diff --git a/samples/user/src/main/java/com/supwisdom/leaveschool/user/controller/api/security/Api1SecurityUserController.java b/samples/user/src/main/java/com/supwisdom/leaveschool/user/controller/api/security/Api1SecurityUserController.java
index 8669e6c..f6b76db 100644
--- a/samples/user/src/main/java/com/supwisdom/leaveschool/user/controller/api/security/Api1SecurityUserController.java
+++ b/samples/user/src/main/java/com/supwisdom/leaveschool/user/controller/api/security/Api1SecurityUserController.java
@@ -1,5 +1,7 @@
 package com.supwisdom.leaveschool.user.controller.api.security;
 
+import java.util.List;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.util.MimeTypeUtils;
@@ -10,8 +12,12 @@
 import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
 
+import com.supwisdom.leaveschool.user.domain.Permission;
+import com.supwisdom.leaveschool.user.domain.Role;
 import com.supwisdom.leaveschool.user.domain.User;
 import com.supwisdom.leaveschool.user.model.SecurityUser;
+import com.supwisdom.leaveschool.user.repository.PermissionRepository;
+import com.supwisdom.leaveschool.user.repository.RoleRepository;
 import com.supwisdom.leaveschool.user.repository.UserRepository;
 
 @RestController
@@ -20,7 +26,13 @@
 
   @Autowired
   private UserRepository userRepository;
-  
+
+  @Autowired
+  private RoleRepository roleRepository;
+
+  @Autowired
+  private PermissionRepository permissionRepository;
+
   /**
    * 
    * curl -i -s -X GET -H 'Accept:application/json' 'http://localhost:10010/api/v1/security/users/test001'
@@ -77,9 +89,39 @@
       throw new RuntimeException("exception.get.domain.not.exist"); // FIXME: RestException
     }
     
+    List<Role> roles = roleRepository.selectByUsername(username);
+    
     SecurityUser securityUser = new SecurityUser();
     securityUser.setUser(user);
+    securityUser.setRoles(roles);
 
     return securityUser;
   }
+  
+  @GetMapping(path = "/{username}/{applicationCode}", produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
+  @ResponseStatus(value = HttpStatus.OK)
+  @ResponseBody
+  public SecurityUser loadPermissionsByUsernameAppcode(@PathVariable("username") String username, @PathVariable("applicationCode") String applicationCode) {
+    
+    if (username == null || username.length() == 0) {
+      throw new RuntimeException("exception.get.username.must.not.empty"); // FIXME: RestException
+    }
+
+    User user = userRepository.selectByUsername(username);
+
+    if (user == null) {
+      throw new RuntimeException("exception.get.domain.not.exist"); // FIXME: RestException
+    }
+    
+    List<Role> roles = roleRepository.selectByUsername(username);
+    
+    List<Permission> permissions = permissionRepository.selectByUsername(username, applicationCode);
+    
+    SecurityUser securityUser = new SecurityUser();
+    securityUser.setUser(user);
+    securityUser.setRoles(roles);
+    securityUser.setPermissions(permissions);
+    
+    return securityUser;
+  }
 }
diff --git a/samples/user/src/main/java/com/supwisdom/leaveschool/user/domain/Group.java b/samples/user/src/main/java/com/supwisdom/leaveschool/user/domain/Group.java
index c99150f..cc3a73d 100644
--- a/samples/user/src/main/java/com/supwisdom/leaveschool/user/domain/Group.java
+++ b/samples/user/src/main/java/com/supwisdom/leaveschool/user/domain/Group.java
@@ -6,7 +6,7 @@
 
 import com.supwisdom.leaveschool.common.domain.ABaseDomain;
 
-@Entity
+@Entity(name = "Group_")
 @Table(name = "TB_U_GROUP")
 public class Group extends ABaseDomain {
 
diff --git a/samples/user/src/main/java/com/supwisdom/leaveschool/user/repository/PermissionRepository.java b/samples/user/src/main/java/com/supwisdom/leaveschool/user/repository/PermissionRepository.java
index fc1a5c3..f9f727e 100644
--- a/samples/user/src/main/java/com/supwisdom/leaveschool/user/repository/PermissionRepository.java
+++ b/samples/user/src/main/java/com/supwisdom/leaveschool/user/repository/PermissionRepository.java
@@ -1,11 +1,16 @@
 package com.supwisdom.leaveschool.user.repository;
 
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 
 import org.springframework.data.domain.Example;
 import org.springframework.data.domain.ExampleMatcher;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
 import org.springframework.stereotype.Repository;
 
 import com.supwisdom.leaveschool.common.repository.BaseJpaRepository;
@@ -38,4 +43,68 @@
     return page;
   }
   
