diff --git a/spring-security-oauth2/spring-security-oauth2-resource/src/main/resources/application.yml b/spring-security-oauth2/spring-security-oauth2-resource/src/main/resources/application.yml
index 07f56a9..7f76d00 100644
--- a/spring-security-oauth2/spring-security-oauth2-resource/src/main/resources/application.yml
+++ b/spring-security-oauth2/spring-security-oauth2-resource/src/main/resources/application.yml
@@ -34,7 +34,7 @@ server:
 
 mybatis:
   type-aliases-package: com.funtl.oauth2.resource.domain
-  mapper-locations: classpath:mapper/*.xml
+  mapper-locations: classpath:tk/mybatis/mapper/*.xml
 
 logging:
   level:
diff --git a/spring-security-oauth2/spring-security-oauth2-server/src/main/java/com/funtl/oauth2/server/config/AuthorizationServerConfiguration.java b/spring-security-oauth2/spring-security-oauth2-server/src/main/java/com/funtl/oauth2/server/config/AuthorizationServerConfiguration.java
index d601b11..b4b7ebd 100644
--- a/spring-security-oauth2/spring-security-oauth2-server/src/main/java/com/funtl/oauth2/server/config/AuthorizationServerConfiguration.java
+++ b/spring-security-oauth2/spring-security-oauth2-server/src/main/java/com/funtl/oauth2/server/config/AuthorizationServerConfiguration.java
@@ -1,10 +1,10 @@
 package com.funtl.oauth2.server.config;
 
-import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.boot.jdbc.DataSourceBuilder;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Primary;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
@@ -20,30 +20,33 @@
 @EnableAuthorizationServer
 public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
 
-    @Bean
-    @Primary
-    @ConfigurationProperties(prefix = "spring.datasource")
-    public DataSource dataSource() {
-        // 配置数据源（注意，我使用的是 HikariCP 连接池），以上注解是指定数据源，否则会有冲突
-        return DataSourceBuilder.create().build();
-    }
+    @Autowired
+    private AuthenticationManager authenticationManager;
+    @Autowired
+    private DataSource dataSource;
+    @Autowired
+    private UserDetailsService userDetailsService;
 
     @Bean
     public TokenStore tokenStore() {
         // 基于 JDBC 实现，令牌保存到数据
-        return new JdbcTokenStore(dataSource());
+        return new JdbcTokenStore(dataSource);
     }
 
     @Bean
     public ClientDetailsService jdbcClientDetails() {
         // 基于 JDBC 实现，需要事先在数据库配置客户端信息
-        return new JdbcClientDetailsService(dataSource());
+        return new JdbcClientDetailsService(dataSource);
     }
 
     @Override
     public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
         // 设置令牌
         endpoints.tokenStore(tokenStore());
+        //支持密码模式
+        endpoints.authenticationManager(authenticationManager);
+        //支持refresh_token
+        endpoints.userDetailsService(userDetailsService);
     }
 
     @Override
diff --git a/spring-security-oauth2/spring-security-oauth2-server/src/main/java/com/funtl/oauth2/server/config/CommonConifg.java b/spring-security-oauth2/spring-security-oauth2-server/src/main/java/com/funtl/oauth2/server/config/CommonConifg.java
new file mode 100644
index 0000000..978414f
--- /dev/null
+++ b/spring-security-oauth2/spring-security-oauth2-server/src/main/java/com/funtl/oauth2/server/config/CommonConifg.java
@@ -0,0 +1,28 @@
+package com.funtl.oauth2.server.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.jdbc.DataSourceBuilder;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Primary;
+
+import javax.sql.DataSource;
+
+/**
+ * @author simonPan
+ * @date 2019/11/4 11:08
+ */
+@Configuration
+public class CommonConifg {
+    /**
+     * 注入数据源
+     * 防止跟UserDetailsServiceImpl循环依赖
+     */
+    @Bean
+    @Primary
+    @ConfigurationProperties(prefix = "spring.datasource")
+    public DataSource dataSource() {
+        // 配置数据源（注意，我使用的是 HikariCP 连接池），以上注解是指定数据源，否则会有冲突
+        return DataSourceBuilder.create().build();
+    }
+}
diff --git a/spring-security-oauth2/spring-security-oauth2-server/src/main/java/com/funtl/oauth2/server/config/WebSecurityConfiguration.java b/spring-security-oauth2/spring-security-oauth2-server/src/main/java/com/funtl/oauth2/server/config/WebSecurityConfiguration.java
index 81adef0..7236d6f 100644
--- a/spring-security-oauth2/spring-security-oauth2-server/src/main/java/com/funtl/oauth2/server/config/WebSecurityConfiguration.java
+++ b/spring-security-oauth2/spring-security-oauth2-server/src/main/java/com/funtl/oauth2/server/config/WebSecurityConfiguration.java
@@ -3,6 +3,7 @@
 import com.funtl.oauth2.server.config.service.UserDetailsServiceImpl;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
@@ -39,4 +40,10 @@ public void configure(WebSecurity web) throws Exception {
         // 将 check_token 暴露出去，否则资源服务器访问时报 403 错误
         web.ignoring().antMatchers("/oauth/check_token");
     }
+
+    @Bean
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
 }
diff --git a/spring-security-oauth2/spring-security-oauth2-server/src/main/resources/application.yml b/spring-security-oauth2/spring-security-oauth2-server/src/main/resources/application.yml
index 264a5c9..b13c0cb 100644
--- a/spring-security-oauth2/spring-security-oauth2-server/src/main/resources/application.yml
+++ b/spring-security-oauth2/spring-security-oauth2-server/src/main/resources/application.yml
@@ -22,4 +22,4 @@ server:
 
 mybatis:
   type-aliases-package: com.funtl.oauth2.server.domain
-  mapper-locations: classpath:mapper/*.xml
\ No newline at end of file
+  mapper-locations: classpath:tk/mybatis/mapper/*.xml