diff --git a/src/main/java/com/fstack/common/ApiResponse.java b/src/main/java/com/fstack/common/ApiResponse.java
index 57960ea46bc1ef361f2dcc946164d84945cf4ef4..59fe5680b62fbcc5bccf864f2ecd1b2fa5a7c244 100644
--- a/src/main/java/com/fstack/common/ApiResponse.java
+++ b/src/main/java/com/fstack/common/ApiResponse.java
@@ -57,7 +57,7 @@ public class ApiResponse {
         return new ApiResponse(false, 6,"对不起，您没有没有权限");
     }
 
-    public static ApiResponse toException() {
-        return new ApiResponse(false, 404, "exception");
+    public static ApiResponse toException(String msg) {
+        return new ApiResponse(false, 404, msg);
     }
 }
diff --git a/src/main/java/com/fstack/config/GlobalExceptionHandler.java b/src/main/java/com/fstack/config/GlobalExceptionHandler.java
new file mode 100644
index 0000000000000000000000000000000000000000..7d0850e62e334f2f8645cc85f6994af3b7f9383f
--- /dev/null
+++ b/src/main/java/com/fstack/config/GlobalExceptionHandler.java
@@ -0,0 +1,44 @@
+package com.fstack.config;
+
+import com.fstack.common.ApiResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Enumeration;
+
+/**
+ * @author Hu Jie
+ * @date 2019/04/23 10:21 AM
+ */
+@ControllerAdvice
+public class GlobalExceptionHandler {
+    private Logger logger = LoggerFactory.getLogger(GlobalExceptionHandler.class);
+
+    /**
+     * 捕获具体指定外的所有异常
+     *
+     * @param ex
+     * @param request
+     * @param response
+     */
+    @ExceptionHandler(value = Exception.class)
+    public ApiResponse handle(Exception ex, HttpServletRequest request, HttpServletResponse response) {
+        logger.error("***** GlobalException Start *****");
+        logger.error("Request Url:{}", request.getRequestURL());
+        Enumeration enumeration = request.getParameterNames();
+        logger.error("Parameters:");
+        while (enumeration.hasMoreElements()) {
+            String name = enumeration.nextElement().toString();
+            logger.error("[{}]:[{}]", name, request.getParameter(name));
+        }
+        ex.printStackTrace();
+        logger.error("***** GlobalException End *****");
+        return ApiResponse.toException(ex.getMessage());
+    }
+
+
+}
diff --git a/src/main/java/com/fstack/config/StaticResourceConfig.java b/src/main/java/com/fstack/config/StaticResourceConfig.java
index 914b84783bf553adda442f3210cabb11e124c542..48f53669d2d906b5a8e85d88ef4c1c8dab1c5d19 100644
--- a/src/main/java/com/fstack/config/StaticResourceConfig.java
+++ b/src/main/java/com/fstack/config/StaticResourceConfig.java
@@ -1,5 +1,6 @@
 package com.fstack.config;
 
+import com.fstack.util.CommonUtil;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
@@ -18,11 +19,7 @@ public class StaticResourceConfig implements WebMvcConfigurer {
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
         registry.addResourceHandler("/avatar/**")
-                .addResourceLocations("file:" + staticResourceLocation);
-
-        registry.addResourceHandler("/static/**")
-                .addResourceLocations("classpath:/static/");
-        WebMvcConfigurer.super.addResourceHandlers(registry);
+                .addResourceLocations("file:" + CommonUtil.getRootPath() + staticResourceLocation);
     }
 
     @Override
diff --git a/src/main/java/com/fstack/security/WebSecurityConfig.java b/src/main/java/com/fstack/security/WebSecurityConfig.java
index b837eecae9c21bbe1080d9d08dcb00705dc74103..2c3934472c48216de5d208bef6b6a8f92bbd66df 100644
--- a/src/main/java/com/fstack/security/WebSecurityConfig.java
+++ b/src/main/java/com/fstack/security/WebSecurityConfig.java
@@ -12,6 +12,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 
 /**
  * @author ab
@@ -21,51 +22,49 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Bean
-	public BCryptPasswordEncoder bCryptPasswordEncoder() {
-		return new BCryptPasswordEncoder();
-	}
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 
-	@Bean
-	UserDetailsService myUserDetailsService() { // register userDetailsService
-		return new MyUserDetailsService();
-	}
+    @Bean
+    UserDetailsService myUserDetailsService() { // register userDetailsService
+        return new MyUserDetailsService();
+    }
 