+
+
+  public default Permission selectByCodeType(String applicationCode, String type) {
+    Permission probe = new Permission();
+    probe.setCode(applicationCode);
+    probe.setType(type);
+    
+    ExampleMatcher matcher = ExampleMatcher.matching()
+        .withMatcher("code", ExampleMatcher.GenericPropertyMatchers.exact())
+        .withMatcher("type", ExampleMatcher.GenericPropertyMatchers.exact());
+    
+    Example<Permission> example = Example.of(probe, matcher);
+    
+    Optional<Permission> o = this.findOne(example);
+    
+    if (o.isPresent()) {
+      return o.get();
+    }
+    
+    return null;
+  }
+  
+ 
+
+  @Query(value = "select p from Permission p "
+      + "inner join RolePermission rp on p.id=rp.permissionId "
+      + "inner join Role r on rp.rolecode=r.code "
+      + "inner join UserRole ur on r.code=ur.rolecode "
+      + "where ur.username=:username "
+      + "and p.lft >= :lft and p.rgt <= :rgt "
+      + "and r.status='1' and p.status='1' ")
+  public List<Permission> selectUserRolePermissionByUsername(@Param("username") String username, @Param("lft") int lft, @Param("rgt") int rgt);
+  
+  @Query(value = "select p from Permission p "
+      + "inner join RolePermission rp on p.id=rp.permissionId "
+      + "inner join Role r on rp.rolecode=r.code "
+      + "inner join GroupRole gr on r.code=gr.rolecode "
+      + "inner join Group_ g on gr.groupId=g.id "
+      + "inner join UserGroup ug on g.id=ug.groupId "
+      + "where ug.username=:username "
+      + "and p.lft >= :lft and p.rgt <= :rgt "
+      + "and g.status='1' and r.status='1' and p.status='1' ")
+  public List<Permission> selectUserGroupRolePermissionByUsername(@Param("username") String username, @Param("lft") int lft, @Param("rgt") int rgt);
+
+  public default List<Permission> selectByUsername(String username, String applicationCode) {
+    List<Permission> permissions = new ArrayList<Permission>();
+    
+    Permission applicationPermission = selectByCodeType(applicationCode, "1");
+    if (applicationPermission == null) {
+      return permissions;
+    }
+    
+    int lft = applicationPermission.getLft();
+    int rgt = applicationPermission.getRgt();
+    
+    List<Permission> userRolePermissions = selectUserRolePermissionByUsername(username, lft, rgt);
+    permissions.addAll(userRolePermissions);
+    
+    List<Permission> userGroupRolePermissions = selectUserGroupRolePermissionByUsername(username, lft, rgt);
+    permissions.addAll(userGroupRolePermissions);
+    
+    return permissions;
+  }
+
 }
diff --git a/samples/user/src/main/java/com/supwisdom/leaveschool/user/repository/RoleRepository.java b/samples/user/src/main/java/com/supwisdom/leaveschool/user/repository/RoleRepository.java
index 18bda86..3871a3f 100644
--- a/samples/user/src/main/java/com/supwisdom/leaveschool/user/repository/RoleRepository.java
+++ b/samples/user/src/main/java/com/supwisdom/leaveschool/user/repository/RoleRepository.java
@@ -1,5 +1,7 @@
 package com.supwisdom.leaveschool.user.repository;
 
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 
@@ -7,6 +9,8 @@
 import org.springframework.data.domain.ExampleMatcher;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
 import org.springframework.stereotype.Repository;
 
 import com.supwisdom.leaveschool.common.repository.BaseJpaRepository;
@@ -58,4 +62,30 @@
     return null;
   }
   
+  @Query(value = "select r from Role r "
+      + "inner join UserRole ur on r.code=ur.rolecode "
+      + "where ur.username=:username "
+      + "and r.status='1' ")
+  public List<Role> selectUserRoleByUsername(@Param("username") String username);
+  
+  @Query(value = "select r from Role r "
+      + "inner join GroupRole gr on r.code=gr.rolecode "
+      + "inner join Group_ g on gr.groupId=g.id "
+      + "inner join UserGroup ug on g.id=ug.groupId "
+      + "where ug.username=:username "
+      + "and g.status='1' and r.status='1' ")
+  public List<Role> selectUserGroupRoleByUsername(@Param("username") String username);
+
+  public default List<Role> selectByUsername(String username) {
+    List<Role> roles = new ArrayList<Role>();
+    
+    List<Role> userRoles = selectUserRoleByUsername(username);
+    roles.addAll(userRoles);
+    
+    List<Role> userGroupRoles = selectUserGroupRoleByUsername(username);
+    roles.addAll(userGroupRoles);
+    
+    return roles;
+  }
+  
 }