diff --git a/build.gradle b/build.gradle
index 6f3c4df..0447958 100644
--- a/build.gradle
+++ b/build.gradle
@@ -8,8 +8,8 @@
     id 'org.jetbrains.kotlin.plugin.spring' version '1.3.31' apply false
     id 'org.jetbrains.kotlin.plugin.jpa' version '1.3.31' apply false
     id 'com.gradle.build-scan' version '2.0.2'
-    id "com.palantir.git-version" version "0.12.0-rc2"
-    id 'com.palantir.docker' version '0.22.1' apply false
+    id "com.palantir.git-version" version "0.12.2"
+    id 'com.palantir.docker' version '0.22.2' apply false
 }
 
 bootJar {
@@ -102,7 +102,7 @@
             springSocialVersion = '1.1.6.RELEASE'
             springKafkaVersion = '2.2.8.RELEASE'
             postgresVersion = '42.2.5'
-            multiTenantLibVersion = '1.1.17'
+            multiTenantLibVersion = '1.2.4'
         }
         implementation "org.jetbrains.kotlin:kotlin-reflect"
         implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8"
@@ -131,12 +131,6 @@
         annotationProcessor "org.projectlombok:lombok:${lombokVersion}"
         compileOnly "org.projectlombok:lombok:${lombokVersion}"
 
-        //    implementation "javax.el:javax.el-api:${javaELVersion}"
-        //    implementation "javax.servlet:javax.servlet-api:4.0.1"
-//        testImplementation 'org.springframework:spring-test'
-//        testImplementation 'org.springframework.boot:spring-boot-test'
-//    implementation "javax.servlet:jstl:1.2"
-//    implementation "taglibs:standard:1.1.2"
 
         testImplementation("org.springframework.boot:spring-boot-starter-test") {
             exclude group: "junit", module: "junit"
diff --git a/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt b/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt
index 22c1490..97e1782 100644
--- a/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt
+++ b/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt
@@ -14,11 +14,14 @@
 import com.supwisdom.dlpay.framework.security.validate.VerifyCode
 import com.supwisdom.dlpay.framework.service.CommonService
 import com.supwisdom.dlpay.framework.service.SystemUtilService
-import com.supwisdom.dlpay.framework.util.*
+import com.supwisdom.dlpay.framework.util.Constants
+import com.supwisdom.dlpay.framework.util.HmacUtil
+import com.supwisdom.dlpay.framework.util.TradeDict
+import com.supwisdom.dlpay.framework.util.TradeErrorCode
 import com.supwisdom.dlpay.system.service.FunctionService
-import com.supwisdom.multitenant.jwt.JwtRequestData
 import com.supwisdom.multitenant.jwt.JwtTenantService
 import com.supwisdom.multitenant.jwt.JwtTokenBuilder
+import com.supwisdom.multitenant.jwt.JwtTokenContext
 import mu.KotlinLogging
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.data.redis.connection.RedisConnectionFactory
@@ -38,7 +41,6 @@
 import java.io.IOException
 import java.time.Instant
 import java.util.*
-import javax.annotation.Resource
 import javax.imageio.ImageIO
 import javax.servlet.http.HttpServletRequest
 import javax.servlet.http.HttpServletResponse
@@ -62,8 +64,8 @@
     @Autowired
     private lateinit var jwtTenantService: JwtTenantService
 
-    @Resource(name = "jwtRequestData")
-    private lateinit var jwtRequestData: JwtRequestData
+    @Autowired
+    private lateinit var jwtTokenContext: JwtTokenContext
 
     @GetMapping(value = ["/gettoken", "/gettoken/{clientid}"])
     fun loginInit(appid: String, @PathVariable clientid: String?,
@@ -133,10 +135,12 @@
 
