diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/dromara/maxkey/authn/SignPrincipal.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/dromara/maxkey/authn/SignPrincipal.java
index 619b4e673..061460338 100644
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/dromara/maxkey/authn/SignPrincipal.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/dromara/maxkey/authn/SignPrincipal.java
@@ -17,8 +17,8 @@
 
 package org.dromara.maxkey.authn;
 
-import java.util.ArrayList;
 import java.util.Collection;
+import java.util.List;
 
 import org.dromara.maxkey.authn.session.Session;
 import org.dromara.maxkey.entity.UserInfo;
@@ -33,9 +33,13 @@ public class SignPrincipal implements  UserDetails {
     UserDetails userDetails;
     
     String sessionId;
-    ArrayList<GrantedAuthority> grantedAuthority;
-    ArrayList<GrantedAuthority> grantedAuthorityApps;
+    
+    List<GrantedAuthority> grantedAuthority;
+    
+    List<GrantedAuthority> grantedAuthorityApps;
+    
     boolean authenticated;
+    
     boolean roleAdministrators;
     
 	private  boolean accountNonExpired;
@@ -104,7 +108,7 @@ public class SignPrincipal implements  UserDetails {
         return grantedAuthority;
     }
 
-    public ArrayList<GrantedAuthority> getGrantedAuthority() {
+    public List<GrantedAuthority> getGrantedAuthority() {
         return grantedAuthority;
     }
 
@@ -116,7 +120,7 @@ public class SignPrincipal implements  UserDetails {
         this.userDetails = userDetails;
     }
 
-    public void setGrantedAuthority(ArrayList<GrantedAuthority> grantedAuthority) {
+    public void setGrantedAuthority(List<GrantedAuthority> grantedAuthority) {
         this.grantedAuthority = grantedAuthority;
     }
 
@@ -159,11 +163,11 @@ public class SignPrincipal implements  UserDetails {
         return this.enabled;
     }
 
-    public ArrayList<GrantedAuthority> getGrantedAuthorityApps() {
+    public List<GrantedAuthority> getGrantedAuthorityApps() {
         return grantedAuthorityApps;
     }
 
-    public void setGrantedAuthorityApps(ArrayList<GrantedAuthority> grantedAuthorityApps) {
+    public void setGrantedAuthorityApps(List<GrantedAuthority> grantedAuthorityApps) {
         this.grantedAuthorityApps = grantedAuthorityApps;
     }
 
diff --git a/maxkey-authentications/maxkey-authentication-provider/src/main/java/org/dromara/maxkey/authn/provider/AbstractAuthenticationProvider.java b/maxkey-authentications/maxkey-authentication-provider/src/main/java/org/dromara/maxkey/authn/provider/AbstractAuthenticationProvider.java
index dcce6994f..79b4f42b5 100644
--- a/maxkey-authentications/maxkey-authentication-provider/src/main/java/org/dromara/maxkey/authn/provider/AbstractAuthenticationProvider.java
+++ b/maxkey-authentications/maxkey-authentication-provider/src/main/java/org/dromara/maxkey/authn/provider/AbstractAuthenticationProvider.java
@@ -18,6 +18,7 @@
 package org.dromara.maxkey.authn.provider;
 
 import java.util.ArrayList;
+import java.util.List;
 
 import org.dromara.maxkey.authn.LoginCredential;
 import org.dromara.maxkey.authn.SignPrincipal;
@@ -109,7 +110,7 @@ public abstract class AbstractAuthenticationProvider {
         //set session with principal
         SignPrincipal principal = new SignPrincipal(userInfo,session);
 
-        ArrayList<GrantedAuthority> grantedAuthoritys = authenticationRealm.grantAuthority(userInfo);
+        List<GrantedAuthority> grantedAuthoritys = authenticationRealm.grantAuthority(userInfo);
         principal.setAuthenticated(true);
         
         for(GrantedAuthority administratorsAuthority : grantedAdministratorsAuthoritys) {
diff --git a/maxkey-authentications/maxkey-authentication-provider/src/main/java/org/dromara/maxkey/authn/realm/AbstractAuthenticationRealm.java b/maxkey-authentications/maxkey-authentication-provider/src/main/java/org/dromara/maxkey/authn/realm/AbstractAuthenticationRealm.java
index cd80f05f5..657bd6b2d 100644
--- a/maxkey-authentications/maxkey-authentication-provider/src/main/java/org/dromara/maxkey/authn/realm/AbstractAuthenticationRealm.java
+++ b/maxkey-authentications/maxkey-authentication-provider/src/main/java/org/dromara/maxkey/authn/realm/AbstractAuthenticationRealm.java
@@ -17,14 +17,13 @@
 
 package org.dromara.maxkey.authn.realm;
 
