsMultipartResolver;

 import com.fasterxml.jackson.databind.MapperFeature;
@@ -80,4 +83,17 @@ public class WebMvcConfig implements InitializingBean {
        return new CommonsMultipartResolver();
    }

+    @Bean
+    public RestTemplate restTemplate(ClientHttpRequestFactory factory) {
+        return new RestTemplate(factory);
+    }
+
+    @Bean
+    public ClientHttpRequestFactory simpleClientHttpRequestFactory() {
+        SimpleClientHttpRequestFactory factory = new SimpleClientHttpRequestFactory();
+        factory.setReadTimeout(5000);//单位为ms
+        factory.setConnectTimeout(5000);//单位为ms
+        return factory;
+    }
+
 }
--- a/atms-api/src/main/java/pwc/taxtech/atms/common/AopLogger.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/common/AopLogger.java
-package pwc.taxtech.atms.common;
-
-import org.aspectj.lang.JoinPoint;
-import org.aspectj.lang.annotation.After;
-import org.aspectj.lang.annotation.AfterThrowing;
-import org.aspectj.lang.annotation.Aspect;
-import org.aspectj.lang.annotation.Before;
-import org.aspectj.lang.annotation.Pointcut;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Component;
-
-@Component
-@Aspect
-public class AopLogger {
-    private static Logger logger = LoggerFactory.getLogger(AopLogger.class);
-
-    @Pointcut("execution(public * pwc.taxtech.atms.service.*.*(..))")
-    public void pointCut() {
-        // 定义Pointcut 此方法不能有返回值，该方法只是一个标示
-    }
-
-    @Before("pointCut()")
-    public void before(JoinPoint joinPoint) {
-        if (logger.isDebugEnabled()) {
-            logger.debug("aop before:{}", joinPoint);
-        }
-    }
-
-    @After("pointCut()")
-    public void after(JoinPoint joinPoint) {
-        if (logger.isDebugEnabled()) {
-            logger.debug("aop after:{}", joinPoint);
-        }
-    }
-
-    @AfterThrowing(pointcut = "pointCut()", throwing = "error")
-    public void afterThrowing(JoinPoint joinPoint, Throwable error) {
-        if (logger.isWarnEnabled()) {
-            logger.warn("aop afterThrowing:{}, exception class:{}, exception message:{} ", joinPoint,
-                    error.getClass().toString(), error.getMessage());
-        }
-    }
-
-    // @After("pointCut()")
-    // public void doAfter(JoinPoint joinPoint) {
-    // System.out.println("AOP After Advice...");
-    // }
-    //
-    // @AfterReturning(pointcut = "pointCut()", returning = "returnVal")
-    // public void afterReturn(JoinPoint joinPoint, Object returnVal) {
-    // System.out.println("AOP AfterReturning Advice:" + returnVal);
-    // }
-    //
-    //
-    // @Around("pointCut()")
-    // public void around(ProceedingJoinPoint pjp) {
-    // System.out.println("AOP Aronud before...");
-    // try {
-    // pjp.proceed();
-    // } catch (Throwable e) {
-    // e.printStackTrace();
-    // }
-    // System.out.println("AOP Aronud after...");
-    // }
-
-}
\ No newline at end of file
--- a/atms-api/src/main/java/pwc/taxtech/atms/common/AuthUserHelperImpl.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/common/AuthUserHelperImpl.java
 package pwc.taxtech.atms.common;

-import javax.servlet.http.HttpServletRequest;
-
 import org.nutz.lang.Lang;
 import org.nutz.lang.Strings;
 import org.slf4j.Logger;
@@ -14,10 +12,11 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
-
 import pwc.taxtech.atms.dao.UserMapper;
-import pwc.taxtech.atms.entitiy.User;
 import pwc.taxtech.atms.exception.ApplicationException;
+import pwc.taxtech.atms.security.JwtUser;
+
+import javax.servlet.http.HttpServletRequest;

 @Component
 public class AuthUserHelperImpl implements AuditorAware<String>, AuthUserHelper {
@@ -57,12 +56,19 @@ public class AuthUserHelperImpl implements AuditorAware<String>, AuthUserHelper
     */
    @Override
    public String getCurrentUserID() {
-        String userName = getCurrentAuditor();
-        User user = userMapper.selectByUserNameIgnoreCase(userName);
-        if (user == null) {
+        SecurityContext context = SecurityContextHolder.getContext();
+        if (context == null) {
+            throw new ApplicationException("security context is null");
+        }
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        if (authentication == null || !authentication.isAuthenticated()) {
+            throw new ApplicationException("authentication failed");
+        }
+        JwtUser jwtUser = (JwtUser) authentication.getPrincipal();
+        if (jwtUser == null) {
            return "";
        }
-        return user.getID();
+        return jwtUser.getUserid();
    }

    /*

--- a/atms-api/src/main/java/pwc/taxtech/atms/common/ServiceException.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/common/ServiceException.java
+package pwc.taxtech.atms.common;
+
+public class ServiceException extends RuntimeException{
+    public ServiceException() {
+    }
+
+    public ServiceException(String message) {
+        super(message);
+    }
+
+    public ServiceException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public ServiceException(Throwable cause) {
+        super(cause);
+    }
+
+    public ServiceException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
+        super(message, cause, enableSuppression, writableStackTrace);
+    }
+}
--- a/atms-api/src/main/java/pwc/taxtech/atms/common/exception/CustomExceptionHandler.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/common/exception/CustomExceptionHandler.java
+package pwc.taxtech.atms.common.exception;
+
+import com.alibaba.fastjson.JSON;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import pwc.taxtech.atms.common.ServiceException;
+import pwc.taxtech.atms.dto.ApiResultDto;
+
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@ControllerAdvice
+public class CustomExceptionHandler {
+
+    private static final Logger logger = LoggerFactory.getLogger(CustomExceptionHandler.class);
+
+    @ExceptionHandler(value = Throwable.class)
+    public ApiResultDto handle(HttpServletResponse response) {
+        return ApiResultDto.fail("error.");
+    }
+
+    @ExceptionHandler(value = ServiceException.class)
+    public void customHandle(ServiceException exception, HttpServletResponse response) {
+        try {
+            response.setCharacterEncoding("UTF-8");
+            response.setContentType("application/json; charset=UTF-8");
+            response.getWriter().write(JSON.toJSONString(ApiResultDto.fail(exception.getMessage())));
+        } catch (IOException e) {
+            logger.error("customHandle error.", e);
+        }
+    }
+}
--- a/atms-api/src/main/java/pwc/taxtech/atms/common/util/BeanUtil.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/common/util/BeanUtil.java
+package pwc.taxtech.atms.common.util;
+
+import com.esotericsoftware.reflectasm.MethodAccess;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.cache.annotation.Cacheable;
+import org.springframework.stereotype.Component;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Modifier;
+import java.util.ArrayList;
+import java.util.List;
+
+@Component
+public class BeanUtil {
+
+    private static final String PREFIX_GET = "get";
+    private static final String PREFIX_SET = "set";
+
+    /**
+     * 拷贝属性
+     *
+     * @param sourceObject 数据源
+     * @param targetObject 目标对象
+     * @return T
+     */
+    public <T> T copyProperties(Object sourceObject, T targetObject) {
+        if (sourceObject == null) {
+            throw new IllegalArgumentException("sourceObject is null");
+        }
+        if (targetObject == null) {
+            throw new IllegalArgumentException("targetObject is null");
+        }
+
+        MethodAccess targetMa = getMethodAccess(targetObject.getClass());
+        List<Field> targetFieldList = getFieldList(targetObject.getClass());
+
+        MethodAccess sourceMa = getMethodAccess(sourceObject.getClass());
+        List<Field> sourceFieldList = getFieldList(sourceObject.getClass());
+        for (Field field : targetFieldList) {
+            String name = field.getName();
+            if (sourceFieldList.stream().noneMatch(x -> StringUtils.equals(x.getName(), name))) {
+                //不包含此属性 跳过
+                continue;
+            }
+            String upperName = upperCaseFirstChar(name);
+            try {
+                targetMa.invoke(targetObject, PREFIX_SET + upperName,
+                        sourceMa.invoke(sourceObject, PREFIX_GET + upperName));
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+        return targetObject;
+    }
+
+    @Cacheable(value = "reflectCache", key = "'ma_' + #className.getName()")
+    public MethodAccess getMethodAccess(Class className) {
+        return MethodAccess.get(className);
+    }
+
+    @Cacheable(value = "reflectCache", key = "'fa_' + #className.getName()")
+    public List<Field> getFieldList(Class className) {
+        List<Field> fields = new ArrayList<>();
+        Class nextClass = className;
+        while (nextClass != Object.class) {
+            Field[] declaredFields = nextClass.getDeclaredFields();
+            for (int i = 0, n = declaredFields.length; i < n; i++) {
+                Field field = declaredFields[i];
+                // 反射所有
+                int modifiers = field.getModifiers();
+                if (Modifier.isStatic(modifiers)) continue;
+//                if (Modifier.isPrivate(modifiers)) continue;
+                fields.add(field);
+            }
+            nextClass = nextClass.getSuperclass();
+        }
+        return fields;
+    }
+
+
+    /**
+     * 首字母大写
+     *
+     * @param str str
+     * @return str
+     */
+    public String upperCaseFirstChar(String str) {
+        char[] ch = str.toCharArray();
+        if (ch[0] >= 'a' && ch[0] <= 'z') {
+            ch[0] = (char) (ch[0] - 32);
+        }
+        return new String(ch);
+    }
+
+}
--- a/atms-api/src/main/java/pwc/taxtech/atms/common/util/SignatureUtil.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/common/util/SignatureUtil.java
+package pwc.taxtech.atms.common.util;
+
+import org.apache.commons.codec.digest.DigestUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.TreeMap;
+
+public class SignatureUtil {
+    private static final Logger LOGGER = LoggerFactory.getLogger(SignatureUtil.class);
+    public static final String SIGN_NONCE_STR = "nonceStr"; //随机数
+    public static final String SIGN_TIMESTAMP = "timestamp"; //时间戳
+    public static final String SIGN_APP_ID = "appId"; //应用ID
+    public static final String SIGN_SIGNATURE = "signature"; //生成的签名
+    public static final String SIGN_API = "api"; //接口地址
+    public static final String SIGN_API_TOKEN = "apiToken"; //密钥
+    public static final String AND = "=";
+    public static final String SPLIT = "&";
+    public static final int TIME_RANGE = 120;//2分钟
+
+    /**
+     * 生成签名
+     *
+     * @param key       密钥
+     * @param api       请求地址
+     * @param nonceStr  随机字符串
+     * @param timestamp 时间戳
+     * @return string
+     */
+    public static String generate(String key, String api, String nonceStr, String timestamp) {
+        TreeMap<String, String> paramMap = new TreeMap<>();
+        paramMap.put(SIGN_API_TOKEN, key);
+        paramMap.put(SIGN_API, api);
+        paramMap.put(SIGN_NONCE_STR, nonceStr);
+        paramMap.put(SIGN_TIMESTAMP, timestamp);
+        StringBuilder sb = new StringBuilder();
+        paramMap.forEach((k, v) -> {
+            sb.append(k).append(AND).append(v).append(SPLIT);
+        });
+        String tmp = sb.substring(0, sb.length() - 1);
+        return DigestUtils.sha1Hex(tmp);
+    }
+
+    /**
+     * 校验签名
+     *
+     * @param key       密钥
+     * @param api       请求地址
+     * @param nonceStr  随机字符串
+     * @param timestamp 时间戳
+     * @param signature 接收的签名
+     * @return boolean
+     */
+    public static boolean validate(String key, String api, String nonceStr, String timestamp, String signature) {
+        try {
+            if (StringUtils.isAnyBlank(key, api, nonceStr, timestamp, signature)) {
+                return false;
+            }
+            int now = (int) (System.currentTimeMillis() / 1000);
+            int time = Integer.valueOf(timestamp);
+            if (now - time <= TIME_RANGE) {
+                return StringUtils.equals(signature, generate(key, api, nonceStr, timestamp));
+            }
+        } catch (Exception e) {
+            LOGGER.error("invalid signature.", e);
+        }
+        return false;
+    }
+
+}
--- a/atms-api/src/main/java/pwc/taxtech/atms/dto/ApiResultDto.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/dto/ApiResultDto.java
+package pwc.taxtech.atms.dto;
+
+import org.apache.commons.lang3.StringUtils;
+
+public class ApiResultDto {
+    private int code;
+    private Object data;
+    private String message;
+
+    public static final int SUCCESS = 0; //接口成功code
+    public static final int FAILED = -1; //通用失败code
+
+    /**
+     * 返回成功
+     *
+     * @param data data
+     * @return ApiResultDto
+     */
+    public static ApiResultDto success(Object data) {
+        return new ApiResultDto(SUCCESS, data, StringUtils.EMPTY);
+    }
+
+    /**
+     * 返回成功
+     *
+     * @return ApiResultDto
+     */
+    public static ApiResultDto success() {
+        return new ApiResultDto(SUCCESS, null, StringUtils.EMPTY);
+    }
+
+    /**
+     * 返回失败
+     *
+     * @param code    fail code
+     * @param message msg
+     * @return ApiResultDto
+     */
+    public static ApiResultDto fail(int code, String message) {
+        return new ApiResultDto(code, null, message);
+    }
+
+    /**
+     * 返回失败
+     *
+     * @param message msg
+     * @return ApiResultDto
+     */
+    public static ApiResultDto fail(String message) {
+        return new ApiResultDto(FAILED, null, message);
+    }
+
+    public static ApiResultDto fail() {
+        return new ApiResultDto(FAILED, null, StringUtils.EMPTY);
+    }
+
+    public ApiResultDto() {
+    }
+
+    public ApiResultDto(int code, Object data, String message) {
+        this.code = code;
+        this.data = data;
+        this.message = message;
+    }
+
+    public int getCode() {
+        return code;
+    }
+
+    public void setCode(int code) {
+        this.code = code;
+    }
+
+    public Object getData() {
+        return data;
+    }
+
+    public void setData(Object data) {
+        this.data = data;
+    }
+
+    public String getMessage() {
+        return message;
+    }
+
+    public void setMessage(String message) {
+        this.message = message;
+    }
+}
--- a/atms-api/src/main/java/pwc/taxtech/atms/dto/input/CamelPagingDto.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/dto/input/CamelPagingDto.java
+package pwc.taxtech.atms.dto.input;
+
+public class CamelPagingDto {
+    private Integer totalCount;
+    private Integer pageIndex;
+    private Integer pageSize;
+
+    public Integer getTotalCount() {
+        return totalCount;
+    }
+
+    public void setTotalCount(Integer totalCount) {
+        this.totalCount = totalCount;
+    }
+
+    public Integer getPageIndex() {
+        return pageIndex;
+    }
+
+    public void setPageIndex(Integer pageIndex) {
+        this.pageIndex = pageIndex;
+    }
+
+    public Integer getPageSize() {
+        return pageSize;
+    }
+
+    public void setPageSize(Integer pageSize) {
+        this.pageSize = pageSize;
+    }
+
+}
--- a/atms-api/src/main/java/pwc/taxtech/atms/dto/input/CamelPagingResultDto.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/dto/input/CamelPagingResultDto.java
+package pwc.taxtech.atms.dto.input;
+
+import java.util.List;
+
+import com.alibaba.fastjson.annotation.JSONField;
+
+public class CamelPagingResultDto<T> {
+	@JSONField(name="List")
+    private List<T> list;
+	@JSONField(name="PageInfo")
+    private CamelPagingDto pageInfo;
+
+    private T calculateData;
+    
+    
+    public CamelPagingResultDto() {
+		super();
+	}
+
+	public List<T> getList() {
+        return list;
+    }
+
+    public void setList(List<T> list) {
+        this.list = list;
+    }
+
+    public CamelPagingDto getPageInfo() {
+        return pageInfo;
+    }
+
+    public void setPageInfo(CamelPagingDto pageInfo) {
+        this.pageInfo = pageInfo;
+    }
+
+    public T getCalculateData() {
+        return calculateData;
+    }
+
+    public void setCalculateData(T calculateData) {
+        this.calculateData = calculateData;
+    }
+}
--- a/atms-api/src/main/java/pwc/taxtech/atms/entitiy/BaseEntity.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/entitiy/BaseEntity.java
+package pwc.taxtech.atms.entitiy;
+
+import java.util.Date;
+
+public class BaseEntity {
+    private String createBy;
+    private String updateBy;
+    private Date createTime;
+    private Date updateTime;
+
+    public BaseEntity() {
+        Date now = new Date();
+        this.createTime = now;
+        this.updateTime = now;
+    }
+
+    public String getCreateBy() {
+        return createBy;
+    }
+
+    public void setCreateBy(String createBy) {
+        this.createBy = createBy;
+    }
+
+    public String getUpdateBy() {
+        return updateBy;
+    }
+
+    public void setUpdateBy(String updateBy) {
+        this.updateBy = updateBy;
+    }
+
+    public Date getCreateTime() {
+        return createTime;
+    }
+
+    public void setCreateTime(Date createTime) {
+        this.createTime = createTime;
+    }
+
+    public Date getUpdateTime() {
+        return updateTime == null ? new Date() : updateTime;
+    }
+
+    public void setUpdateTime(Date updateTime) {
+        this.updateTime = updateTime;
+    }
+}
--- a/atms-api/src/main/java/pwc/taxtech/atms/security/JwtAuthenticationFilter.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/security/JwtAuthenticationFilter.java
 package pwc.taxtech.atms.security;