-	@Bean
-	public AuthenticationProvider authenticationProvider() {
-		DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
-		authenticationProvider.setUserDetailsService(this.myUserDetailsService());
-		authenticationProvider.setPasswordEncoder(this.bCryptPasswordEncoder());
-		return authenticationProvider;
-	}
+    @Bean
+    public AuthenticationProvider authenticationProvider() {
+        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
+        authenticationProvider.setUserDetailsService(this.myUserDetailsService());
+        authenticationProvider.setPasswordEncoder(this.passwordEncoder());
+        return authenticationProvider;
+    }
 
-	@Autowired
-	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-		// auth.inMemoryAuthentication()
-		// .withUser("t").password("t").roles("USER")
-		// .and()
-		// .withUser("admin").password("admin").roles("ADMIN");
+    @Autowired
+    public void configureGlobal(AuthenticationManagerBuilder auth) {
+        auth.authenticationProvider(this.authenticationProvider());
+    }
 
-		// auth.userDetailsService(this.myUserDetailsService()).passwordEncoder(this.bCryptPasswordEncoder());
-
-		auth.authenticationProvider(this.authenticationProvider()); // different approach
-	}
-
-	@Override
-	protected void configure(HttpSecurity http) throws Exception {
-		http.csrf().disable().authorizeRequests().antMatchers("/user/settings").authenticated() // order matters
-				.antMatchers("/", "/js/**", "/css/**", "/images/**", "/fonts/**", "/bootstrap-select/**",
-						"/bootstrap-datetimepicker/**", "/custom/**", "/daterangepicker/**", "/chartjs/**")
-				.permitAll() // these paths are configure not to require any authentication
-				.antMatchers("/post/**").permitAll() // all posts are allowed to be viewed without authentication
-				.antMatchers("/user/**").permitAll() // all user profiles are allowed to be viewed without
-														// authentication
-				.antMatchers("/category/**").permitAll() // all categories are allowed to be viewed without
-															// authentication
-				.antMatchers("/avatar/**").permitAll() // temp
-				.anyRequest().authenticated() // every request requires the user to be authenticated
-				.and().formLogin().loginPage("/user/login").permitAll() // login URL can be accessed by anyone
-				.and().logout().invalidateHttpSession(true).clearAuthentication(true).logoutSuccessUrl("/?logout")
-				.permitAll();
-	}
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.csrf().disable().authorizeRequests()
+                .anyRequest().authenticated()
+                // all static resource and home page
+                .antMatchers("/", "/avatar/**", "/", "/js/**", "/css/**", "/images/**", "/fonts/**", "/bootstrap-select/**",
+                        "/bootstrap-datetimepicker/**", "/custom/**", "/daterangepicker/**", "/chartjs/**").permitAll()
+                .antMatchers("/user/**").permitAll()
+                .antMatchers("/user/settings").authenticated()
+                // all posts are allowed to be viewed without authentication
+                .antMatchers("/post/**").permitAll()
+                // all user profiles are allowed to be viewed without authentication
+                .antMatchers("/user/**").permitAll()
+                // all categories are allowed to be viewed without authentication
+                .antMatchers("/category/**").permitAll()
+                // login URL can be accessed by anyone
+                .and()
+                .formLogin().loginPage("/user/login").permitAll()
+                .and()
+                .logout().invalidateHttpSession(true).clearAuthentication(true).logoutSuccessUrl("/?logout")
+                .permitAll();
+    }
 }
\ No newline at end of file
diff --git a/src/main/java/com/fstack/service/StorageService.java b/src/main/java/com/fstack/service/StorageService.java
index 6b309f4ab373246da30d8c9b18dd31cf9a7d19cf..781090f1d7c955d7f7f1b42118ca2ac9c9e1d973 100644
--- a/src/main/java/com/fstack/service/StorageService.java
+++ b/src/main/java/com/fstack/service/StorageService.java
@@ -1,15 +1,14 @@
 package com.fstack.service;
 
-import org.springframework.web.multipart.MultipartFile;
-
 import com.fstack.persistence.model.User;
+import org.springframework.web.multipart.MultipartFile;
 
 public interface StorageService {
 
-	void init();
+    void init();
 