-import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
 
 import org.dromara.maxkey.authn.SignPrincipal;
 import org.dromara.maxkey.authn.realm.ldap.LdapAuthenticationRealmService;
+import org.dromara.maxkey.entity.Groups;
 import org.dromara.maxkey.entity.HistoryLogin;
-import org.dromara.maxkey.entity.Roles;
 import org.dromara.maxkey.entity.UserInfo;
 import org.dromara.maxkey.ip2location.IpLocationParser;
 import org.dromara.maxkey.ip2location.Region;
@@ -89,8 +88,8 @@ public abstract class AbstractAuthenticationRealm {
 
     public abstract boolean passwordMatches(UserInfo userInfo, String password);
     
-    public List<Roles> queryGroups(UserInfo userInfo) {
-       return loginRepository.queryRoles(userInfo);
+    public List<Groups> queryGroups(UserInfo userInfo) {
+       return loginRepository.queryGroups(userInfo);
     }
 
     /**
@@ -99,7 +98,7 @@ public abstract class AbstractAuthenticationRealm {
      * @param userInfo
      * @return ArrayList<GrantedAuthority>
      */
-    public ArrayList<GrantedAuthority> grantAuthority(UserInfo userInfo) {
+    public List<GrantedAuthority> grantAuthority(UserInfo userInfo) {
         return loginRepository.grantAuthority(userInfo);
     }
     
@@ -109,7 +108,7 @@ public abstract class AbstractAuthenticationRealm {
      * @param grantedAuthoritys
      * @return ArrayList<GrantedAuthority Apps>
      */
-    public ArrayList<GrantedAuthority> queryAuthorizedApps(ArrayList<GrantedAuthority> grantedAuthoritys) {
+    public List<GrantedAuthority> queryAuthorizedApps(List<GrantedAuthority> grantedAuthoritys) {
         return loginRepository.queryAuthorizedApps(grantedAuthoritys);
     }
 
diff --git a/maxkey-core/src/main/java/org/dromara/maxkey/persistence/repository/LoginRepository.java b/maxkey-core/src/main/java/org/dromara/maxkey/persistence/repository/LoginRepository.java
index 2f1dfc71c..253ffaabb 100644
--- a/maxkey-core/src/main/java/org/dromara/maxkey/persistence/repository/LoginRepository.java
+++ b/maxkey-core/src/main/java/org/dromara/maxkey/persistence/repository/LoginRepository.java
@@ -24,9 +24,10 @@ import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
 
+import org.apache.commons.collections4.CollectionUtils;
 import org.dromara.maxkey.constants.ConstsRoles;
 import org.dromara.maxkey.constants.ConstsStatus;
-import org.dromara.maxkey.entity.Roles;
+import org.dromara.maxkey.entity.Groups;
 import org.dromara.maxkey.entity.UserInfo;
 import org.dromara.maxkey.util.StringUtils;
 import org.slf4j.Logger;
@@ -37,7 +38,7 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 public class LoginRepository {
-    private static Logger _logger = LoggerFactory.getLogger(LoginRepository.class);
+    private static final Logger _logger = LoggerFactory.getLogger(LoginRepository.class);
 
     private static final String LOCK_USER_UPDATE_STATEMENT = "update mxk_userinfo set islocked = ?  , unlocktime = ? where id = ?";
 
@@ -52,7 +53,7 @@ public class LoginRepository {
 
 
 
-    private static final String ROLES_SELECT_STATEMENT = "select distinct g.id,g.groupcode,g.groupname from mxk_userinfo u,mxk_groups g,mxk_group_member gm where u.id = ?  and u.id=gm.memberid and gm.groupid=g.id ";
+    private static final String GROUPS_SELECT_STATEMENT = "select distinct g.id,g.groupcode,g.groupname from mxk_userinfo u,mxk_groups g,mxk_group_member gm where u.id = ?  and u.id=gm.memberid and gm.groupid=g.id ";
 
     private static final String DEFAULT_USERINFO_SELECT_STATEMENT = "select * from  mxk_userinfo where username = ? ";
     
@@ -60,7 +61,7 @@ public class LoginRepository {
     
     private static final String DEFAULT_USERINFO_SELECT_STATEMENT_USERNAME_MOBILE_EMAIL = "select * from  mxk_userinfo where (username = ? or mobile = ? or email = ?) ";
     