-import java.io.IOException;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
+import io.jsonwebtoken.impl.DefaultClaims;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;

+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
 public class JwtAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

+    @Value("${jwt.expireSecond}")
+    private Integer jwtExpireSecond;
+    @Value("${jwt.refreshSecond}")
+    private Integer jwtRefreshSecond;
+    @Autowired
+    private JwtUtil jwtUtil;
+
    public JwtAuthenticationFilter() {
        super("/**");
    }
@@ -58,6 +69,27 @@ public class JwtAuthenticationFilter extends AbstractAuthenticationProcessingFil
        // As this authentication is in HTTP header, after success we need to continue
        // the request normally
        // and return the response as if the resource was not secured at all
+        try {
+            JwtUser jwtUser = (JwtUser) authResult.getPrincipal();
+            if (null != jwtUser) {
+                DefaultClaims claims = jwtUser.getDefaultClaims();
+                if (claims.getExpiration().getTime() - System.currentTimeMillis() <= jwtRefreshSecond * 1000) {
+                    String newToken = jwtUtil.generateToken(jwtUser.getUsername(), jwtUser.getDatabaseUsername(),
+                            jwtUser.getUserid());
+                    response.setHeader("Access-Control-Expose-Headers", "refreshToken");
+                    response.setHeader("refreshToken", newToken);
+                    logger.debug("refreshToken: " + newToken);
+                }
+            }
+        } catch (Exception e) {
+            logger.error("", e);
+        }
        chain.doFilter(request, response);
    }
+
+    @Override
+    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
+        super.unsuccessfulAuthentication(request, response, failed);
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+    }
 }
\ No newline at end of file
--- a/atms-api/src/main/java/pwc/taxtech/atms/security/JwtAuthenticationProvider.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/security/JwtAuthenticationProvider.java
 package pwc.taxtech.atms.security;

+import io.jsonwebtoken.ExpiredJwtException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -31,7 +32,14 @@ public class JwtAuthenticationProvider extends AbstractUserDetailsAuthentication
        JwtAuthenticationToken jwtAuthenticationToken = (JwtAuthenticationToken) authentication;
        String token = jwtAuthenticationToken.getToken();

-        JwtUser parsedUser = jwtUtil.parseToken(token);
+        JwtUser parsedUser;
+        try {
+            parsedUser = jwtUtil.parseToken(token);
+        } catch (ExpiredJwtException e) {
+            throw new BadCredentialsException("Expired jwt token");
+        } catch (Exception e) {
+            throw new BadCredentialsException("Bad jwt token", e);
+        }

        if (parsedUser == null) {
            throw new BadCredentialsException("JWT token is not valid");

--- a/atms-api/src/main/java/pwc/taxtech/atms/security/JwtUser.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/security/JwtUser.java
@@ -2,6 +2,7 @@ package pwc.taxtech.atms.security;

 import java.util.Collection;

+import io.jsonwebtoken.impl.DefaultClaims;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;

@@ -14,12 +15,15 @@ public class JwtUser implements UserDetails {
    private final String databaseUsername;
    private final Collection<? extends GrantedAuthority> authorities;

+    private DefaultClaims defaultClaims;
+
    public JwtUser(String userid, String username, String databaseUsername,
-            Collection<? extends GrantedAuthority> authorities) {
+                   DefaultClaims defaultClaims, Collection<? extends GrantedAuthority> authorities) {
        this.userid = userid;
        this.username = username;
        this.databaseUsername = databaseUsername;
        this.authorities = authorities;
+        this.defaultClaims = defaultClaims;
    }

    @Override
@@ -65,4 +69,11 @@ public class JwtUser implements UserDetails {
        return databaseUsername;
    }

+    public DefaultClaims getDefaultClaims() {
+        return defaultClaims;
+    }
+
+    public void setDefaultClaims(DefaultClaims defaultClaims) {
+        this.defaultClaims = defaultClaims;
+    }
 }
--- a/atms-api/src/main/java/pwc/taxtech/atms/security/JwtUtil.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/security/JwtUtil.java
@@ -4,21 +4,18 @@ import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;

+import io.jsonwebtoken.*;
 import org.nutz.lang.Times;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;

-import io.jsonwebtoken.Jwt;
-import io.jsonwebtoken.JwtBuilder;
-import io.jsonwebtoken.JwtParser;
-import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.impl.DefaultClaims;
 import io.jsonwebtoken.impl.DefaultJws;
 import io.jsonwebtoken.lang.Assert;
@@ -31,6 +28,8 @@ public class JwtUtil implements InitializingBean {

    @Autowired
    private AtmsApiSettings atmsApiSettings;
+    @Value("${jwt.expireSecond}")
+    private Integer jwtExpireSecond;

    @Override
    public void afterPropertiesSet() throws Exception {
@@ -51,24 +50,17 @@ public class JwtUtil implements InitializingBean {
    @SuppressWarnings({ "unchecked", "rawtypes" })
    public JwtUser parseToken(String token) {
        if (StringUtils.hasText(jwtPowerToken) && jwtPowerToken.equals(token)) {
-            return new JwtUser("test_userid", "admin", "Admin", getAuthorities());
+            return new JwtUser("test_userid", "admin", "Admin", null, getAuthorities());
        }
        JwtParser parser = Jwts.parser().setSigningKey(jwtBase64Secret);
-        Jwt jwt = null;
-        DefaultJws<DefaultClaims> defaultJws = null;
-        try {
-            jwt = parser.parseClaimsJws(token);
-            defaultJws = (DefaultJws<DefaultClaims>) jwt;
-        } catch (Exception e) {
-            logger.warn("Bad jwt token", e);
-            throw new BadCredentialsException("invalid token:" + e.getMessage());
-        }
+        Jwt jwt = parser.parseClaimsJws(token);
+        DefaultJws<DefaultClaims> defaultJws = (DefaultJws<DefaultClaims>) jwt;
        DefaultClaims defaultClaims = defaultJws.getBody();
        String databaseUsername = String.valueOf(defaultClaims.get("databaseUsername"));
        String username = String.valueOf(defaultClaims.get("username"));
        String userid = String.valueOf(defaultClaims.get("userid"));

-        return new JwtUser(userid, username, databaseUsername, getAuthorities());
+        return new JwtUser(userid, username, databaseUsername, defaultClaims, getAuthorities());
    }

    private List<SimpleGrantedAuthority> getAuthorities() {
@@ -81,7 +73,7 @@ public class JwtUtil implements InitializingBean {
    /***
     * @param username
     *            登录名,大小写不限，可以是全大写或全小写,如:admin, ADMIN
-     * @param loginname
+     * @param databaseUsername
     *            数据库用户名, 比如Admin
     * @param userid
     *            用户ID
@@ -97,7 +89,7 @@ public class JwtUtil implements InitializingBean {

        Date now = new Date();
        // 过期时间设置为2天
-        int expireSecond = 3600 * 24 * 2;
+        int expireSecond = jwtExpireSecond;
        Date expiration = Times.nextSecond(now, expireSecond);
        JwtBuilder jwtBuilder = Jwts.builder();
        // 设置Subject为登录用户名

--- a/atms-api/src/main/java/pwc/taxtech/atms/security/vendor/ApiSignatureFilter.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/security/vendor/ApiSignatureFilter.java
+package pwc.taxtech.atms.security.vendor;
+
+import com.alibaba.fastjson.JSON;
+import com.google.common.collect.ImmutableMap;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import pwc.taxtech.atms.common.util.SignatureUtil;
+import pwc.taxtech.atms.dto.ApiResultDto;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.util.Map;
+
+public class ApiSignatureFilter implements Filter {
+    private static final Logger LOGGER = LoggerFactory.getLogger(ApiSignatureFilter.class);
+    private static String INVALID_RESULT = JSON.toJSONString(ApiResultDto.fail("invalid api signature"));
+
+    private static Map<String, String> keyMap = new ImmutableMap.Builder<String, String>()
+            .put("longi", "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJsb25naSIsImV4cCI6MzI0ODczMDE1NjAsImlhdCI6MTUyOTkyMjM2MSwibmJmIjoxNTI5OTIxNzYxLCJqdGkiOiIyNURFRDEyRi0yRTBBLTRERDUtQjkyOS0xRjlCOTI1QzA2MjciLCJhcHBJZCI6ImxvbmdpIn0.fPddvBGXjViEXNrYA7BesndVjM5eYHA0cX_sKZprHbIasD75Sn8vWNVKb5hMDk3wk3M34k7VgkTFHnpj9BF2uw")
+            .build();
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+        try {
+            HttpServletRequest request = (HttpServletRequest) servletRequest;
+            String appId = StringUtils.defaultString(request.getParameter(SignatureUtil.SIGN_APP_ID));
+            String nonceStr = StringUtils.defaultString(request.getParameter(SignatureUtil.SIGN_NONCE_STR));
+            String timestamp = StringUtils.defaultString(request.getParameter(SignatureUtil.SIGN_TIMESTAMP));
+            String signature = StringUtils.defaultString(request.getParameter(SignatureUtil.SIGN_SIGNATURE));
+            String api = StringUtils.defaultString(request.getParameter(SignatureUtil.SIGN_API));
+            if (StringUtils.isAnyBlank(appId, signature, timestamp, nonceStr, api)) {
+                writeError(servletResponse, INVALID_RESULT);
+                return;
+            }
+            String key = keyMap.get(appId);
+            if (StringUtils.isBlank(key)) {
+                writeError(servletResponse, INVALID_RESULT);
+                return;
+            }
+            if (!SignatureUtil.validate(key, api, nonceStr, timestamp, signature)) {
+                writeError(servletResponse, INVALID_RESULT);
+                return;
+            }
+            filterChain.doFilter(servletRequest, servletResponse);
+        } catch (Exception e) {
+            LOGGER.error("invalid api signature: {}", JSON.toJSONString(servletRequest.getParameterMap()), e);
+            writeError(servletResponse, INVALID_RESULT);
+        }
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+
+    private void writeError(ServletResponse servletResponse, String msg) throws IOException {
+        servletResponse.setCharacterEncoding("UTF-8");
+        servletResponse.setContentType("application/json; charset=UTF-8");
+        servletResponse.getWriter().write(msg);
+    }
+}
--- a/atms-api/src/main/java/pwc/taxtech/atms/service/impl/BaseService.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/service/impl/BaseService.java
@@ -3,8 +3,10 @@ package pwc.taxtech.atms.service.impl;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.client.RestTemplate;
 import pwc.taxtech.atms.common.AtmsApiSettings;
 import pwc.taxtech.atms.common.AuthUserHelper;
+import pwc.taxtech.atms.common.util.BeanUtil;
 import pwc.taxtech.atms.service.OperationLogService;

 public class BaseService {
@@ -16,5 +18,11 @@ public class BaseService {
    protected AtmsApiSettings atmsApiSettings;
    @Autowired
    protected OperationLogService operationLogService;
+    @Autowired
+    protected DistributedIDService idService;
+    @Autowired
+    protected BeanUtil beanUtil;
+    @Autowired
+    protected RestTemplate restTemplate;