-	User store(MultipartFile file, String path);
+    User store(MultipartFile file, String path);
 
-	void deleteAll();
+    void deleteAll();
 
 }
\ No newline at end of file
diff --git a/src/main/java/com/fstack/service/impl/StorageServiceImpl.java b/src/main/java/com/fstack/service/impl/StorageServiceImpl.java
index a02ff852639934890687d989bf503f1e365492cc..cf4f4399dadeb3244eda3ed3e082a4b5ea4eaf20 100644
--- a/src/main/java/com/fstack/service/impl/StorageServiceImpl.java
+++ b/src/main/java/com/fstack/service/impl/StorageServiceImpl.java
@@ -1,9 +1,10 @@
 package com.fstack.service.impl;
 
-import java.io.File;
-import java.io.IOException;
-import java.nio.file.*;
-
+import com.fstack.exception.StorageException;
+import com.fstack.persistence.dao.UserMapper;
+import com.fstack.persistence.model.User;
+import com.fstack.service.StorageService;
+import com.fstack.util.CommonUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -12,10 +13,10 @@ import org.springframework.stereotype.Service;
 import org.springframework.util.StringUtils;
 import org.springframework.web.multipart.MultipartFile;
 
-import com.fstack.exception.StorageException;
-import com.fstack.persistence.dao.UserMapper;
-import com.fstack.persistence.model.User;
-import com.fstack.service.StorageService;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.StandardCopyOption;
 
 @Service("storageService")
 public class StorageServiceImpl implements StorageService {
@@ -28,6 +29,15 @@ public class StorageServiceImpl implements StorageService {
     @Autowired
     private UserMapper userMapper;
 
+    @Override
+    public void init() {
+        try {
+            Files.createDirectories(Paths.get(this.staticResourceLocation));
+        } catch (Exception e) {
+            throw new StorageException("Could not initialize storage", e);
+        }
+    }
+
     @Override
     public User store(MultipartFile file, String username) { // re-factor needed
         if (null == file || file.isEmpty() || null == username || username.isEmpty() || username.equalsIgnoreCase("")) {
@@ -35,44 +45,24 @@ public class StorageServiceImpl implements StorageService {
         }
         String filename = StringUtils.cleanPath(file.getOriginalFilename());
         try {
-            if (filename.contains("..")) {
-                throw new StorageException("Cannot store file with relative path outside current directory " + filename);
+            String path = this.staticResourceLocation + username;
+            Path avatarLocation = Paths.get(CommonUtil.getRootPath() + path);
+            if (!Files.exists(avatarLocation)){
+                Files.createDirectories(avatarLocation);
             }
-            //get project root path to save avatar instead of project path
-            File file1 = new File("/");
-            String rootPath = file1.getAbsolutePath();
-            Path dir = Paths.get(rootPath + this.staticResourceLocation + "/" + username);
-            if (!Files.exists(dir))
-                createSingleDirectory(dir);
-            Path avatarLocation = dir.resolve(filename);
-            Files.copy(file.getInputStream(), avatarLocation, StandardCopyOption.REPLACE_EXISTING);
-            logger.info("Saved file to >> " + avatarLocation);
+            Path resolve = avatarLocation.resolve(filename);
+            Files.copy(file.getInputStream(), resolve, StandardCopyOption.REPLACE_EXISTING);
+            logger.info("Saved file to >> " + resolve);
             // update user avatar location
             User user = this.userMapper.findByUsername(username);
-            user.setAvatarLocation(avatarLocation.toAbsolutePath().toString());
+            String avatar = path + "/" + filename;
+            user.setAvatarLocation(avatar);
             return user;
         } catch (Exception e) {
             throw new StorageException("Failed to store file " + filename, e);
         }
     }
 
-    private void createSingleDirectory(Path path) throws IOException {
-        try {
-            Files.createDirectories(path);
-        } catch (FileAlreadyExistsException e) {
-            System.out.println("\nDirectory creation failed:\n" + e);
-        }
-    }
-
-    @Override
-    public void init() {
-        try {
-            Files.createDirectories(Paths.get(this.staticResourceLocation));
-        } catch (Exception e) {
-            throw new StorageException("Could not initialize storage", e);
-        }
-    }
-
     @Override
     public void deleteAll() {
 
diff --git a/src/main/java/com/fstack/service/impl/UserServiceImpl.java b/src/main/java/com/fstack/service/impl/UserServiceImpl.java
index 37182b0129f79c1acc79d0a0c9243745e4d2098f..5ec7957ab6a7942dc704b44b193cd16308ce3fe6 100644
--- a/src/main/java/com/fstack/service/impl/UserServiceImpl.java
+++ b/src/main/java/com/fstack/service/impl/UserServiceImpl.java
@@ -1,22 +1,5 @@
 package com.fstack.service.impl;
 