-    private static final String DEFAULT_MYAPPS_SELECT_STATEMENT = "select distinct app.id,app.appname from mxk_apps app,mxk_group_permissions gp,mxk_groups g  where app.id=gp.appid and app.status =	1 and gp.groupid=g.id and g.id in(%s)";
+    private static final String DEFAULT_MYAPPS_SELECT_STATEMENT = "select distinct app.id,app.appname from mxk_apps app,mxk_group_permissions gp,mxk_groups g  where app.id=gp.appid and app.status = 1 and gp.groupid=g.id and g.id in(%s)";
     
     protected JdbcTemplate jdbcTemplate;
     
@@ -86,13 +87,8 @@ public class LoginRepository {
         }else if( LOGIN_ATTRIBUTE_TYPE == 3) {
         	 listUserInfo = findByUsernameOrMobileOrEmail(username,password);
         }
-        
-        UserInfo userInfo = null;
-        if (listUserInfo != null && listUserInfo.size() > 0) {
-            userInfo = listUserInfo.get(0);
-        }
-        _logger.debug("load UserInfo : " + userInfo);
-        return userInfo;
+        _logger.debug("load UserInfo : {}" , listUserInfo);
+        return (CollectionUtils.isNotEmpty(listUserInfo))? listUserInfo.get(0) : null;
     }
     
     public List<UserInfo> findByUsername(String username, String password) {
@@ -194,7 +190,7 @@ public class LoginRepository {
         }
     }
     
-    public ArrayList<GrantedAuthority> queryAuthorizedApps(ArrayList<GrantedAuthority> grantedAuthoritys) {
+    public List<GrantedAuthority> queryAuthorizedApps(List<GrantedAuthority> grantedAuthoritys) {
         String grantedAuthorityString="'ROLE_ALL_USER'";
         for(GrantedAuthority grantedAuthority : grantedAuthoritys) {
             grantedAuthorityString += ",'"+ grantedAuthority.getAuthority()+"'";
@@ -208,20 +204,18 @@ public class LoginRepository {
             }
         });
 
-        _logger.debug("list Authorized Apps  " + listAuthorizedApps);
+        _logger.debug("list Authorized Apps  {}" , listAuthorizedApps);
         return listAuthorizedApps;
     }
     
-    public List<Roles> queryRoles(UserInfo userInfo) {
-        List<Roles> listRoles = jdbcTemplate.query(ROLES_SELECT_STATEMENT, new RowMapper<Roles>() {
-            public Roles mapRow(ResultSet rs, int rowNum) throws SQLException {
-                Roles role = new Roles(rs.getString("id"), rs.getString("groupcode"),rs.getString("groupname"), 0);
-
-                return role;
+    public List<Groups> queryGroups(UserInfo userInfo) {
+        List<Groups> listRoles = jdbcTemplate.query(GROUPS_SELECT_STATEMENT, new RowMapper<Groups>() {
+            public Groups mapRow(ResultSet rs, int rowNum) throws SQLException {
+                return new Groups(rs.getString("id"), rs.getString("groupcode"),rs.getString("groupname"), 0);
             }
         }, userInfo.getId());
 
-        _logger.debug("list Roles  " + listRoles);
+        _logger.debug("list Roles  {}" , listRoles);
         return listRoles;
     }
 
@@ -231,23 +225,23 @@ public class LoginRepository {
      * @param userInfo
      * @return ArrayList<GrantedAuthority>
      */
-    public ArrayList<GrantedAuthority> grantAuthority(UserInfo userInfo) {
-        // query roles for user
-        List<Roles> listRoles = queryRoles(userInfo);
+    public List<GrantedAuthority> grantAuthority(UserInfo userInfo) {
+        // query Groups for user
+        List<Groups> listGroups = queryGroups(userInfo);
 
-        //set default roles
-        ArrayList<GrantedAuthority> grantedAuthority = new ArrayList<GrantedAuthority>();
+        //set default groups
+        ArrayList<GrantedAuthority> grantedAuthority = new ArrayList<>();
         grantedAuthority.add(ConstsRoles.ROLE_USER);
         grantedAuthority.add(ConstsRoles.ROLE_ALL_USER);
         grantedAuthority.add(ConstsRoles.ROLE_ORDINARY_USER);
-        for (Roles role : listRoles) {
-            grantedAuthority.add(new SimpleGrantedAuthority(role.getId()));
-            if(role.getRoleCode().startsWith("ROLE_") 
-            		&& !grantedAuthority.contains(new SimpleGrantedAuthority(role.getRoleCode()))) {
-            	grantedAuthority.add(new SimpleGrantedAuthority(role.getRoleCode()));
+        for (Groups group : listGroups) {
+            grantedAuthority.add(new SimpleGrantedAuthority(group.getId()));
+            if(group.getGroupCode().startsWith("ROLE_") 
+            		&& !grantedAuthority.contains(new SimpleGrantedAuthority(group.getGroupCode()))) {
+            	grantedAuthority.add(new SimpleGrantedAuthority(group.getGroupCode()));
             }
         }
-        _logger.debug("Authority : " + grantedAuthority);
+        _logger.debug("Authority : {}" , grantedAuthority);
 