 }
--- a/atms-api/src/main/resources/applicationContext.xml
+++ b/atms-api/src/main/resources/applicationContext.xml
 <?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
-  xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop"
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:context="http://www.springframework.org/schema/context"
+       xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:tx="http://www.springframework.org/schema/tx"
+       xmlns:aop="http://www.springframework.org/schema/aop" xmlns:cache="http://www.springframework.org/schema/cache"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd
        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd http://www.springframework.org/schema/aop
-        http://www.springframework.org/schema/aop/spring-aop.xsd ">
+        http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">
  <!-- 添加properties文件 -->
  <bean id="standardPBEStringEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
    <property name="password" value="${atms_password:k5Cs7OmB5HdtVDOw94Py2V8HOvfmgbzeX9UCWDciqcjfhOulQLRuuJZkgV9zyIvO6QG22ZxOoYiJlCKrYP07O6nPFpcmN3XyNLJ}" />
@@ -69,4 +71,14 @@

  <tx:annotation-driven proxy-target-class="true" />

+  <!-- 缓存配置 -->
+  <!-- 启用缓存注解功能(请将其配置在Spring主配置文件中) -->
+  <cache:annotation-driven cache-manager="cacheManager"/>
+  <bean id="cacheManagerFactory" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
+    <property name="configLocation" value="classpath:ehcache.xml"/>
+  </bean>
+  <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager">
+    <property name="cacheManager" ref="cacheManagerFactory"/>
+  </bean>
+
 </beans>
\ No newline at end of file
--- a/atms-api/src/main/resources/conf/conf.properties
+++ b/atms-api/src/main/resources/conf/conf.properties
@@ -13,6 +13,8 @@ web.url=${web.url}

 jwt.base64Secret=${jwt.base64Secret}
 jwt.powerToken=${jwt.powerToken}
+jwt.expireSecond=${jwt.expireSecond}
+jwt.refreshSecond=${jwt.refreshSecond}

 #FTP Config
 ftp.host=${ftp.host}

--- a/atms-api/src/main/resources/conf/conf_profile_dev.properties
+++ b/atms-api/src/main/resources/conf/conf_profile_dev.properties
@@ -13,6 +13,8 @@ web.url=http://localhost:8080
 #web.url=*
 jwt.base64Secret=TXppQjFlZFBSbnJzMHc0Tg==
 jwt.powerToken=xxxx
+jwt.expireSecond=180000
+jwt.refreshSecond=600

 ftp.host=cnshaappulv003.asia.pwcinternal.com
 ftp.port=21

--- a/atms-api/src/main/resources/conf/conf_profile_pub.properties
+++ b/atms-api/src/main/resources/conf/conf_profile_pub.properties
@@ -13,6 +13,8 @@ web.url=http://192.168.1.102:10000

 jwt.base64Secret=TXppQjFlZFBSbnJzMHc0Tg==
 jwt.powerToken=
+jwt.expireSecond=1800
+jwt.refreshSecond=900

 ftp.host=cnshaappulv004.asia.pwcinternal.com
 ftp.port=21

--- a/atms-api/src/main/resources/conf/conf_profile_staging.properties
+++ b/atms-api/src/main/resources/conf/conf_profile_staging.properties
@@ -13,6 +13,8 @@ web.url=http://cnshaappulv004:8080

 jwt.base64Secret=TXppQjFlZFBSbnJzMHc0Tg==
 jwt.powerToken=xxxx
+jwt.expireSecond=1800
+jwt.refreshSecond=900

 ftp.host=cnshaappulv003.asia.pwcinternal.com
 ftp.port=21

--- a/atms-api/src/main/resources/ehcache.xml
+++ b/atms-api/src/main/resources/ehcache.xml
+<?xml version="1.0" encoding="UTF-8"?>
+<ehcache>
+    <diskStore path="java.io.tmpdir"/>
+
+    <defaultCache maxElementsInMemory="1000"
+            eternal="false"
+            timeToIdleSeconds="120"
+            timeToLiveSeconds="120"
+            overflowToDisk="false"/>
+
+    <!-- 进项发票list缓存 -->
+    <cache name="inputInvoiceCache"
+           maxElementsOnDisk="1000"
+           maxElementsInMemory="2000"
+           eternal="false"
+           overflowToDisk="false"
+           diskPersistent="false"/>
+
+    <!-- reflect缓存 -->
+    <cache name="reflectCache"
+           maxElementsOnDisk="1000"
+           maxElementsInMemory="1000"
+           eternal="true"
+           overflowToDisk="false"
+           diskPersistent="false"/>
+
+    <!-- 扫描结果缓存 -->
+    <cache name="scanResultCache"
+           maxElementsOnDisk="100"
+           maxElementsInMemory="100"
+           eternal="false"
+           timeToIdleSeconds="86400"
+           timeToLiveSeconds="86400"
+           overflowToDisk="false"
+           diskPersistent="false"/>
+
+</ehcache>
+        <!--
+        <diskStore>==========当内存缓存中对象数量超过maxElementsInMemory时,将缓存对象写到磁盘缓存中(需对象实现序列化接口)
+        <diskStore path="">==用来配置磁盘缓存使用的物理路径,Ehcache磁盘缓存使用的文件后缀名是*.data和*.index
+        name=================缓存名称,cache的唯一标识(ehcache会把这个cache放到HashMap里)
+        maxElementsOnDisk====磁盘缓存中最多可以存放的元素数量,0表示无穷大
+        maxElementsInMemory==内存缓存中最多可以存放的元素数量,若放入Cache中的元素超过这个数值,则有以下两种情况
+                             1)若overflowToDisk=true,则会将Cache中多出的元素放入磁盘文件中
+                             2)若overflowToDisk=false,则根据memoryStoreEvictionPolicy策略替换Cache中原有的元素
+        eternal==============缓存中对象是否永久有效,即是否永驻内存,true时将忽略timeToIdleSeconds和timeToLiveSeconds
+        timeToIdleSeconds====缓存数据在失效前的允许闲置时间(单位:秒),仅当eternal=false时使用,默认值是0表示可闲置时间无穷大,此为可选属性
+                             即访问这个cache中元素的最大间隔时间,若超过这个时间没有访问此Cache中的某个元素,那么此元素将被从Cache中清除
+        timeToLiveSeconds====缓存数据在失效前的允许存活时间(单位:秒),仅当eternal=false时使用,默认值是0表示可存活时间无穷大
+                             即Cache中的某元素从创建到清楚的生存时间,也就是说从创建开始计时,当超过这个时间时,此元素将从Cache中清除
+        overflowToDisk=======内存不足时,是否启用磁盘缓存(即内存中对象数量达到maxElementsInMemory时,Ehcache会将对象写到磁盘中)
+                             会根据标签中path值查找对应的属性值,写入磁盘的文件会放在path文件夹下,文件的名称是cache的名称,后缀名是data
+        diskPersistent=======是否持久化磁盘缓存,当这个属性的值为true时,系统在初始化时会在磁盘中查找文件名为cache名称,后缀名为index的文件
+                             这个文件中存放了已经持久化在磁盘中的cache的index,找到后会把cache加载到内存
+                             要想把cache真正持久化到磁盘,写程序时注意执行net.sf.ehcache.Cache.put(Element element)后要调用flush()方法
+        diskExpiryThreadIntervalSeconds==磁盘缓存的清理线程运行间隔,默认是120秒
+        diskSpoolBufferSizeMB============设置DiskStore（磁盘缓存）的缓存区大小,默认是30MB
+        memoryStoreEvictionPolicy========内存存储与释放策略,即达到maxElementsInMemory限制时,Ehcache会根据指定策略清理内存
+                                         共有三种策略,分别为LRU(最近最少使用)、LFU(最常用的)、FIFO(先进先出)
+        -->
\ No newline at end of file
--- a/atms-api/src/main/resources/sqlMapConfig.xml
+++ b/atms-api/src/main/resources/sqlMapConfig.xml
@@ -2,11 +2,56 @@
    PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
    "http://mybatis.org/dtd/mybatis-3-config.dtd">

-<configuration>
+ <configuration>
+     <!-- 全局setting配置，根据需要添加 -->
+     <!--<settings>-->
+         <!--<setting name="logImpl" value="LOG4J" />  -->
+     <!--</settings>-->

-  <!-- <mappers> <mapper class="org.apache.ibatis.submitted.basetest.Mapper" /> </mappers> -->
+    <!-- 配置别名 -->
+    <!--<typeAliases>-->
+        <!--<package name="pwc.taxtech.atms.entitiy"/>-->
+    <!--</typeAliases>-->

-  <!-- <settings> <setting name="logImpl" value="LOG4J" /> </settings> -->
+    <!-- 插件 -->
+    <plugins>
+        <plugin interceptor="com.github.pagehelper.PageInterceptor">
+            <!-- 4.0.0以后版本可以不设置该参数  -->
+            <property name="diaect" value="mysql"/>
+            <!-- 
+                该参数默认为false
+                设置为true时，会将RowBounds第一个参数offset当成pageNum页码使用
+                和startPage中的pageNum效果一样
+             -->
+            <property name="offsetAsPageNum" value="true"/>
+            <!--
+                该参数默认为false
+                设置为true时，使用RowBounds分页会进行count查询
+              -->
+            <property name="rowBoundsWithCount" value="true"/>
+            <!-- 
+                设置为true时，如果pageSize=0或者RowBounds.limit=0就会查询出全部的结果
+                (相当于没有执行分页查询，只是返回结果仍然是Page类型)
+             -->
+            <property name="pageSizeZero" value="true"/>
+            <!-- 
+                3.3.0版本可用-分页参数合理化，默认false禁用
+                启用合理化时，如果pageNum<1会查询第一页，如果pageNum>pages会查询最后一页
+                禁用合理化时，如果pageNum<1或pages会返回空数据
+             -->
+            <property name="reasonable" value="true"/>
+            <!-- 
+                3.5.0版本可用-为了支持startPage(Object params)方法
+                增加了一个'params'参数来配置参数映射，用于从Map或ServletRequest中取值
+                可以配置pageNum,pageSize,count,pageSizeZero,reasonable,orderBy,不配置映射的用默认值
+                 不理解该含义的前提下，不要随便复制该配置
+             -->
+            <property name="params" value="pageNum=start;pageSize=limit;"/>
+            <!-- 支持通过Mapper接口参数来传递分页参数  -->
+            <property name="supportMethodsArguments" value="true"/>
+            <!-- always重视返回PageInfo类型，check检查返回类型是否为PageInfo，none返回Page -->
+            <property name="returnPageInfo" value="check"/>
+        </plugin>
+    </plugins>
    
-
-</configuration>
\ No newline at end of file
+ </configuration>
\ No newline at end of file
--- a/atms-api/src/main/webapp/WEB-INF/web.xml
+++ b/atms-api/src/main/webapp/WEB-INF/web.xml
@@ -25,6 +25,10 @@
 		</param-value>
 	</context-param>

+	<filter>
+		<filter-name>apiSignatureFilter</filter-name>
+		<filter-class>pwc.taxtech.atms.security.vendor.ApiSignatureFilter</filter-class>
+	</filter>
 	<filter>
 		<filter-name>corsFilter</filter-name>
 		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
@@ -46,6 +50,10 @@
 		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
 	</filter>

+	<filter-mapping>
+		<filter-name>apiSignatureFilter</filter-name>
+		<url-pattern>/vendor/*</url-pattern>
+	</filter-mapping>
 	<filter-mapping>
 		<filter-name>corsFilter</filter-name>
 		<url-pattern>/*</url-pattern>

--- a/atms-api/src/test/java/pwc/taxtech/atms/JettyLauncher.java
+++ b/atms-api/src/test/java/pwc/taxtech/atms/JettyLauncher.java
 package pwc.taxtech.atms;

