diff --git a/hsweb-authorization/README.md b/hsweb-authorization/README.md
index fb676fc6a..f9a0c9caf 100644
--- a/hsweb-authorization/README.md
+++ b/hsweb-authorization/README.md
@@ -4,4 +4,6 @@
 # 目录介绍
 1. [hsweb-authorization-api](hsweb-authorization-api):权限控制API
 1. [hsweb-authorization-oauth2](hsweb-authorization-oauth2):oauth2支持
-1. [hsweb-authorization-shiro](hsweb-authorization-shiro):权限控制的shiro实现
+1. [hsweb-authorization-basic](hsweb-authorization-basic):权限控制基础实现
+1. [hsweb-authorization-jwt](hsweb-authorization-jwt):权限控制jwt拓展
+
diff --git a/hsweb-authorization/hsweb-authorization-basic/README.md b/hsweb-authorization/hsweb-authorization-basic/README.md
index 1ae0709f7..dfc3d447c 100644
--- a/hsweb-authorization/hsweb-authorization-basic/README.md
+++ b/hsweb-authorization/hsweb-authorization-basic/README.md
@@ -46,4 +46,19 @@ where name like ? or full_name like
 ```sql
 --u_id in (用户可访问的机构id)
 where u_id in(?,?,?) and (name like ? or full_name like)
+```
+
+# 会话状态
+此模块默认使用sessionId绑定用户信息。还可以使用 [jwt](../hsweb-authorization-jwt) 方式
+
+# 跨域设置
+修改application.yml
+```yaml
+hsweb: 
+    cors: 
+      enabled: on
+      allowed-origins: "*"
+      allowed-methods: "*"
+      allowed-headers: "*" 
+      
 ```
\ No newline at end of file
diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/resources/META-INF/spring.factories b/hsweb-authorization/hsweb-authorization-basic/src/main/resources/META-INF/spring.factories
new file mode 100644
index 000000000..3a68ff423
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/resources/META-INF/spring.factories
@@ -0,0 +1,3 @@
+# Auto Configure
+org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
+org.hswebframework.web.authorization.basic.configuration.CorsAutoConfiguration
\ No newline at end of file
diff --git a/hsweb-authorization/hsweb-authorization-jwt/README.md b/hsweb-authorization/hsweb-authorization-jwt/README.md
new file mode 100644
index 000000000..12cbfb9b6
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-jwt/README.md
@@ -0,0 +1,37 @@
+# 简单的jwt权限拓展
+
+登录时，传入参数: token_type=jwt
+```bash
+    $ POST http://localhost:8081/authorize/login?username=admin&password=admin&token_type=jwt
+```
+返回jwt token
+```json
+{
+    "result": {
+        "userId": "f947788cd922f16a9e58727e13e4b806",
+        "token": "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJ0ZXN0IiwiaWF0IjoxNTA0MTYxNDM2LCJzdWIiOiJ7XCJ0b2tlblwiOlwiZDU1MmVjZDgyZGFjY2EwMWJiZWI3ZmMxNmU2NmQ1OTNcIixcInVzZXJJZFwiOlwiZjk0Nzc4OGNkOTIyZjE2YTllNTg3MjdlMTNlNGI4MDZcIn0iLCJleHAiOjE1MDQxNjUwMzZ9.LP7Eb0cqmpbMXBjM7yPM0vZ8T3tDd3Zmme3j-e3HTvs",
+    },
+    "status": 200,
+    "timestamp": 1504161444051
+}
+```
+
+在调用api时,设置http header:
+```bash
+    Authorization: jwt {登录时获取的token}
+```
+
+## 自定义jwt 密钥
+使用base64生成密钥如: 
+```java
+Base64.encodeBase64String("密钥内容".getBytes())
+```
+
+修改application.yml
+```yaml
+hsweb:
+    authorize:
+      jwt:
+        id: your_jwt_id
+        secret: 上一步生成的base64密钥
+```
diff --git a/hsweb-examples/hsweb-examples-oauth2/hsweb-examples-oauth2-client/src/main/java/org/hswebframework/web/example/oauth2/OAuth2SSOAuthorizingListener.java b/hsweb-examples/hsweb-examples-oauth2/hsweb-examples-oauth2-client/src/main/java/org/hswebframework/web/example/oauth2/OAuth2SSOAuthorizingListener.java
index 5d9db4fd9..b442731a4 100644
--- a/hsweb-examples/hsweb-examples-oauth2/hsweb-examples-oauth2-client/src/main/java/org/hswebframework/web/example/oauth2/OAuth2SSOAuthorizingListener.java
+++ b/hsweb-examples/hsweb-examples-oauth2/hsweb-examples-oauth2-client/src/main/java/org/hswebframework/web/example/oauth2/OAuth2SSOAuthorizingListener.java
@@ -70,7 +70,9 @@ public class OAuth2SSOAuthorizingListener
                 .get().onError(OAuth2Response.throwOnError)
                 .as(Authentication.class);
 
-        HttpSession httpSession = WebUtil.getHttpServletRequest().getSession();
+        HttpSession httpSession = WebUtil
+                .getHttpServletRequest()
+                .getSession();
 
         userTokenManager.signIn(httpSession.getId(), authentication.getUser().getId(), 60 * 60 * 1000);
 
diff --git a/hsweb-examples/hsweb-examples-simple/src/main/resources/application.yml b/hsweb-examples/hsweb-examples-simple/src/main/resources/application.yml
index 517c4c204..7d6d1b970 100644
--- a/hsweb-examples/hsweb-examples-simple/src/main/resources/application.yml
+++ b/hsweb-examples/hsweb-examples-simple/src/main/resources/application.yml
@@ -14,8 +14,12 @@ spring:
       multipart:
         enabled: true
         max-file-size: 100Mb
-
 hsweb:
+    cors:
+      enable: on
+      allowed-origins: "*"
+      allowed-methods: "*"
+      allowed-headers: "*"
     authorize:
       jwt:
         id: test