-import java.sql.Timestamp;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationEventPublisher;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.stereotype.Service;
-
 import com.fstack.event.OnRegistrationCompleteEvent;
 import com.fstack.persistence.dao.CommentMapper;
 import com.fstack.persistence.dao.PostMapper;
@@ -30,169 +13,184 @@ import com.fstack.service.StorageService;
 import com.fstack.service.UserService;
 import com.fstack.web.dto.UserRegistrationDto;
 import com.fstack.web.dto.UserSettingsDto;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+
+import javax.servlet.http.HttpServletRequest;
+import java.sql.Timestamp;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
 
 @Service("userService")
 public class UserServiceImpl implements UserService {
 
-	private static final Logger logger = LoggerFactory.getLogger(UserServiceImpl.class);
-
-	@Autowired
-	private UserMapper userMapper;
-
-	@Autowired
-	private PostMapper postMapper;
-
-	@Autowired
-	private CommentMapper commentMapper;
-
-	@Autowired
-	private VerificationTokenMapper verificationTokenMapper;
-
-	@Autowired
-	private StorageService storageService;
-
-	@Autowired
-	private BCryptPasswordEncoder bCryptPasswordEncoder;
-
-	@Autowired
-	private ApplicationEventPublisher evenPublisher;
-
-	@Override
-	public User findById(Long id) {
-		return userMapper.findById(id);
-	}
-
-	@Override
-	public User findByEmail(String email) {
-		return userMapper.findByEmail(email);
-	}
-
-	@Override
-	public User findByUsername(String username) {
-		return userMapper.findByUsername(username);
-	}
-
-	@Override
-	public int save(User user) {
-		user.setPassword(bCryptPasswordEncoder.encode(user.getPassword()));
-		return userMapper.save(user);
-	}
-
-	@Override
-	public Map<String, Object> getUserProfileAndPostsByUserIdByTabType(Long userId, String tabType) {
-		if (null == userId) {
-			return null;
-		}
-		User user = this.userMapper.findById(userId);
-		if (null == user) {
-			return null;
-		}
-		Map<String, Object> attributes = new HashMap<>();
-		attributes.put("user", user);
-		String activeTab = tabType == null ? "posts" : tabType;
-		if ("posts".equalsIgnoreCase(activeTab)) {
-			List<Post> posts = this.postMapper.findPostsByUserId(userId);
-			attributes.put("posts", posts);
-		} else if ("comments".equalsIgnoreCase(activeTab)) {
-			List<Comment> comments = this.commentMapper.findCommentsByUserId(userId);
-			attributes.put("comments", comments);
-		}
-		attributes.put("activeTab", activeTab);
-		return attributes;
-	}
-
-	@Override
-	public User findAuthenticatedUser() {
-		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-		String username = auth.getName();
-		return this.userMapper.findByUsername(username);
-	}
-
-	@Override
-	public Map<String, Object> updateUserProfile(UserSettingsDto userSettingsDto) {
-		Map<String, Object> attributes = new HashMap<>();
-		String authenticatedUsername = this.findAuthenticatedUser().getUsername();
-		if (null == authenticatedUsername || authenticatedUsername.equalsIgnoreCase("") || null == userSettingsDto
-				|| userSettingsDto.getEmail().isEmpty() || userSettingsDto.getEmail().equals("")) {
-			attributes.put("uploadResultMessage", "uploadFailure");
-			return attributes;
-		}
-
-		// update user profile
-		User user = this.storageService.store(userSettingsDto.getAvatar(), authenticatedUsername);
-		if (null == user) {
-			attributes.put("uploadResultMessage", "uploadFailure");
-			user = this.findAuthenticatedUser(); // find authenticated user if no user found
-		}
-		user.setEmail(userSettingsDto.getEmail());
-		user.setBio(userSettingsDto.getBio());
-		this.userMapper.update(user);
-
-		// return attributes
-		attributes.put("user", user);
-		attributes.put("uploadResultMessage", "uploadSuccess");
-		return attributes;
-	}
-
-	@Override
-	public Map<String, Object> getUserSettingPage() {
-		User user = this.findAuthenticatedUser();
-		UserSettingsDto newUserSettingsForm = new UserSettingsDto();
-		newUserSettingsForm.setBio(user.getBio());
-		newUserSettingsForm.setEmail(user.getEmail());
-		Map<String, Object> attributes = new HashMap<>();
-		attributes.put("user", user);