         return grantedAuthority;
     }
diff --git a/maxkey-persistence/src/main/java/org/dromara/maxkey/persistence/service/HistoryLoginAppsService.java b/maxkey-persistence/src/main/java/org/dromara/maxkey/persistence/service/HistoryLoginAppsService.java
index ed9beb025..aa62f0e6f 100644
--- a/maxkey-persistence/src/main/java/org/dromara/maxkey/persistence/service/HistoryLoginAppsService.java
+++ b/maxkey-persistence/src/main/java/org/dromara/maxkey/persistence/service/HistoryLoginAppsService.java
@@ -29,16 +29,36 @@ public class HistoryLoginAppsService  extends JpaService<HistoryLoginApps>{
 		super(HistoryLoginAppsMapper.class);
 	}
 
-
-	/* (non-Javadoc)
-	 * @see com.connsec.db.service.BaseService#getMapper()
-	 */
+	
 	@Override
 	public HistoryLoginAppsMapper getMapper() {
 		return (HistoryLoginAppsMapper)super.getMapper();
 	}
 	
+	@Override
 	public boolean  insert(HistoryLoginApps loginAppsHistory){
-		return getMapper().insert(loginAppsHistory)> 0;
+		//new Thread insert login app history
+		new Thread(new HistoryLoginAppsRunnable(getMapper(),loginAppsHistory)).start();
+		return true;
+	}
+	
+	public class HistoryLoginAppsRunnable implements Runnable{
+
+		HistoryLoginAppsMapper historyLoginAppsMapper;
+		
+		HistoryLoginApps loginAppsHistory;
+		
+		public HistoryLoginAppsRunnable(HistoryLoginAppsMapper historyLoginAppsMapper,
+				HistoryLoginApps loginAppsHistory) {
+			super();
+			this.historyLoginAppsMapper = historyLoginAppsMapper;
+			this.loginAppsHistory = loginAppsHistory;
+		}
+
+		@Override
+		public void run() {
+			historyLoginAppsMapper.insert(loginAppsHistory);
+		}
+		
 	}
 }
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oauth2/provider/OAuth2UserDetailsService.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oauth2/provider/OAuth2UserDetailsService.java
index 5f0bb7a03..fd881e1e1 100644
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oauth2/provider/OAuth2UserDetailsService.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oauth2/provider/OAuth2UserDetailsService.java
@@ -13,6 +13,7 @@
 package org.dromara.maxkey.authz.oauth2.provider;
 
 import java.util.ArrayList;
+import java.util.List;
 
 import org.dromara.maxkey.authn.SignPrincipal;
 import org.dromara.maxkey.authn.provider.AbstractAuthenticationProvider;
@@ -52,7 +53,7 @@ public class OAuth2UserDetailsService implements UserDetailsService {
 		//set OnlineTicket
 		principal.setSessionId(onlineTicket.getId());
         
-        ArrayList<GrantedAuthority> grantedAuthoritys = loginRepository.grantAuthority(userInfo);
+        List<GrantedAuthority> grantedAuthoritys = loginRepository.grantAuthority(userInfo);
         principal.setAuthenticated(true);
         
         for(GrantedAuthority administratorsAuthority : AbstractAuthenticationProvider.grantedAdministratorsAuthoritys) {
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/ForgotPasswordContorller.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/ForgotPasswordContorller.java
index 181c54534..07568968d 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/ForgotPasswordContorller.java
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/ForgotPasswordContorller.java
@@ -58,16 +58,16 @@ public class ForgotPasswordContorller {
     EmailConfig emailConfig;
     
     public class ForgotType{
-        public final static int NOTFOUND = 1;
-        public final static int EMAIL = 2;
-        public final static int MOBILE = 3;
-        public final static int CAPTCHAERROR = 4;
+        public static final  int NOTFOUND 			= 1;
+        public static final  int EMAIL 				= 2;
+        public static final  int MOBILE 			= 3;
+        public static final  int CAPTCHAERROR 		= 4;
     }
     
     public class PasswordResetResult{
-        public final static int SUCCESS = 1;
-        public final static int CAPTCHAERROR = 2;
-        public final static int PASSWORDERROR = 3;
+        public static final  int SUCCESS 			= 1;
+        public static final  int CAPTCHAERROR 		= 2;
+        public static final  int PASSWORDERROR 		= 3;
     }
     
     @Autowired