-import org.eclipse.jetty.server.Server;
-import org.eclipse.jetty.webapp.WebAppContext;
-import org.eclipse.jetty.websocket.jsr356.server.ServerContainer;
-import org.eclipse.jetty.websocket.jsr356.server.deploy.WebSocketServerContainerInitializer;
+//import org.eclipse.jetty.server.Server;
+//import org.eclipse.jetty.webapp.WebAppContext;
+//import org.eclipse.jetty.websocket.jsr356.server.ServerContainer;
+//import org.eclipse.jetty.websocket.jsr356.server.deploy.WebSocketServerContainerInitializer;

 public class JettyLauncher {
    public static void main(String[] args) {

-        int port = 8180;
-        Server server = new Server(port);
-        WebAppContext webAppContext = new WebAppContext("webapp", "/");
-
-        webAppContext.setDescriptor("webapp/WEB-INF/web.xml");
-        webAppContext.setResourceBase("src/main/webapp");
-        webAppContext.setDisplayName("atms-api");
-        webAppContext.setClassLoader(Thread.currentThread().getContextClassLoader());
-        webAppContext.setConfigurationDiscovered(true);
-        webAppContext.setParentLoaderPriority(true);
-
-
-        server.setHandler(webAppContext);
-        System.out.println(webAppContext.getContextPath());
-        System.out.println(webAppContext.getDescriptor());
-        System.out.println(webAppContext.getResourceBase());
-        System.out.println(webAppContext.getBaseResource());
-
-        try {
-            ServerContainer wscontainer = WebSocketServerContainerInitializer.configureContext(webAppContext);
-            // Add WebSocket endpoint to javax.websocket layer
-//            wscontainer.addEndpoint(MyWebSocket.class);   //这行是如果需要使用websocket就加上，不需要就注释掉这行，mywebsocket是自己写的websocket服务类
-
-            server.start();
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-        System.out.println("server is  start, port is " + port + "............");
+//        int port = 8180;
+//        Server server = new Server(port);
+//        WebAppContext webAppContext = new WebAppContext("webapp", "/");
+//
+//        webAppContext.setDescriptor("webapp/WEB-INF/web.xml");
+//        webAppContext.setResourceBase("src/main/webapp");
+//        webAppContext.setDisplayName("atms-api");
+//        webAppContext.setClassLoader(Thread.currentThread().getContextClassLoader());
+//        webAppContext.setConfigurationDiscovered(true);
+//        webAppContext.setParentLoaderPriority(true);
+//
+//
+//        server.setHandler(webAppContext);
+//        System.out.println(webAppContext.getContextPath());
+//        System.out.println(webAppContext.getDescriptor());
+//        System.out.println(webAppContext.getResourceBase());
+//        System.out.println(webAppContext.getBaseResource());
+//
+//        try {
+//            ServerContainer wscontainer = WebSocketServerContainerInitializer.configureContext(webAppContext);
+//            // Add WebSocket endpoint to javax.websocket layer
+////            wscontainer.addEndpoint(MyWebSocket.class);   //这行是如果需要使用websocket就加上，不需要就注释掉这行，mywebsocket是自己写的websocket服务类
+//
+//            server.start();
+//        } catch (Exception e) {
+//            e.printStackTrace();
+//        }
+//        System.out.println("server is  start, port is " + port + "............");
    }

 }
--- a/atms-api/src/test/java/pwc/taxtech/atms/common/MyBatisGeneratorTest.java
+++ b/atms-api/src/test/java/pwc/taxtech/atms/common/MyBatisGeneratorTest.java
+package pwc.taxtech.atms.common;
+
+import org.mybatis.generator.api.MyBatisGenerator;
+import org.mybatis.generator.config.Configuration;
+import org.mybatis.generator.config.xml.ConfigurationParser;
+import org.mybatis.generator.internal.DefaultShellCallback;
+
+import java.io.File;
+import java.util.ArrayList;
+import java.util.List;
+
+public class MyBatisGeneratorTest {
+
+    public static void main(String[] args) throws Exception {
+        try {
+            List<String> warnings = new ArrayList<>();
+            boolean overwrite = true;
+            //指定 逆向工程配置文件
+            File configFile = new File(MyBatisGeneratorTest.class.getClassLoader().getResource("generatorConfig.xml").getPath());
+            ConfigurationParser cp = new ConfigurationParser(warnings);
+            Configuration config = cp.parseConfiguration(configFile);
+            DefaultShellCallback callback = new DefaultShellCallback(overwrite);
+            MyBatisGenerator myBatisGenerator = new MyBatisGenerator(config, callback, warnings);
+            myBatisGenerator.generate(null);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}
--- a/atms-api/src/test/java/pwc/taxtech/atms/controller/CacheControllerTest.java
+++ b/atms-api/src/test/java/pwc/taxtech/atms/controller/CacheControllerTest.java
-package pwc.taxtech.atms.controller;
-
-import static org.assertj.core.api.Assertions.*;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.InjectMocks;
-import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
-
-import pwc.taxtech.atms.service.CacheService;
-
-@RunWith(MockitoJUnitRunner.class)
-public class CacheControllerTest {
-    @Mock
-    private CacheService cacheService;
-    @InjectMocks
-    private CacheController cacheController;
-
-    @Test
-    public void getCacheByKey() {
-        assertThat(cacheController.getCacheByKey("cacheKey1")).isNull();
-    }
-
-    @Test
-    public void getAllCache() {
-        assertThat(cacheController.getAllCache()).isEmpty();
-    }
-
-}
--- a/atms-api/src/test/java/pwc/taxtech/atms/plugin/MapperAnnotationPlugin.java
+++ b/atms-api/src/test/java/pwc/taxtech/atms/plugin/MapperAnnotationPlugin.java
+package pwc.taxtech.atms.plugin;
+
+import org.mybatis.generator.api.IntrospectedTable;
+import org.mybatis.generator.api.PluginAdapter;
+import org.mybatis.generator.api.dom.java.FullyQualifiedJavaType;
+import org.mybatis.generator.api.dom.java.Interface;
+import org.mybatis.generator.api.dom.java.TopLevelClass;
+
+import java.util.List;
+
+public class MapperAnnotationPlugin extends PluginAdapter {
+
+    @Override
+    public boolean validate(List<String> warnings) {
+        return true;
+    }
+
+    @Override
+    public boolean clientGenerated(Interface interfaze, TopLevelClass topLevelClass,
+                                   IntrospectedTable introspectedTable) {
+
+        interfaze.addImportedType(new FullyQualifiedJavaType("org.apache.ibatis.annotations.Mapper"));
+        interfaze.addAnnotation("@Mapper");
+        interfaze.addImportedType(new FullyQualifiedJavaType("org.springframework.stereotype.Repository"));
+        interfaze.addAnnotation("@Repository");
+        return true;
+    }
+}
--- a/atms-api/src/test/java/pwc/taxtech/atms/security/JwtGneratorTest.java
+++ b/atms-api/src/test/java/pwc/taxtech/atms/security/JwtGneratorTest.java
+package pwc.taxtech.atms.security;
+
+import io.jsonwebtoken.JwtBuilder;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import org.junit.Test;
+import org.nutz.lang.Times;
+import pwc.taxtech.atms.common.CommonUtils;
+
+import java.util.Calendar;
+import java.util.Date;
+
+public class JwtGneratorTest {
+    public static void main(String[] args) {
+        Calendar calendar = Calendar.getInstance();
+        calendar.set(Calendar.YEAR, 2999);
+        Date now = new Date();
+        JwtBuilder jwtBuilder = Jwts.builder();
+        // 设置Subject为登录用户名
+        jwtBuilder.setSubject("longi");
+        jwtBuilder.setExpiration(calendar.getTime());
+        jwtBuilder.setIssuedAt(now);
+        // 设置时钟误差偏移量，即10分钟
+        Date notBefore = Times.nextSecond(now, -600);
+        jwtBuilder.setNotBefore(notBefore);
+        jwtBuilder.setId(CommonUtils.getUUID());
+        jwtBuilder.claim("appId", "longi");
+        // 设置body.username为数据库用户名
+        jwtBuilder.signWith(SignatureAlgorithm.HS512, "TXppQjFlZFBSbnJzMHc0Tg==");
+        System.out.println(jwtBuilder.compact());
+    }
+
+    @Test
+    public void tt() {
+
+    }
+}
--- a/atms-api/src/test/java/pwc/taxtech/atms/service/impl/CacheServiceIT.java
+++ b/atms-api/src/test/java/pwc/taxtech/atms/service/impl/CacheServiceIT.java
-package pwc.taxtech.atms.service.impl;
-
-import static org.assertj.core.api.Assertions.*;
-
-import org.junit.Before;
-import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import pwc.taxtech.atms.CommonIT;
-import pwc.taxtech.atms.common.CommonUtils;
-import pwc.taxtech.atms.entitiy.Cache;
-import pwc.taxtech.atms.service.CacheService;
-
-public class CacheServiceIT extends CommonIT {
-
-    @Autowired
-    private CacheService cacheService;
-
-    @Before
-    public void setUp() {
-        cacheMapper.deleteByExample(null);
-    }
-
-    @Test
-    public void getAllCache() {
-        insertData();
-        // see assertj document
-        // http://joel-costigliola.github.io/assertj/assertj-core-quick-start.html
-        assertThat(cacheService.getAllCache()).isNotEmpty().filteredOn(x -> x.getCacheKey().equals("cachekey1"))
-                .isNotEmpty().extracting("lastModifyTime").contains("2017-10-18T14:11:01.840+08:00");
-
-    }
-
-    @Test
-    public void shoudWork() {
-        insertData();
-        assertThat(cacheService.getCacheByKey("cachekey1")).isNotNull().extracting("lastModifyTime")
-                .contains("2017-10-18T14:11:01.840+08:00");
-    }
-
-    private void insertData() {
-        Cache record = new Cache();
-        record.setID(CommonUtils.getUUID());
-        record.setCacheKey("cachekey1");
-        record.setLastModifyTime("2017-10-18T14:11:01.840+08:00");
-        cacheMapper.insert(record);
-    }
-}
--- a/atms-api/src/test/resources/generatorConfig.xml
+++ b/atms-api/src/test/resources/generatorConfig.xml
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE generatorConfiguration
+  PUBLIC "-//mybatis.org//DTD MyBatis Generator Configuration 1.0//EN"
+  "http://mybatis.org/dtd/mybatis-generator-config_1_0.dtd">
+<generatorConfiguration>
+  <!-- See: http://www.mybatis.org/generator/configreference/commentGenerator.html -->
+  <!--<properties resource="generator.properties" />-->
+  <!-- <classPathEntry location="../hsqldb/hsqldb-2.3.5.jar" /> -->
+  <context id="contextId" targetRuntime="MyBatis3">
+    <!-- 考虑需要兼容DB2与ORCAL数据库, 大部份字段不需要加双引号，autoDelimitKeywords设置为false -->
+    <property name="autoDelimitKeywords" value="true" />
+    <property name="beginningDelimiter" value="`"/>
+    <property name="endingDelimiter" value="`"/>
+    <property name="javaFileEncoding" value="UTF-8" />
+    <plugin type="pwc.taxtech.atms.plugin.MapperAnnotationPlugin" />
+    <plugin type="org.mybatis.generator.plugins.RowBoundsPlugin" />
+    <plugin type="org.mybatis.generator.plugins.ToStringPlugin" />
+    <!--<plugin type="org.mybatis.generator.plugins.SerializablePlugin" />-->
+    <commentGenerator>
+      <property name="suppressDate" value="true" />
+      <property name="addRemarkComments" value="true" />
+    </commentGenerator>
+    <jdbcConnection driverClass="com.mysql.jdbc.Driver"
+                    connectionURL="jdbc:mysql://10.157.107.89:3306/tax_longi?useUnicode=true&amp;characterEncoding=utf-8&amp;zeroDateTimeBehavior=convertToNull&amp;allowMultiQueries=true"
+                    userId="root" password="tax@Admin2018">
+    </jdbcConnection>
+
+    <javaTypeResolver>
+      <property name="forceBigDecimals" value="false" />
+    </javaTypeResolver>
+
+    <javaModelGenerator targetPackage="pwc.taxtech.atms.entitiy" targetProject="./src/main/java">
+      <property name="trimStrings" value="true" />
+      <property name="rootClass" value="pwc.taxtech.atms.entitiy.BaseEntity"/>
+    </javaModelGenerator>
+
+    <sqlMapGenerator targetPackage="pwc.taxtech.atms.dao" targetProject="./src/main/resources">
+    </sqlMapGenerator>
+
+    <javaClientGenerator type="XMLMAPPER" targetPackage="pwc.taxtech.atms.dao" targetProject="./src/main/java">
+      <property name="rootInterface" value="pwc.taxtech.atms.MyMapper" />
+    </javaClientGenerator>
+    
+    <!--<table tableName="input_invoice" domainObjectName="InputInvoice">-->
+      <!--<property name="ignoreQualifiersAtRuntime" value="true"/>-->
+      <!--<columnOverride column="invoice_type" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="upload_type" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="invoice_entity_type" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="invoice_source_type" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="status" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="deductible" javaType="java.lang.Boolean"/>-->
+      <!--<columnOverride column="has_down_file" javaType="java.lang.Boolean"/>-->
+      <!--<columnOverride column="verify_type" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="deductible_result" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="is_red_invoice" javaType="java.lang.Boolean"/>-->
+    <!--</table>-->
+
+    <!--<table tableName="input_invoice_additional" domainObjectName="InputInvoiceAdditional">-->
+      <!--<property name="ignoreQualifiersAtRuntime" value="true"/>-->
+      <!--<columnOverride column="type" javaType="java.lang.Integer"/>-->
+    <!--</table>-->
+
+    <table tableName="input_invoice_file" domainObjectName="InputInvoiceFile">
+      <property name="ignoreQualifiersAtRuntime" value="true"/>
+    </table>
+
+    <!--<table tableName="input_invoice_item" domainObjectName="InputInvoiceItem">-->
+      <!--<property name="ignoreQualifiersAtRuntime" value="true"/>-->
+    <!--</table>-->
+
+    <!--<table tableName="input_invoice_item_original" domainObjectName="InputInvoiceItemOriginal">-->
+      <!--<property name="ignoreQualifiersAtRuntime" value="true"/>-->
+    <!--</table>-->
+
+    <!--<table tableName="input_invoice_not_received" domainObjectName="InputInvoiceNotReceived">-->
+      <!--<property name="ignoreQualifiersAtRuntime" value="true"/>-->
+      <!--<columnOverride column="invoice_type" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="upload_type" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="invoice_entity_type" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="invoice_source_type" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="status" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="deductible" javaType="java.lang.Boolean"/>-->
+      <!--<columnOverride column="has_down_file" javaType="java.lang.Boolean"/>-->
+      <!--<columnOverride column="verify_type" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="deductible_result" javaType="java.lang.Integer"/>-->
+    <!--</table>-->
+
+    <!--<table tableName="input_invoice_original" domainObjectName="InputInvoiceOriginal">-->
+      <!--<property name="ignoreQualifiersAtRuntime" value="true"/>-->
+      <!--<columnOverride column="invoice_type" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="upload_type" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="invoice_entity_type" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="invoice_source_type" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="status" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="deductible" javaType="java.lang.Boolean"/>-->
+      <!--<columnOverride column="has_down_file" javaType="java.lang.Boolean"/>-->
+      <!--<columnOverride column="verify_type" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="deductible_result" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="is_red_invoice" javaType="java.lang.Boolean"/>-->
+    <!--</table>-->
+
+    <!--<table tableName="api_cache" domainObjectName="ApiCache">-->
+      <!--<property name="ignoreQualifiersAtRuntime" value="true"/>-->
+      <!--<columnOverride column="source_type" javaType="java.lang.Integer"/>-->
+    <!--</table>-->
+
+    <!--<table tableName="input_material_item" domainObjectName="InputMaterialItem">-->
+      <!--<property name="ignoreQualifiersAtRuntime" value="true"/>-->
+    <!--</table>-->
+
+    <!--<table tableName="input_material_item_category" domainObjectName="InputMaterialItemCategory">-->
+      <!--<property name="ignoreQualifiersAtRuntime" value="true"/>-->
+    <!--</table>-->
+
+    <!--<table tableName="input_vendor" domainObjectName="InputVendor">-->
+      <!--<property name="ignoreQualifiersAtRuntime" value="true"/>-->
+    <!--</table>-->
+
+    <!--<table tableName="input_vendor_address" domainObjectName="InputVendorAddress">-->
+      <!--<property name="ignoreQualifiersAtRuntime" value="true"/>-->
+    <!--</table>-->
+    <!--<table tableName="input_vendor_bank_account" domainObjectName="InputVendorBankAccount">-->
+      <!--<property name="ignoreQualifiersAtRuntime" value="true"/>-->
+    <!--</table>-->
+    <!--<table tableName="input_vendor_contactor" domainObjectName="InputVendorContactor">-->
+      <!--<property name="ignoreQualifiersAtRuntime" value="true"/>-->
+    <!--</table>-->
+    <!--<table tableName="input_vendor_site" domainObjectName="InputVendorSite">-->
+      <!--<property name="ignoreQualifiersAtRuntime" value="true"/>-->
+    <!--</table>-->
+    <!--<table tableName="input_device" domainObjectName="InputDevice">-->
+      <!--<property name="ignoreQualifiersAtRuntime" value="true"/>-->
+      <!--<columnOverride column="type" javaType="java.lang.Integer"/>-->
+    <!--</table>-->
+    <!--<table tableName="task_list" domainObjectName="TaskList">-->
+      <!--<property name="ignoreQualifiersAtRuntime" value="true"/>-->
+      <!--<columnOverride column="type" javaType="java.lang.Integer"/>-->
+      <!--<columnOverride column="status" javaType="java.lang.Integer"/>-->
+    <!--</table>-->
+
+  </context>
+</generatorConfiguration>
\ No newline at end of file
--- a/atms-web/src/main/resources/conf_profile_dev.properties
+++ b/atms-web/src/main/resources/conf_profile_dev.properties
 api.url=http://localhost:8180/