     @GetMapping("/refresh")
     fun refresh(request: HttpServletRequest): ResponseEntity<Any> {
-        val jwt = jwtRequestData.jwtToken
-                ?: return ResponseEntity.ok(ResponseBodyBuilder.create().fail(TradeErrorCode.INPUT_DATA_ERROR,
-                        "jwt unauthorized"))
-
+        val jwt = if (jwtTokenContext.jwt.isPresent) {
+            jwtTokenContext.jwt.get()
+        } else {
+            return ResponseEntity.ok(ResponseBodyBuilder.create().fail(TradeErrorCode.INPUT_DATA_ERROR,
+                    "jwt unauthorized"))
+        }
         val appid = jwt.uid
         // 新证书
         val builder = JwtTokenBuilder.create()
@@ -194,8 +198,7 @@
     @Autowired
     private lateinit var redisConnectionFactory: RedisConnectionFactory
 
-    @Resource(name = "jwtRequestData")
-    private lateinit var jwtRequestData: JwtRequestData
+    private lateinit var jwtTokenContext: JwtTokenContext
 
     @RequestMapping("/userinfor")
     fun user(@RequestParam("access_token") access_token: String?,
@@ -203,10 +206,10 @@
         if (access_token.isNullOrEmpty() && auth.isNullOrEmpty()) {
             return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build()
         }
-        val jwt = if (!auth.isNullOrEmpty()) {
-            jwtRequestData.jwtToken.jwt
-        } else {
+        val jwt = if (auth.isNullOrEmpty()) {
             access_token!!
+        } else {
+            jwtTokenContext.jwt.orElseGet(null)?.jwt
         }
         val obj: OAuth2Authentication? = RedisTokenStore(redisConnectionFactory).readAuthentication(jwt)
                 ?: return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build()
diff --git a/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/service/impl/framework_service_impl.kt b/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/service/impl/framework_service_impl.kt
index e5d2858..93ad8e6 100644
--- a/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/service/impl/framework_service_impl.kt
+++ b/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/service/impl/framework_service_impl.kt
@@ -6,10 +6,9 @@
 import com.supwisdom.dlpay.framework.service.CommonService
 import com.supwisdom.dlpay.framework.util.StringUtil
 import com.supwisdom.dlpay.framework.util.TradeErrorCode
-import com.supwisdom.multitenant.jwt.JwtRequestData
+import com.supwisdom.multitenant.jwt.JwtTokenContext
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.stereotype.Service
-import javax.annotation.Resource
 import javax.servlet.http.HttpServletRequest
 
 @Service
@@ -17,8 +16,8 @@
     @Autowired
     lateinit var apiClientDao: ApiClientDao
 
-    @Resource(name = "jwtRequestData")
-    private lateinit var jwtRequestData: JwtRequestData
+    @Autowired
+    lateinit var jwtTokenContext: JwtTokenContext
 
     override fun getSystemVersion(): String {
         return try {
@@ -31,7 +30,7 @@
     }
 
     override fun getRequestAppid(request: HttpServletRequest): String {
-        jwtRequestData.jwtToken?.also {
+        jwtTokenContext.jwt.get()?.also {
             val uid = it.uid
             if (!StringUtil.isEmpty(uid)) {
                 return uid as String
diff --git a/payapi/src/main/kotlin/com/supwisdom/dlpay/mobile/MobileApi.kt b/payapi/src/main/kotlin/com/supwisdom/dlpay/mobile/MobileApi.kt
index 26289f6..8b3c2dc 100644
--- a/payapi/src/main/kotlin/com/supwisdom/dlpay/mobile/MobileApi.kt
+++ b/payapi/src/main/kotlin/com/supwisdom/dlpay/mobile/MobileApi.kt
@@ -14,9 +14,9 @@
 import com.supwisdom.dlpay.system.service.DictionaryProxy
 import com.supwisdom.dlpay.util.ConstantUtil
 import com.supwisdom.dlpay.util.RSAKeysGenerate
-import com.supwisdom.multitenant.jwt.JwtRequestData
 import com.supwisdom.multitenant.jwt.JwtTenantService
 import com.supwisdom.multitenant.jwt.JwtTokenBuilder
+import com.supwisdom.multitenant.jwt.JwtTokenContext
 import mu.KotlinLogging
 import org.apache.commons.lang.StringUtils
 import org.jose4j.jwt.ReservedClaimNames
@@ -249,8 +249,8 @@
     @Autowired
     lateinit var jwtTenantService: JwtTenantService
 