-		attributes.put("userSettingsDto", newUserSettingsForm);
-		return attributes;
-	}
-
-	@Override
-	public Map<String, Object> registerUserAccount(UserRegistrationDto userDto, HttpServletRequest request) {
-		Map<String, Object> attributes = new HashMap<>();
-
-		// save newly registered user
-		User user = new User();
-		user.setPassword(this.bCryptPasswordEncoder.encode(userDto.getPassword()));
-		user.setUsername(userDto.getUsername());
-		user.setEmail(userDto.getEmail());
-		user.setDateCreated(new Timestamp(System.currentTimeMillis()));
-		user.activated(false);
-		user.setRoles(User.USER);
-
-		// save new user and get number of affected row
-		int affectedRow = userMapper.save(user);
-
-		// publish registration event
-		String appUrl = "http://" + request.getServerName() + ":" + request.getServerPort();
-		Locale locale = request.getLocale();
-		OnRegistrationCompleteEvent event = new OnRegistrationCompleteEvent(user.getUsername(), appUrl, locale);
-		this.evenPublisher.publishEvent(event);
-
-		// populate attributes
-		String registrationResult = affectedRow == 1 ? "success" : "failure";
-		attributes.put("userRegistrationResult", registrationResult);
-		return attributes;
-	}
-
-	@Override
-	public Map<String, Object> confirmUserRegistrationWithToken(String token) {
-		Map<String, Object> attributes = new HashMap<>();
-		VerificationToken verificationToken = this.verificationTokenMapper.findByToken(token);
-		if (null == verificationToken) {
-			return null; // 404 exception
-		}
-		// check if expire time is still within 24 hours
-		boolean tokenValid = verificationToken.getExpiryDate().getTime() - System.currentTimeMillis() > 0;
-		if (tokenValid) {
-			String username = verificationToken.getUser().getUsername();
-			User user = this.userMapper.findByUsername(username);
-			user.activated(true);
-			this.userMapper.update(user);
-			attributes.put("registrationActivationResult", "success");
-		} else {
-			attributes.put("registrationActivationResult", "failure");
-		}
-		return attributes;
-	}
+    private static final Logger logger = LoggerFactory.getLogger(UserServiceImpl.class);
+
+    @Autowired
+    private UserMapper userMapper;
+
+    @Autowired
+    private PostMapper postMapper;
+
+    @Autowired
+    private CommentMapper commentMapper;
+
+    @Autowired
+    private VerificationTokenMapper verificationTokenMapper;
+
+    @Autowired
+    private StorageService storageService;
+
+    @Autowired
+    private PasswordEncoder passwordEncoder;
+
+    @Autowired
+    private ApplicationEventPublisher evenPublisher;
+
+    @Override
+    public int save(User user) {
+        user.setPassword(passwordEncoder.encode(user.getPassword()));
+        return userMapper.save(user);
+    }
+
+    @Override
+    public User findById(Long id) {
+        return userMapper.findById(id);
+    }
+
+    @Override
+    public User findByUsername(String username) {
+        return userMapper.findByUsername(username);
+    }
+
+    @Override
+    public User findByEmail(String email) {
+        return userMapper.findByEmail(email);
+    }
+
+    @Override
+    public User findAuthenticatedUser() {
+        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+        String username = auth.getName();
+        return this.userMapper.findByUsername(username);
+    }
+
+    @Override
+    public Map<String, Object> getUserProfileAndPostsByUserIdByTabType(Long userId, String tabType) {
+        if (null == userId) {
+            return null;
+        }
+        User user = this.userMapper.findById(userId);
+        if (null == user) {
+            return null;
+        }
+        Map<String, Object> attributes = new HashMap<>();
+        attributes.put("user", user);
+        String activeTab = tabType == null ? "posts" : tabType;
+        if ("posts".equalsIgnoreCase(activeTab)) {
+            List<Post> posts = this.postMapper.findPostsByUserId(userId);
+            attributes.put("posts", posts);
+        } else if ("comments".equalsIgnoreCase(activeTab)) {
+            List<Comment> comments = this.commentMapper.findCommentsByUserId(userId);
+            attributes.put("comments", comments);
+        }