-cookie.maxAgeSeconds=3600
+cookie.maxAgeSeconds=86400
--- a/atms-web/src/main/resources/conf_profile_pub.properties
+++ b/atms-web/src/main/resources/conf_profile_pub.properties
 api.url=http://192.168.1.102:8180/atms-api

-cookie.maxAgeSeconds=3600
+cookie.maxAgeSeconds=86400
--- a/atms-web/src/main/resources/conf_profile_staging.properties
+++ b/atms-web/src/main/resources/conf_profile_staging.properties
 api.url=http://cnshaappulv004:8180/

-cookie.maxAgeSeconds=3600
+cookie.maxAgeSeconds=86400
--- a/atms-web/src/main/webapp/app/framework/utils/webservice.js
+++ b/atms-web/src/main/webapp/app/framework/utils/webservice.js
 /// <reference path="../../app.js" />

 // apiInterceptor is responsible to handle the aspect of each request and response.
-webservices.factory('apiInterceptor', ['$q', 'loginContext', '$log', '$window', '$injector',
-    function ($q, loginContext, $log, $window, $injector) {
+webservices.factory('apiInterceptor', ['$q', 'loginContext', '$log', '$window', '$injector','$cookies',
+    function ($q, loginContext, $log, $window, $injector,$cookies) {
        'use strict';

        $log.debug('apiInterceptor.ctor()...');
@@ -18,7 +18,9 @@ webservices.factory('apiInterceptor', ['$q', 'loginContext', '$log', '$window',
        return {
            //token save to services for further usage
            tokenType: tokenType,
-            apiToken: apiToken,
+            apiToken: function () {
+                return apiToken;
+            },
            webApiHostUrl: webApiHostUrl,
            //for vat api
            vatWebApiHostUrl: vatWebApiHostUrl,
@@ -40,14 +42,15 @@ webservices.factory('apiInterceptor', ['$q', 'loginContext', '$log', '$window',
                    }
                    config.withCredentials = true;

+                    //废弃 token有效期会自动判断
                    // before each api call, try to ensure user account has not been expired
                    // otherwise, force user to login again
-                    var $http = $injector.get('$http');
-                    $http.get(loginContext.serverUrl + '/Account/CheckLoginStatus?_=' + (new Date).valueOf(), { isBusyRequest: true }).success(function (data) {
-                        if (data === false) {
-                            redirectToLogOut();
-                        }
-                    });
+                    // var $http = $injector.get('$http');
+                    // $http.get(loginContext.serverUrl + '/Account/CheckLoginStatus?_=' + (new Date).valueOf(), { isBusyRequest: false }).success(function (data) {
+                    //     if (data === false) {
+                    //         redirectToLogOut();
+                    //     }
+                    // });
                }

                return config;
@@ -64,6 +67,11 @@ webservices.factory('apiInterceptor', ['$q', 'loginContext', '$log', '$window',
                if (response.status === 401) {
                    redirectToLogOut();
                }
+                var tmpToken = response.headers('refreshToken');
+                if (!!tmpToken) {
+                    apiToken = tmpToken;
+                    $log.info('refresh token: ' + apiToken);
+                }
                return response || $q.when(response);
            },
            // On response failture
@@ -168,7 +176,7 @@ webservices.factory('apiConfig', ['$log', 'vatSessionService',
                }

                cfg.isWebApiRequest = true;
-                if (config && config.dbName) {//TODO:from is not allowed ,future should open (neo)
+                if (config && config.dbName) {
                    cfg.headers = { 'from': config.dbName + '@cn.pwc.com' };
                }
                else {

--- a/atms-web/src/main/webapp/bundles/framework.js
+++ b/atms-web/src/main/webapp/bundles/framework.js
@@ -4346,8 +4346,8 @@ PWC.Loader = function () {
 /// <reference path="../../app.js" />

 // apiInterceptor is responsible to handle the aspect of each request and response.
-webservices.factory('apiInterceptor', ['$q', 'loginContext', '$log', '$window', '$injector',
-    function ($q, loginContext, $log, $window, $injector) {
+webservices.factory('apiInterceptor', ['$q', 'loginContext', '$log', '$window', '$injector','$cookies',
+    function ($q, loginContext, $log, $window, $injector,$cookies) {
        'use strict';

        $log.debug('apiInterceptor.ctor()...');
@@ -4363,7 +4363,9 @@ webservices.factory('apiInterceptor', ['$q', 'loginContext', '$log', '$window',
        return {
            //token save to services for further usage
            tokenType: tokenType,
-            apiToken: apiToken,
+            apiToken: function () {
+                return apiToken;
+            },
            webApiHostUrl: webApiHostUrl,
            //for vat api
            vatWebApiHostUrl: vatWebApiHostUrl,
@@ -4385,14 +4387,15 @@ webservices.factory('apiInterceptor', ['$q', 'loginContext', '$log', '$window',
                    }
                    config.withCredentials = true;

+                    //废弃 token有效期会自动判断
                    // before each api call, try to ensure user account has not been expired
                    // otherwise, force user to login again
-                    var $http = $injector.get('$http');
-                    $http.get(loginContext.serverUrl + '/Account/CheckLoginStatus?_=' + (new Date).valueOf(), { isBusyRequest: true }).success(function (data) {
-                        if (data === false) {
-                            redirectToLogOut();
-                        }
-                    });
+                    // var $http = $injector.get('$http');
+                    // $http.get(loginContext.serverUrl + '/Account/CheckLoginStatus?_=' + (new Date).valueOf(), { isBusyRequest: false }).success(function (data) {
+                    //     if (data === false) {
+                    //         redirectToLogOut();
+                    //     }
+                    // });
                }

                return config;
@@ -4409,6 +4412,11 @@ webservices.factory('apiInterceptor', ['$q', 'loginContext', '$log', '$window',
                if (response.status === 401) {
                    redirectToLogOut();
                }
+                var tmpToken = response.headers('refreshToken');
+                if (!!tmpToken) {
+                    apiToken = tmpToken;
+                    $log.info('refresh token: ' + apiToken);
+                }
                return response || $q.when(response);
            },
            // On response failture
@@ -4513,7 +4521,7 @@ webservices.factory('apiConfig', ['$log', 'vatSessionService',
                }

                cfg.isWebApiRequest = true;
-                if (config && config.dbName) {//TODO:from is not allowed ,future should open (neo)
+                if (config && config.dbName) {
                    cfg.headers = { 'from': config.dbName + '@cn.pwc.com' };
                }
                else {