-    @Resource(name = "jwtRequestData")
-    lateinit var jwtRequestData: JwtRequestData
+    @Autowired
+    lateinit var jwtTokenContext: JwtTokenContext
 
     val logger = KotlinLogging.logger { }
 
@@ -263,8 +263,8 @@
     @RequestMapping("/logout")
     fun logout(): ResponseEntity<Any> {
         SecurityContextHolder.clearContext()
-        jwtRequestData.jwtToken?.also {
-            jwtTenantService.revoke(it)
+        jwtTokenContext.jwt.ifPresent { token ->
+            jwtTenantService.revoke(token)
         }
         return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build()
     }
@@ -278,9 +278,9 @@
         val user = mobileApiService.findUserById(p.name)
                 ?: return JsonResult.error("用户不存在，请注册")
         var tk = ""
-        jwtRequestData.jwtToken?.also {
+        jwtTokenContext.jwt.ifPresent { oldToken ->
             val currentMillis = System.currentTimeMillis()
-            if (it.expiration - currentMillis < 60 * 60 * 12) {
+            if (oldToken.expiration - currentMillis < 60 * 60 * 12) {
                 val exp = systemUtilService.getSysparaValueAsInt(
                         SysparaUtil.MOBILE_LOGIN_EXPIRE_IN_SECONDS, 60 * 60 * 24 * 3)
                 val builder = JwtTokenBuilder.create()
@@ -294,9 +294,9 @@
                     user.jti = token.get().jti
                     mobileApiService.saveUser(user)
                     tk = token.get().jwt
-                    jwtTenantService.revoke(jwtRequestData.jwtToken)
+                    jwtTenantService.revoke(oldToken)
                 } else {
-                    tk = jwtRequestData.jwtToken.jwt
+                    tk = oldToken.jwt
                 }
             }
         }
@@ -651,7 +651,9 @@
         val pwdtimes = user.checkLoginpwdtime()
         if (pwdtimes == -1) {
             if (!user.jti.isNullOrEmpty()) {
-                jwtTenantService.revoke(jwtRequestData.jwtToken)
+                jwtTokenContext.jwt.ifPresent { token ->
+                    jwtTenantService.revoke(token)
+                }
             }
             return JsonResult.error(-1, "原密码错误次数过多，将退出系统，请重新登录系统或点击忘记密码功能找回密码")
         } else if (pwdtimes == 1) {
diff --git a/payapi/src/main/kotlin/com/supwisdom/dlpay/security.kt b/payapi/src/main/kotlin/com/supwisdom/dlpay/security.kt
index 8e1892a..7f12778 100644
--- a/payapi/src/main/kotlin/com/supwisdom/dlpay/security.kt
+++ b/payapi/src/main/kotlin/com/supwisdom/dlpay/security.kt
@@ -7,7 +7,7 @@
 import com.supwisdom.dlpay.mobile.AuthLoginFailHandler
 import com.supwisdom.dlpay.mobile.AuthLoginSuccessHandler
 import com.supwisdom.dlpay.mobile.service.MobileUserService
-import com.supwisdom.multitenant.jwt.JwtRequestData
+import com.supwisdom.multitenant.jwt.JwtTokenContext
 import org.jose4j.jwt.consumer.InvalidJwtException
 import org.jose4j.lang.JoseException
 import org.springframework.beans.factory.annotation.Autowired
@@ -37,7 +37,6 @@
 import org.springframework.web.filter.OncePerRequestFilter
 import java.security.SecureRandom
 import java.util.*
-import javax.annotation.Resource
 import javax.servlet.FilterChain
 import javax.servlet.http.HttpServletRequest
 import javax.servlet.http.HttpServletResponse
@@ -47,43 +46,40 @@
 @Component
 class ApiJwtAuthenticationFilter : OncePerRequestFilter() {
 
-    @Resource(name = "jwtRequestData")
-    private lateinit var jwtRequestData: JwtRequestData
+    @Autowired
+    private lateinit var jwtTokenContext: JwtTokenContext
 
     override fun doFilterInternal(request: HttpServletRequest, response: HttpServletResponse, filterChain: FilterChain) {
-        jwtRequestData.jwtToken?.let { jwt ->
+        jwtTokenContext.jwt.ifPresent { jwt ->
             try {
                 val auth = UsernamePasswordAuthenticationToken(jwt.uid, null,
                         (jwt.authorities as ArrayList<*>)
                                 .map { SimpleGrantedAuthority(it as String) })
                 SecurityContextHolder.getContext().authentication = auth
+                filterChain.doFilter(request, response)
             } catch (e: InvalidJwtException) {
                 SecurityContextHolder.clearContext()
                 response.status = HttpStatus.UNAUTHORIZED.value()
-                return
             } catch (e: JoseException) {
                 SecurityContextHolder.clearContext()
                 // jwt 失效后返回 401
                 response.status = HttpStatus.UNAUTHORIZED.value()
                 response.contentType = "application/json;charset=UTF-8"
-                return
             } catch (e: Exception) {
                 SecurityContextHolder.clearContext()
                 // jwt 失效后返回 401
                 response.status = HttpStatus.UNAUTHORIZED.value()
                 response.contentType = "application/json;charset=UTF-8"
-                return
             }
         }
-        filterChain.doFilter(request, response)
     }
 }
 
 @Component
 class MobileSecurityFilter : OncePerRequestFilter() {
 
-    @Resource(name = "jwtRequestData")
-    private lateinit var jwtRequestData: JwtRequestData
+    @Autowired
+    private lateinit var jwtTokenContext: JwtTokenContext
 
     override fun doFilterInternal(request: HttpServletRequest, response: HttpServletResponse, filterChain: FilterChain) {
         var context: String? = request.contextPath
@@ -103,35 +99,32 @@
             filterChain.doFilter(request, response)
             return
         }
-        jwtRequestData.jwtToken?.let { jwt ->
+        jwtTokenContext.jwt.ifPresent { jwt ->
             try {
                 val auth = UsernamePasswordAuthenticationToken(jwt.uid, null,
                         (jwt.authorities as ArrayList<*>)
                                 .map { SimpleGrantedAuthority(it as String) })
                 SecurityContextHolder.getContext().authentication = auth
+                response.setHeader("Access-Control-Allow-Origin", "*");
+                response.setHeader("Access-Control-Allow-Methods", "GET,POST,DELETE,PUT,OPTIONS");
+                response.setHeader("Access-Control-Allow-Headers", "*");
+                response.setHeader("Access-Control-Allow-Credentials", "true")
+                filterChain.doFilter(request, response)
             } catch (e: InvalidJwtException) {
                 SecurityContextHolder.clearContext()
                 response.status = HttpStatus.UNAUTHORIZED.value()
-                return
             } catch (e: JoseException) {
                 SecurityContextHolder.clearContext()
                 // jwt 失效后返回 401
                 response.status = HttpStatus.UNAUTHORIZED.value()
                 response.contentType = "application/json;charset=UTF-8"
-                return
             } catch (e: Exception) {
                 SecurityContextHolder.clearContext()
                 // jwt 失效后返回 401
                 response.status = HttpStatus.UNAUTHORIZED.value()
                 response.contentType = "application/json;charset=UTF-8"
-                return
             }
         }
-        response.setHeader("Access-Control-Allow-Origin", "*");
-        response.setHeader("Access-Control-Allow-Methods", "GET,POST,DELETE,PUT,OPTIONS");
-        response.setHeader("Access-Control-Allow-Headers", "*");
-        response.setHeader("Access-Control-Allow-Credentials", "true")
-        filterChain.doFilter(request, response)
     }
 }