--- a/atms-web/src/main/webapp/yarn.lock
+++ b/atms-web/src/main/webapp/yarn.lock
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+abbrev@1:
+  version "1.1.1"
+  resolved "http://registry.npm.taobao.org/abbrev/download/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8"
+
+ajv@^4.9.1:
+  version "4.11.8"
+  resolved "http://registry.npm.taobao.org/ajv/download/ajv-4.11.8.tgz#82ffb02b29e662ae53bdc20af15947706739c536"
+  dependencies:
+    co "^4.6.0"
+    json-stable-stringify "^1.0.1"
+
+ansi-regex@^2.0.0:
+  version "2.1.1"
+  resolved "http://registry.npm.taobao.org/ansi-regex/download/ansi-regex-2.1.1.tgz#c3b33ab5ee360d86e0e628f0468ae7ef27d654df"
+
+ansi-styles@^2.2.1:
+  version "2.2.1"
+  resolved "http://registry.npm.taobao.org/ansi-styles/download/ansi-styles-2.2.1.tgz#b432dd3358b634cf75e1e4664368240533c1ddbe"
+
+argparse@^1.0.2:
+  version "1.0.10"
+  resolved "http://registry.npm.taobao.org/argparse/download/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911"
+  dependencies:
+    sprintf-js "~1.0.2"
+
+array-find-index@^1.0.1:
+  version "1.0.2"
+  resolved "http://registry.npm.taobao.org/array-find-index/download/array-find-index-1.0.2.tgz#df010aa1287e164bbda6f9723b0a96a1ec4187a1"
+
+asap@~2.0.3:
+  version "2.0.6"
+  resolved "http://registry.npm.taobao.org/asap/download/asap-2.0.6.tgz#e50347611d7e690943208bbdafebcbc2fb866d46"
+
+asn1@~0.2.3:
+  version "0.2.4"
+  resolved "http://registry.npm.taobao.org/asn1/download/asn1-0.2.4.tgz#8d2475dfab553bb33e77b54e59e880bb8ce23136"
+  dependencies:
+    safer-buffer "~2.1.0"
+
+assert-plus@1.0.0, assert-plus@^1.0.0:
+  version "1.0.0"
+  resolved "http://registry.npm.taobao.org/assert-plus/download/assert-plus-1.0.0.tgz#f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525"
+
+assert-plus@^0.2.0:
+  version "0.2.0"
+  resolved "http://registry.npm.taobao.org/assert-plus/download/assert-plus-0.2.0.tgz#d74e1b87e7affc0db8aadb7021f3fe48101ab234"
+
+async@^2.0.0:
+  version "2.6.1"
+  resolved "http://registry.npm.taobao.org/async/download/async-2.6.1.tgz#b245a23ca71930044ec53fa46aa00a3e87c6a610"
+  dependencies:
+    lodash "^4.17.10"
+
+async@~1.5.2:
+  version "1.5.2"
+  resolved "http://registry.npm.taobao.org/async/download/async-1.5.2.tgz#ec6a61ae56480c0c3cb241c95618e20892f9672a"
+
+asynckit@^0.4.0:
+  version "0.4.0"
+  resolved "http://registry.npm.taobao.org/asynckit/download/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
+
+aws-sign2@~0.6.0:
+  version "0.6.0"
+  resolved "http://registry.npm.taobao.org/aws-sign2/download/aws-sign2-0.6.0.tgz#14342dd38dbcc94d0e5b87d763cd63612c0e794f"
+
+aws4@^1.2.1:
+  version "1.7.0"
+  resolved "http://registry.npm.taobao.org/aws4/download/aws4-1.7.0.tgz#d4d0e9b9dbfca77bf08eeb0a8a471550fe39e289"
+
+balanced-match@^1.0.0:
+  version "1.0.0"
+  resolved "http://registry.npm.taobao.org/balanced-match/download/balanced-match-1.0.0.tgz#89b4d199ab2bee49de164ea02b89ce462d71b767"
+
+bcrypt-pbkdf@^1.0.0:
+  version "1.0.2"
+  resolved "http://registry.npm.taobao.org/bcrypt-pbkdf/download/bcrypt-pbkdf-1.0.2.tgz#a4301d389b6a43f9b67ff3ca11a3f6637e360e9e"
+  dependencies:
+    tweetnacl "^0.14.3"
+
+boom@2.x.x:
+  version "2.10.1"
+  resolved "http://registry.npm.taobao.org/boom/download/boom-2.10.1.tgz#39c8918ceff5799f83f9492a848f625add0c766f"
+  dependencies:
+    hoek "2.x.x"
+
+brace-expansion@^1.1.7:
+  version "1.1.11"
+  resolved "http://registry.npm.taobao.org/brace-expansion/download/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd"
+  dependencies:
+    balanced-match "^1.0.0"
+    concat-map "0.0.1"
+
+builtin-modules@^1.0.0:
+  version "1.1.1"
+  resolved "http://registry.npm.taobao.org/builtin-modules/download/builtin-modules-1.1.1.tgz#270f076c5a72c02f5b65a47df94c5fe3a278892f"
+
+camelcase-keys@^2.0.0:
+  version "2.1.0"
+  resolved "http://registry.npm.taobao.org/camelcase-keys/download/camelcase-keys-2.1.0.tgz#308beeaffdf28119051efa1d932213c91b8f92e7"
+  dependencies:
+    camelcase "^2.0.0"
+    map-obj "^1.0.0"
+
+camelcase@^2.0.0:
+  version "2.1.1"
+  resolved "http://registry.npm.taobao.org/camelcase/download/camelcase-2.1.1.tgz#7c1d16d679a1bbe59ca02cacecfb011e201f5a1f"
+
+caseless@~0.12.0:
+  version "0.12.0"
+  resolved "http://registry.npm.taobao.org/caseless/download/caseless-0.12.0.tgz#1b681c21ff84033c826543090689420d187151dc"
+
+chalk@^1.0.0, chalk@~1.1.1:
+  version "1.1.3"
+  resolved "http://registry.npm.taobao.org/chalk/download/chalk-1.1.3.tgz#a8115c55e4a702fe4d150abd3872822a7e09fc98"
+  dependencies:
+    ansi-styles "^2.2.1"
+    escape-string-regexp "^1.0.2"
+    has-ansi "^2.0.0"
+    strip-ansi "^3.0.0"
+    supports-color "^2.0.0"
+
+co@^4.6.0:
+  version "4.6.0"
+  resolved "http://registry.npm.taobao.org/co/download/co-4.6.0.tgz#6ea6bdf3d853ae54ccb8e47bfa0bf3f9031fb184"
+
+coffee-script@~1.10.0:
+  version "1.10.0"
+  resolved "http://registry.npm.taobao.org/coffee-script/download/coffee-script-1.10.0.tgz#12938bcf9be1948fa006f92e0c4c9e81705108c0"
+
+colors@~1.1.2:
+  version "1.1.2"
+  resolved "http://registry.npm.taobao.org/colors/download/colors-1.1.2.tgz#168a4701756b6a7f51a12ce0c97bfa28c084ed63"
+
+combined-stream@^1.0.5, combined-stream@~1.0.5:
+  version "1.0.6"
+  resolved "http://registry.npm.taobao.org/combined-stream/download/combined-stream-1.0.6.tgz#723e7df6e801ac5613113a7e445a9b69cb632818"
+  dependencies:
+    delayed-stream "~1.0.0"
+
+concat-map@0.0.1:
+  version "0.0.1"
+  resolved "http://registry.npm.taobao.org/concat-map/download/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b"
+
+core-util-is@1.0.2:
+  version "1.0.2"
+  resolved "http://registry.npm.taobao.org/core-util-is/download/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7"
+
+cryptiles@2.x.x:
+  version "2.0.5"
+  resolved "http://registry.npm.taobao.org/cryptiles/download/cryptiles-2.0.5.tgz#3bdfecdc608147c1c67202fa291e7dca59eaa3b8"
+  dependencies:
+    boom "2.x.x"
+
+currently-unhandled@^0.4.1:
+  version "0.4.1"
+  resolved "http://registry.npm.taobao.org/currently-unhandled/download/currently-unhandled-0.4.1.tgz#988df33feab191ef799a61369dd76c17adf957ea"
+  dependencies:
+    array-find-index "^1.0.1"
+
+dashdash@^1.12.0:
+  version "1.14.1"
+  resolved "http://registry.npm.taobao.org/dashdash/download/dashdash-1.14.1.tgz#853cfa0f7cbe2fed5de20326b8dd581035f6e2f0"
+  dependencies:
+    assert-plus "^1.0.0"
+
+dateformat@~1.0.12:
+  version "1.0.12"
+  resolved "http://registry.npm.taobao.org/dateformat/download/dateformat-1.0.12.tgz#9f124b67594c937ff706932e4a642cca8dbbfee9"
+  dependencies:
+    get-stdin "^4.0.1"
+    meow "^3.3.0"
+
+decamelize@^1.1.2:
+  version "1.2.0"
+  resolved "http://registry.npm.taobao.org/decamelize/download/decamelize-1.2.0.tgz#f6534d15148269b20352e7bee26f501f9a191290"
+
+delayed-stream@~1.0.0:
+  version "1.0.0"
+  resolved "http://registry.npm.taobao.org/delayed-stream/download/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619"
+
+ecc-jsbn@~0.1.1:
+  version "0.1.2"
+  resolved "http://registry.npm.taobao.org/ecc-jsbn/download/ecc-jsbn-0.1.2.tgz#3a83a904e54353287874c564b7549386849a98c9"
+  dependencies:
+    jsbn "~0.1.0"
+    safer-buffer "^2.1.0"
+
+errno@^0.1.1:
+  version "0.1.7"
+  resolved "http://registry.npm.taobao.org/errno/download/errno-0.1.7.tgz#4684d71779ad39af177e3f007996f7c67c852618"
+  dependencies:
+    prr "~1.0.1"
+
+error-ex@^1.2.0:
+  version "1.3.2"
+  resolved "http://registry.npm.taobao.org/error-ex/download/error-ex-1.3.2.tgz#b4ac40648107fdcdcfae242f428bea8a14d4f1bf"
+  dependencies:
+    is-arrayish "^0.2.1"
+
+escape-string-regexp@^1.0.2:
+  version "1.0.5"
+  resolved "http://registry.npm.taobao.org/escape-string-regexp/download/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4"
+
+esprima@^2.6.0:
+  version "2.7.3"
+  resolved "http://registry.npm.taobao.org/esprima/download/esprima-2.7.3.tgz#96e3b70d5779f6ad49cd032673d1c312767ba581"
+
+eventemitter2@~0.4.13:
+  version "0.4.14"
+  resolved "http://registry.npm.taobao.org/eventemitter2/download/eventemitter2-0.4.14.tgz#8f61b75cde012b2e9eb284d4545583b5643b61ab"
+
+exit@~0.1.1:
+  version "0.1.2"
+  resolved "http://registry.npm.taobao.org/exit/download/exit-0.1.2.tgz#0632638f8d877cc82107d30a0fff1a17cba1cd0c"
+
+extend@~3.0.0:
+  version "3.0.2"
+  resolved "http://registry.npm.taobao.org/extend/download/extend-3.0.2.tgz#f8b1136b4071fbd8eb140aff858b1019ec2915fa"
+
+extsprintf@1.3.0:
+  version "1.3.0"
+  resolved "http://registry.npm.taobao.org/extsprintf/download/extsprintf-1.3.0.tgz#96918440e3041a7a414f8c52e3c574eb3c3e1e05"
+
+extsprintf@^1.2.0:
+  version "1.4.0"
+  resolved "http://registry.npm.taobao.org/extsprintf/download/extsprintf-1.4.0.tgz#e2689f8f356fad62cca65a3a91c5df5f9551692f"
+
+find-up@^1.0.0:
+  version "1.1.2"
+  resolved "http://registry.npm.taobao.org/find-up/download/find-up-1.1.2.tgz#6b2e9822b1a2ce0a60ab64d610eccad53cb24d0f"
+  dependencies:
+    path-exists "^2.0.0"
+    pinkie-promise "^2.0.0"
+
+findup-sync@~0.3.0:
+  version "0.3.0"
+  resolved "http://registry.npm.taobao.org/findup-sync/download/findup-sync-0.3.0.tgz#37930aa5d816b777c03445e1966cc6790a4c0b16"
+  dependencies:
+    glob "~5.0.0"
+
+forever-agent@~0.6.1:
+  version "0.6.1"
+  resolved "http://registry.npm.taobao.org/forever-agent/download/forever-agent-0.6.1.tgz#fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"
+
+form-data@~2.1.1:
+  version "2.1.4"
+  resolved "http://registry.npm.taobao.org/form-data/download/form-data-2.1.4.tgz#33c183acf193276ecaa98143a69e94bfee1750d1"
+  dependencies:
+    asynckit "^0.4.0"
+    combined-stream "^1.0.5"
+    mime-types "^2.1.12"
+
+fs.realpath@^1.0.0:
+  version "1.0.0"
+  resolved "http://registry.npm.taobao.org/fs.realpath/download/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f"
+
+get-stdin@^4.0.1:
+  version "4.0.1"
+  resolved "http://registry.npm.taobao.org/get-stdin/download/get-stdin-4.0.1.tgz#b968c6b0a04384324902e8bf1a5df32579a450fe"
+
+getobject@~0.1.0:
+  version "0.1.0"
+  resolved "http://registry.npm.taobao.org/getobject/download/getobject-0.1.0.tgz#047a449789fa160d018f5486ed91320b6ec7885c"
+
+getpass@^0.1.1:
+  version "0.1.7"
+  resolved "http://registry.npm.taobao.org/getpass/download/getpass-0.1.7.tgz#5eff8e3e684d569ae4cb2b1282604e8ba62149fa"
+  dependencies:
+    assert-plus "^1.0.0"
+
+glob@~5.0.0:
+  version "5.0.15"
+  resolved "http://registry.npm.taobao.org/glob/download/glob-5.0.15.tgz#1bc936b9e02f4a603fcc222ecf7633d30b8b93b1"
+  dependencies:
+    inflight "^1.0.4"
+    inherits "2"
+    minimatch "2 || 3"
+    once "^1.3.0"
+    path-is-absolute "^1.0.0"
+
+glob@~7.0.0:
+  version "7.0.6"
+  resolved "http://registry.npm.taobao.org/glob/download/glob-7.0.6.tgz#211bafaf49e525b8cd93260d14ab136152b3f57a"
+  dependencies:
+    fs.realpath "^1.0.0"
+    inflight "^1.0.4"
+    inherits "2"
+    minimatch "^3.0.2"
+    once "^1.3.0"
+    path-is-absolute "^1.0.0"
+
+graceful-fs@^4.1.2:
+  version "4.1.11"
+  resolved "http://registry.npm.taobao.org/graceful-fs/download/graceful-fs-4.1.11.tgz#0e8bdfe4d1ddb8854d64e04ea7c00e2a026e5658"
+
+grunt-cli@1.2.0, grunt-cli@~1.2.0:
+  version "1.2.0"
+  resolved "http://registry.npm.taobao.org/grunt-cli/download/grunt-cli-1.2.0.tgz#562b119ebb069ddb464ace2845501be97b35b6a8"
+  dependencies:
+    findup-sync "~0.3.0"
+    grunt-known-options "~1.1.0"
+    nopt "~3.0.6"
+    resolve "~1.1.0"
+
+grunt-contrib-concat@1.0.1:
+  version "1.0.1"
+  resolved "http://registry.npm.taobao.org/grunt-contrib-concat/download/grunt-contrib-concat-1.0.1.tgz#61509863084e871d7e86de48c015259ed97745bd"
+  dependencies:
+    chalk "^1.0.0"
+    source-map "^0.5.3"
+
+grunt-contrib-less@1.4.1:
+  version "1.4.1"
+  resolved "http://registry.npm.taobao.org/grunt-contrib-less/download/grunt-contrib-less-1.4.1.tgz#3bbdec0b75d12ceaa55d62943625c0b0861cdf6f"
+  dependencies:
+    async "^2.0.0"
+    chalk "^1.0.0"
+    less "~2.7.1"
+    lodash "^4.8.2"
+
+grunt-known-options@~1.1.0:
+  version "1.1.0"
+  resolved "http://registry.npm.taobao.org/grunt-known-options/download/grunt-known-options-1.1.0.tgz#a4274eeb32fa765da5a7a3b1712617ce3b144149"
+
+grunt-legacy-log-utils@~1.0.0:
+  version "1.0.0"
+  resolved "http://registry.npm.taobao.org/grunt-legacy-log-utils/download/grunt-legacy-log-utils-1.0.0.tgz#a7b8e2d0fb35b5a50f4af986fc112749ebc96f3d"
+  dependencies:
+    chalk "~1.1.1"
+    lodash "~4.3.0"
+
+grunt-legacy-log@~1.0.0:
+  version "1.0.2"
+  resolved "http://registry.npm.taobao.org/grunt-legacy-log/download/grunt-legacy-log-1.0.2.tgz#7d7440426ace77b206e74f993e332e2a15a3904e"
+  dependencies:
+    colors "~1.1.2"
+    grunt-legacy-log-utils "~1.0.0"
+    hooker "~0.2.3"
+    lodash "~4.17.5"
+
+grunt-legacy-util@~1.0.0:
+  version "1.0.0"
+  resolved "http://registry.npm.taobao.org/grunt-legacy-util/download/grunt-legacy-util-1.0.0.tgz#386aa78dc6ed50986c2b18957265b1b48abb9b86"
+  dependencies:
+    async "~1.5.2"
+    exit "~0.1.1"
+    getobject "~0.1.0"
+    hooker "~0.2.3"
+    lodash "~4.3.0"
+    underscore.string "~3.2.3"
+    which "~1.2.1"
+
+grunt@1.0.1:
+  version "1.0.1"
+  resolved "http://registry.npm.taobao.org/grunt/download/grunt-1.0.1.tgz#e8778764e944b18f32bb0f10b9078475c9dfb56b"
+  dependencies:
+    coffee-script "~1.10.0"
+    dateformat "~1.0.12"
+    eventemitter2 "~0.4.13"
+    exit "~0.1.1"
+    findup-sync "~0.3.0"
+    glob "~7.0.0"
+    grunt-cli "~1.2.0"
+    grunt-known-options "~1.1.0"
+    grunt-legacy-log "~1.0.0"
+    grunt-legacy-util "~1.0.0"
+    iconv-lite "~0.4.13"
+    js-yaml "~3.5.2"
+    minimatch "~3.0.0"
+    nopt "~3.0.6"
+    path-is-absolute "~1.0.0"
+    rimraf "~2.2.8"
+
+har-schema@^1.0.5:
+  version "1.0.5"
+  resolved "http://registry.npm.taobao.org/har-schema/download/har-schema-1.0.5.tgz#d263135f43307c02c602afc8fe95970c0151369e"
+
+har-validator@~4.2.1:
+  version "4.2.1"
+  resolved "http://registry.npm.taobao.org/har-validator/download/har-validator-4.2.1.tgz#33481d0f1bbff600dd203d75812a6a5fba002e2a"
+  dependencies:
+    ajv "^4.9.1"
+    har-schema "^1.0.5"
+
+has-ansi@^2.0.0:
+  version "2.0.0"
+  resolved "http://registry.npm.taobao.org/has-ansi/download/has-ansi-2.0.0.tgz#34f5049ce1ecdf2b0649af3ef24e45ed35416d91"
+  dependencies:
+    ansi-regex "^2.0.0"
+
+hawk@~3.1.3:
+  version "3.1.3"
+  resolved "http://registry.npm.taobao.org/hawk/download/hawk-3.1.3.tgz#078444bd7c1640b0fe540d2c9b73d59678e8e1c4"
+  dependencies:
+    boom "2.x.x"
+    cryptiles "2.x.x"
+    hoek "2.x.x"
+    sntp "1.x.x"
+
+hoek@2.x.x:
+  version "2.16.3"
+  resolved "http://registry.npm.taobao.org/hoek/download/hoek-2.16.3.tgz#20bb7403d3cea398e91dc4710a8ff1b8274a25ed"
+
+hooker@~0.2.3:
+  version "0.2.3"
+  resolved "http://registry.npm.taobao.org/hooker/download/hooker-0.2.3.tgz#b834f723cc4a242aa65963459df6d984c5d3d959"
+
+hosted-git-info@^2.1.4:
+  version "2.7.1"
+  resolved "http://registry.npm.taobao.org/hosted-git-info/download/hosted-git-info-2.7.1.tgz#97f236977bd6e125408930ff6de3eec6281ec047"
+
+http-signature@~1.1.0:
+  version "1.1.1"
+  resolved "http://registry.npm.taobao.org/http-signature/download/http-signature-1.1.1.tgz#df72e267066cd0ac67fb76adf8e134a8fbcf91bf"
+  dependencies:
+    assert-plus "^0.2.0"
+    jsprim "^1.2.2"
+    sshpk "^1.7.0"
+
+iconv-lite@~0.4.13:
+  version "0.4.23"
+  resolved "http://registry.npm.taobao.org/iconv-lite/download/iconv-lite-0.4.23.tgz#297871f63be507adcfbfca715d0cd0eed84e9a63"
+  dependencies:
+    safer-buffer ">= 2.1.2 < 3"
+
+image-size@~0.5.0:
+  version "0.5.5"
+  resolved "http://registry.npm.taobao.org/image-size/download/image-size-0.5.5.tgz#09dfd4ab9d20e29eb1c3e80b8990378df9e3cb9c"
+
+indent-string@^2.1.0:
+  version "2.1.0"
+  resolved "http://registry.npm.taobao.org/indent-string/download/indent-string-2.1.0.tgz#8e2d48348742121b4a8218b7a137e9a52049dc80"
+  dependencies:
+    repeating "^2.0.0"
+
+inflight@^1.0.4:
+  version "1.0.6"
+  resolved "http://registry.npm.taobao.org/inflight/download/inflight-1.0.6.tgz#49bd6331d7d02d0c09bc910a1075ba8165b56df9"
+  dependencies:
+    once "^1.3.0"
+    wrappy "1"
+
+inherits@2:
+  version "2.0.3"
+  resolved "http://registry.npm.taobao.org/inherits/download/inherits-2.0.3.tgz#633c2c83e3da42a502f52466022480f4208261de"
+
+is-arrayish@^0.2.1:
+  version "0.2.1"
+  resolved "http://registry.npm.taobao.org/is-arrayish/download/is-arrayish-0.2.1.tgz#77c99840527aa8ecb1a8ba697b80645a7a926a9d"
+
+is-builtin-module@^1.0.0:
+  version "1.0.0"
+  resolved "http://registry.npm.taobao.org/is-builtin-module/download/is-builtin-module-1.0.0.tgz#540572d34f7ac3119f8f76c30cbc1b1e037affbe"
+  dependencies:
+    builtin-modules "^1.0.0"
+
+is-finite@^1.0.0:
+  version "1.0.2"
+  resolved "http://registry.npm.taobao.org/is-finite/download/is-finite-1.0.2.tgz#cc6677695602be550ef11e8b4aa6305342b6d0aa"
+  dependencies:
+    number-is-nan "^1.0.0"
+
+is-typedarray@~1.0.0:
+  version "1.0.0"
+  resolved "http://registry.npm.taobao.org/is-typedarray/download/is-typedarray-1.0.0.tgz#e479c80858df0c1b11ddda6940f96011fcda4a9a"
+
+is-utf8@^0.2.0:
+  version "0.2.1"
+  resolved "http://registry.npm.taobao.org/is-utf8/download/is-utf8-0.2.1.tgz#4b0da1442104d1b336340e80797e865cf39f7d72"
+
+isexe@^2.0.0:
+  version "2.0.0"
+  resolved "http://registry.npm.taobao.org/isexe/download/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10"
+
+isstream@~0.1.2:
+  version "0.1.2"
+  resolved "http://registry.npm.taobao.org/isstream/download/isstream-0.1.2.tgz#47e63f7af55afa6f92e1500e690eb8b8529c099a"
+
+js-yaml@~3.5.2:
+  version "3.5.5"
+  resolved "http://registry.npm.taobao.org/js-yaml/download/js-yaml-3.5.5.tgz#0377c38017cabc7322b0d1fbcd25a491641f2fbe"
+  dependencies:
+    argparse "^1.0.2"
+    esprima "^2.6.0"
+
+jsbn@~0.1.0:
+  version "0.1.1"
+  resolved "http://registry.npm.taobao.org/jsbn/download/jsbn-0.1.1.tgz#a5e654c2e5a2deb5f201d96cefbca80c0ef2f513"
+
+json-schema@0.2.3:
+  version "0.2.3"
+  resolved "http://registry.npm.taobao.org/json-schema/download/json-schema-0.2.3.tgz#b480c892e59a2f05954ce727bd3f2a4e882f9e13"
+
+json-stable-stringify@^1.0.1:
+  version "1.0.1"
+  resolved "http://registry.npm.taobao.org/json-stable-stringify/download/json-stable-stringify-1.0.1.tgz#9a759d39c5f2ff503fd5300646ed445f88c4f9af"
+  dependencies:
+    jsonify "~0.0.0"
+
+json-stringify-safe@~5.0.1:
+  version "5.0.1"
+  resolved "http://registry.npm.taobao.org/json-stringify-safe/download/json-stringify-safe-5.0.1.tgz#1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"
+
+jsonify@~0.0.0:
+  version "0.0.0"
+  resolved "http://registry.npm.taobao.org/jsonify/download/jsonify-0.0.0.tgz#2c74b6ee41d93ca51b7b5aaee8f503631d252a73"
+
+jsprim@^1.2.2:
+  version "1.4.1"
+  resolved "http://registry.npm.taobao.org/jsprim/download/jsprim-1.4.1.tgz#313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2"
+  dependencies:
+    assert-plus "1.0.0"
+    extsprintf "1.3.0"
+    json-schema "0.2.3"
+    verror "1.10.0"
+
+less@~2.7.1:
+  version "2.7.3"
+  resolved "http://registry.npm.taobao.org/less/download/less-2.7.3.tgz#cc1260f51c900a9ec0d91fb6998139e02507b63b"
+  optionalDependencies:
+    errno "^0.1.1"
+    graceful-fs "^4.1.2"
+    image-size "~0.5.0"
+    mime "^1.2.11"
+    mkdirp "^0.5.0"
+    promise "^7.1.1"
+    request "2.81.0"
+    source-map "^0.5.3"
+
+load-json-file@^1.0.0:
+  version "1.1.0"
+  resolved "http://registry.npm.taobao.org/load-json-file/download/load-json-file-1.1.0.tgz#956905708d58b4bab4c2261b04f59f31c99374c0"
+  dependencies:
+    graceful-fs "^4.1.2"
+    parse-json "^2.2.0"
+    pify "^2.0.0"
+    pinkie-promise "^2.0.0"
+    strip-bom "^2.0.0"
+
+lodash@^4.17.10, lodash@^4.8.2, lodash@~4.17.5:
+  version "4.17.10"
+  resolved "http://registry.npm.taobao.org/lodash/download/lodash-4.17.10.tgz#1b7793cf7259ea38fb3661d4d38b3260af8ae4e7"
+
+lodash@~4.3.0:
+  version "4.3.0"
+  resolved "http://registry.npm.taobao.org/lodash/download/lodash-4.3.0.tgz#efd9c4a6ec53f3b05412429915c3e4824e4d25a4"
+
+loud-rejection@^1.0.0:
+  version "1.6.0"
+  resolved "http://registry.npm.taobao.org/loud-rejection/download/loud-rejection-1.6.0.tgz#5b46f80147edee578870f086d04821cf998e551f"
+  dependencies:
+    currently-unhandled "^0.4.1"
+    signal-exit "^3.0.0"
+
+map-obj@^1.0.0, map-obj@^1.0.1:
+  version "1.0.1"
+  resolved "http://registry.npm.taobao.org/map-obj/download/map-obj-1.0.1.tgz#d933ceb9205d82bdcf4886f6742bdc2b4dea146d"
+
+meow@^3.3.0:
+  version "3.7.0"
+  resolved "http://registry.npm.taobao.org/meow/download/meow-3.7.0.tgz#72cb668b425228290abbfa856892587308a801fb"
+  dependencies:
+    camelcase-keys "^2.0.0"
+    decamelize "^1.1.2"
+    loud-rejection "^1.0.0"
+    map-obj "^1.0.1"
+    minimist "^1.1.3"
+    normalize-package-data "^2.3.4"
+    object-assign "^4.0.1"
+    read-pkg-up "^1.0.1"
+    redent "^1.0.0"
+    trim-newlines "^1.0.0"
+
+mime-db@~1.35.0:
+  version "1.35.0"
+  resolved "http://registry.npm.taobao.org/mime-db/download/mime-db-1.35.0.tgz#0569d657466491283709663ad379a99b90d9ab47"
+
+mime-types@^2.1.12, mime-types@~2.1.7:
+  version "2.1.19"
+  resolved "http://registry.npm.taobao.org/mime-types/download/mime-types-2.1.19.tgz#71e464537a7ef81c15f2db9d97e913fc0ff606f0"
+  dependencies:
+    mime-db "~1.35.0"
+
+mime@^1.2.11:
+  version "1.6.0"
+  resolved "http://registry.npm.taobao.org/mime/download/mime-1.6.0.tgz#32cd9e5c64553bd58d19a568af452acff04981b1"
+
+"minimatch@2 || 3", minimatch@^3.0.2, minimatch@~3.0.0:
+  version "3.0.4"
+  resolved "http://registry.npm.taobao.org/minimatch/download/minimatch-3.0.4.tgz#5166e286457f03306064be5497e8dbb0c3d32083"
+  dependencies:
+    brace-expansion "^1.1.7"
+
+minimist@0.0.8:
+  version "0.0.8"
+  resolved "http://registry.npm.taobao.org/minimist/download/minimist-0.0.8.tgz#857fcabfc3397d2625b8228262e86aa7a011b05d"
+
+minimist@^1.1.3:
+  version "1.2.0"
+  resolved "http://registry.npm.taobao.org/minimist/download/minimist-1.2.0.tgz#a35008b20f41383eec1fb914f4cd5df79a264284"
+
+mkdirp@^0.5.0:
+  version "0.5.1"
+  resolved "http://registry.npm.taobao.org/mkdirp/download/mkdirp-0.5.1.tgz#30057438eac6cf7f8c4767f38648d6697d75c903"
+  dependencies:
+    minimist "0.0.8"
+
+nopt@~3.0.6:
+  version "3.0.6"
+  resolved "http://registry.npm.taobao.org/nopt/download/nopt-3.0.6.tgz#c6465dbf08abcd4db359317f79ac68a646b28ff9"
+  dependencies:
+    abbrev "1"
+
+normalize-package-data@^2.3.2, normalize-package-data@^2.3.4:
+  version "2.4.0"
+  resolved "http://registry.npm.taobao.org/normalize-package-data/download/normalize-package-data-2.4.0.tgz#12f95a307d58352075a04907b84ac8be98ac012f"
+  dependencies:
+    hosted-git-info "^2.1.4"
+    is-builtin-module "^1.0.0"
+    semver "2 || 3 || 4 || 5"
+    validate-npm-package-license "^3.0.1"
+
+number-is-nan@^1.0.0:
+  version "1.0.1"
+  resolved "http://registry.npm.taobao.org/number-is-nan/download/number-is-nan-1.0.1.tgz#097b602b53422a522c1afb8790318336941a011d"
+
+oauth-sign@~0.8.1:
+  version "0.8.2"
+  resolved "http://registry.npm.taobao.org/oauth-sign/download/oauth-sign-0.8.2.tgz#46a6ab7f0aead8deae9ec0565780b7d4efeb9d43"
+
+object-assign@^4.0.1:
+  version "4.1.1"
+  resolved "http://registry.npm.taobao.org/object-assign/download/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"
+
+once@^1.3.0:
+  version "1.4.0"
+  resolved "http://registry.npm.taobao.org/once/download/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1"
+  dependencies:
+    wrappy "1"
+
+parse-json@^2.2.0:
+  version "2.2.0"
+  resolved "http://registry.npm.taobao.org/parse-json/download/parse-json-2.2.0.tgz#f480f40434ef80741f8469099f8dea18f55a4dc9"
+  dependencies:
+    error-ex "^1.2.0"
+
+path-exists@^2.0.0:
+  version "2.1.0"
+  resolved "http://registry.npm.taobao.org/path-exists/download/path-exists-2.1.0.tgz#0feb6c64f0fc518d9a754dd5efb62c7022761f4b"
+  dependencies:
+    pinkie-promise "^2.0.0"
+
+path-is-absolute@^1.0.0, path-is-absolute@~1.0.0:
+  version "1.0.1"
+  resolved "http://registry.npm.taobao.org/path-is-absolute/download/path-is-absolute-1.0.1.tgz#174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f"
+
+path-type@^1.0.0:
+  version "1.1.0"
+  resolved "http://registry.npm.taobao.org/path-type/download/path-type-1.1.0.tgz#59c44f7ee491da704da415da5a4070ba4f8fe441"
+  dependencies:
+    graceful-fs "^4.1.2"
+    pify "^2.0.0"
+    pinkie-promise "^2.0.0"
+
+performance-now@^0.2.0:
+  version "0.2.0"
+  resolved "http://registry.npm.taobao.org/performance-now/download/performance-now-0.2.0.tgz#33ef30c5c77d4ea21c5a53869d91b56d8f2555e5"
+
+pify@^2.0.0:
+  version "2.3.0"
+  resolved "http://registry.npm.taobao.org/pify/download/pify-2.3.0.tgz#ed141a6ac043a849ea588498e7dca8b15330e90c"
+
+pinkie-promise@^2.0.0:
+  version "2.0.1"
+  resolved "http://registry.npm.taobao.org/pinkie-promise/download/pinkie-promise-2.0.1.tgz#2135d6dfa7a358c069ac9b178776288228450ffa"
+  dependencies:
+    pinkie "^2.0.0"
+
+pinkie@^2.0.0:
+  version "2.0.4"
+  resolved "http://registry.npm.taobao.org/pinkie/download/pinkie-2.0.4.tgz#72556b80cfa0d48a974e80e77248e80ed4f7f870"
+
+promise@^7.1.1:
+  version "7.3.1"
+  resolved "http://registry.npm.taobao.org/promise/download/promise-7.3.1.tgz#064b72602b18f90f29192b8b1bc418ffd1ebd3bf"
+  dependencies:
+    asap "~2.0.3"
+
+prr@~1.0.1:
+  version "1.0.1"
+  resolved "http://registry.npm.taobao.org/prr/download/prr-1.0.1.tgz#d3fc114ba06995a45ec6893f484ceb1d78f5f476"
+
+punycode@^1.4.1:
+  version "1.4.1"
+  resolved "http://registry.npm.taobao.org/punycode/download/punycode-1.4.1.tgz#c0d5a63b2718800ad8e1eb0fa5269c84dd41845e"
+
+qs@~6.4.0:
+  version "6.4.0"
+  resolved "http://registry.npm.taobao.org/qs/download/qs-6.4.0.tgz#13e26d28ad6b0ffaa91312cd3bf708ed351e7233"
+
+read-pkg-up@^1.0.1:
+  version "1.0.1"
+  resolved "http://registry.npm.taobao.org/read-pkg-up/download/read-pkg-up-1.0.1.tgz#9d63c13276c065918d57f002a57f40a1b643fb02"
+  dependencies:
+    find-up "^1.0.0"
+    read-pkg "^1.0.0"
+
+read-pkg@^1.0.0:
+  version "1.1.0"
+  resolved "http://registry.npm.taobao.org/read-pkg/download/read-pkg-1.1.0.tgz#f5ffaa5ecd29cb31c0474bca7d756b6bb29e3f28"
+  dependencies:
+    load-json-file "^1.0.0"
+    normalize-package-data "^2.3.2"
+    path-type "^1.0.0"
+
+redent@^1.0.0:
+  version "1.0.0"
+  resolved "http://registry.npm.taobao.org/redent/download/redent-1.0.0.tgz#cf916ab1fd5f1f16dfb20822dd6ec7f730c2afde"
+  dependencies:
+    indent-string "^2.1.0"
+    strip-indent "^1.0.1"
+
+repeating@^2.0.0:
+  version "2.0.1"
+  resolved "http://registry.npm.taobao.org/repeating/download/repeating-2.0.1.tgz#5214c53a926d3552707527fbab415dbc08d06dda"
+  dependencies:
+    is-finite "^1.0.0"
+
+request@2.81.0:
+  version "2.81.0"
+  resolved "http://registry.npm.taobao.org/request/download/request-2.81.0.tgz#c6928946a0e06c5f8d6f8a9333469ffda46298a0"
+  dependencies:
+    aws-sign2 "~0.6.0"
+    aws4 "^1.2.1"
+    caseless "~0.12.0"
+    combined-stream "~1.0.5"
+    extend "~3.0.0"
+    forever-agent "~0.6.1"
+    form-data "~2.1.1"
+    har-validator "~4.2.1"
+    hawk "~3.1.3"
+    http-signature "~1.1.0"
+    is-typedarray "~1.0.0"
+    isstream "~0.1.2"
+    json-stringify-safe "~5.0.1"
+    mime-types "~2.1.7"
+    oauth-sign "~0.8.1"
+    performance-now "^0.2.0"
+    qs "~6.4.0"
+    safe-buffer "^5.0.1"
+    stringstream "~0.0.4"
+    tough-cookie "~2.3.0"
+    tunnel-agent "^0.6.0"
+    uuid "^3.0.0"
+
+resolve@~1.1.0:
+  version "1.1.7"
+  resolved "http://registry.npm.taobao.org/resolve/download/resolve-1.1.7.tgz#203114d82ad2c5ed9e8e0411b3932875e889e97b"
+
+rimraf@~2.2.8:
+  version "2.2.8"
+  resolved "http://registry.npm.taobao.org/rimraf/download/rimraf-2.2.8.tgz#e439be2aaee327321952730f99a8929e4fc50582"
+
+safe-buffer@^5.0.1:
+  version "5.1.2"
+  resolved "http://registry.npm.taobao.org/safe-buffer/download/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d"
+
+"safer-buffer@>= 2.1.2 < 3", safer-buffer@^2.0.2, safer-buffer@^2.1.0, safer-buffer@~2.1.0:
+  version "2.1.2"
+  resolved "http://registry.npm.taobao.org/safer-buffer/download/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
+
+"semver@2 || 3 || 4 || 5":
+  version "5.5.0"
+  resolved "http://registry.npm.taobao.org/semver/download/semver-5.5.0.tgz#dc4bbc7a6ca9d916dee5d43516f0092b58f7b8ab"
+
+signal-exit@^3.0.0:
+  version "3.0.2"
+  resolved "http://registry.npm.taobao.org/signal-exit/download/signal-exit-3.0.2.tgz#b5fdc08f1287ea1178628e415e25132b73646c6d"
+
+sntp@1.x.x:
+  version "1.0.9"
+  resolved "http://registry.npm.taobao.org/sntp/download/sntp-1.0.9.tgz#6541184cc90aeea6c6e7b35e2659082443c66198"
+  dependencies:
+    hoek "2.x.x"
+
+source-map@^0.5.3:
+  version "0.5.7"
+  resolved "http://registry.npm.taobao.org/source-map/download/source-map-0.5.7.tgz#8a039d2d1021d22d1ea14c80d8ea468ba2ef3fcc"
+
+spdx-correct@^3.0.0:
+  version "3.0.0"
+  resolved "http://registry.npm.taobao.org/spdx-correct/download/spdx-correct-3.0.0.tgz#05a5b4d7153a195bc92c3c425b69f3b2a9524c82"
+  dependencies:
+    spdx-expression-parse "^3.0.0"
+    spdx-license-ids "^3.0.0"
+
+spdx-exceptions@^2.1.0:
+  version "2.1.0"
+  resolved "http://registry.npm.taobao.org/spdx-exceptions/download/spdx-exceptions-2.1.0.tgz#2c7ae61056c714a5b9b9b2b2af7d311ef5c78fe9"
+
+spdx-expression-parse@^3.0.0:
+  version "3.0.0"
+  resolved "http://registry.npm.taobao.org/spdx-expression-parse/download/spdx-expression-parse-3.0.0.tgz#99e119b7a5da00e05491c9fa338b7904823b41d0"
+  dependencies:
+    spdx-exceptions "^2.1.0"
+    spdx-license-ids "^3.0.0"
+
+spdx-license-ids@^3.0.0:
+  version "3.0.0"
+  resolved "http://registry.npm.taobao.org/spdx-license-ids/download/spdx-license-ids-3.0.0.tgz#7a7cd28470cc6d3a1cfe6d66886f6bc430d3ac87"
+
+sprintf-js@~1.0.2:
+  version "1.0.3"
+  resolved "http://registry.npm.taobao.org/sprintf-js/download/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c"
+
+sshpk@^1.7.0:
+  version "1.14.2"
+  resolved "http://registry.npm.taobao.org/sshpk/download/sshpk-1.14.2.tgz#c6fc61648a3d9c4e764fd3fcdf4ea105e492ba98"
+  dependencies:
+    asn1 "~0.2.3"
+    assert-plus "^1.0.0"
+    dashdash "^1.12.0"
+    getpass "^0.1.1"
+    safer-buffer "^2.0.2"
+  optionalDependencies:
+    bcrypt-pbkdf "^1.0.0"
+    ecc-jsbn "~0.1.1"
+    jsbn "~0.1.0"
+    tweetnacl "~0.14.0"
+
+stringstream@~0.0.4:
+  version "0.0.6"
+  resolved "http://registry.npm.taobao.org/stringstream/download/stringstream-0.0.6.tgz#7880225b0d4ad10e30927d167a1d6f2fd3b33a72"
+
+strip-ansi@^3.0.0:
+  version "3.0.1"
+  resolved "http://registry.npm.taobao.org/strip-ansi/download/strip-ansi-3.0.1.tgz#6a385fb8853d952d5ff05d0e8aaf94278dc63dcf"
+  dependencies:
+    ansi-regex "^2.0.0"
+
+strip-bom@^2.0.0:
+  version "2.0.0"
+  resolved "http://registry.npm.taobao.org/strip-bom/download/strip-bom-2.0.0.tgz#6219a85616520491f35788bdbf1447a99c7e6b0e"
+  dependencies:
+    is-utf8 "^0.2.0"
+
+strip-indent@^1.0.1:
+  version "1.0.1"
+  resolved "http://registry.npm.taobao.org/strip-indent/download/strip-indent-1.0.1.tgz#0c7962a6adefa7bbd4ac366460a638552ae1a0a2"
+  dependencies:
+    get-stdin "^4.0.1"
+
+supports-color@^2.0.0:
+  version "2.0.0"
+  resolved "http://registry.npm.taobao.org/supports-color/download/supports-color-2.0.0.tgz#535d045ce6b6363fa40117084629995e9df324c7"
+
+tough-cookie@~2.3.0:
+  version "2.3.4"
+  resolved "http://registry.npm.taobao.org/tough-cookie/download/tough-cookie-2.3.4.tgz#ec60cee38ac675063ffc97a5c18970578ee83655"
+  dependencies:
+    punycode "^1.4.1"
+
+trim-newlines@^1.0.0:
+  version "1.0.0"
+  resolved "http://registry.npm.taobao.org/trim-newlines/download/trim-newlines-1.0.0.tgz#5887966bb582a4503a41eb524f7d35011815a613"
+
+tunnel-agent@^0.6.0:
+  version "0.6.0"
+  resolved "http://registry.npm.taobao.org/tunnel-agent/download/tunnel-agent-0.6.0.tgz#27a5dea06b36b04a0a9966774b290868f0fc40fd"
+  dependencies:
+    safe-buffer "^5.0.1"
+
+tweetnacl@^0.14.3, tweetnacl@~0.14.0:
+  version "0.14.5"
+  resolved "http://registry.npm.taobao.org/tweetnacl/download/tweetnacl-0.14.5.tgz#5ae68177f192d4456269d108afa93ff8743f4f64"
+
+underscore.string@~3.2.3:
+  version "3.2.3"
+  resolved "http://registry.npm.taobao.org/underscore.string/download/underscore.string-3.2.3.tgz#806992633665d5e5fcb4db1fb3a862eb68e9e6da"
+
+uuid@^3.0.0:
+  version "3.3.2"
+  resolved "http://registry.npm.taobao.org/uuid/download/uuid-3.3.2.tgz#1b4af4955eb3077c501c23872fc6513811587131"
+
+validate-npm-package-license@^3.0.1:
+  version "3.0.4"
+  resolved "http://registry.npm.taobao.org/validate-npm-package-license/download/validate-npm-package-license-3.0.4.tgz#fc91f6b9c7ba15c857f4cb2c5defeec39d4f410a"
+  dependencies:
+    spdx-correct "^3.0.0"
+    spdx-expression-parse "^3.0.0"
+
+verror@1.10.0:
+  version "1.10.0"
+  resolved "http://registry.npm.taobao.org/verror/download/verror-1.10.0.tgz#3a105ca17053af55d6e270c1f8288682e18da400"
+  dependencies:
+    assert-plus "^1.0.0"
+    core-util-is "1.0.2"
+    extsprintf "^1.2.0"
+
+which@~1.2.1:
+  version "1.2.14"
+  resolved "http://registry.npm.taobao.org/which/download/which-1.2.14.tgz#9a87c4378f03e827cecaf1acdf56c736c01c14e5"
+  dependencies:
+    isexe "^2.0.0"
+
+wrappy@1:
+  version "1.0.2"
+  resolved "http://registry.npm.taobao.org/wrappy/download/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f"