+        attributes.put("activeTab", activeTab);
+        return attributes;
+    }
+
+    @Override
+    public Map<String, Object> updateUserProfile(UserSettingsDto userSettingsDto) {
+        Map<String, Object> attributes = new HashMap<>();
+        String authenticatedUsername = this.findAuthenticatedUser().getUsername();
+        if (null == authenticatedUsername || authenticatedUsername.equalsIgnoreCase("") || null == userSettingsDto
+                || userSettingsDto.getEmail().isEmpty() || userSettingsDto.getEmail().equals("")) {
+            attributes.put("uploadResultMessage", "uploadFailure");
+            return attributes;
+        }
+
+        // update user profile
+        User user = this.storageService.store(userSettingsDto.getAvatar(), authenticatedUsername);
+        if (null == user) {
+            attributes.put("uploadResultMessage", "uploadFailure");
+            user = this.findAuthenticatedUser(); // find authenticated user if no user found
+        }
+        user.setEmail(userSettingsDto.getEmail());
+        user.setBio(userSettingsDto.getBio());
+        this.userMapper.update(user);
+
+        // return attributes
+        attributes.put("user", user);
+        attributes.put("uploadResultMessage", "uploadSuccess");
+        return attributes;
+    }
+
+    @Override
+    public Map<String, Object> getUserSettingPage() {
+        User user = this.findAuthenticatedUser();
+        UserSettingsDto newUserSettingsForm = new UserSettingsDto();
+        newUserSettingsForm.setBio(user.getBio());
+        newUserSettingsForm.setEmail(user.getEmail());
+        Map<String, Object> attributes = new HashMap<>();
+        attributes.put("user", user);
+        attributes.put("userSettingsDto", newUserSettingsForm);
+        return attributes;
+    }
+
+    @Override
+    public Map<String, Object> registerUserAccount(UserRegistrationDto userDto, HttpServletRequest request) {
+        Map<String, Object> attributes = new HashMap<>();
+
+        // save newly registered user
+        User user = new User();
+        user.setPassword(this.passwordEncoder.encode(userDto.getPassword()));
+        user.setUsername(userDto.getUsername());
+        user.setEmail(userDto.getEmail());
+        user.setDateCreated(new Timestamp(System.currentTimeMillis()));
+        user.activated(false);
+        user.setRoles(User.USER);
+
+        // save new user and get number of affected row
+        int affectedRow = userMapper.save(user);
+
+        // publish registration event
+        String appUrl = "http://" + request.getServerName() + ":" + request.getServerPort();
+        Locale locale = request.getLocale();
+        OnRegistrationCompleteEvent event = new OnRegistrationCompleteEvent(user.getUsername(), appUrl, locale);
+        this.evenPublisher.publishEvent(event);
+
+        // populate attributes
+        String registrationResult = affectedRow == 1 ? "success" : "failure";
+        attributes.put("userRegistrationResult", registrationResult);
+        return attributes;
+    }
+
+    @Override
+    public Map<String, Object> confirmUserRegistrationWithToken(String token) {
+        Map<String, Object> attributes = new HashMap<>();
+        VerificationToken verificationToken = this.verificationTokenMapper.findByToken(token);
+        if (null == verificationToken) {
+            return null; // 404 exception
+        }
+        // check if expire time is still within 24 hours
+        boolean tokenValid = verificationToken.getExpiryDate().getTime() - System.currentTimeMillis() > 0;
+        if (tokenValid) {
+            String username = verificationToken.getUser().getUsername();
+            User user = this.userMapper.findByUsername(username);
+            user.activated(true);
+            this.userMapper.update(user);
+            attributes.put("registrationActivationResult", "success");
+        } else {
+            attributes.put("registrationActivationResult", "failure");
+        }
+        return attributes;
+    }
 
 }
diff --git a/src/main/java/com/fstack/util/CommonUtil.java b/src/main/java/com/fstack/util/CommonUtil.java
new file mode 100644
index 0000000000000000000000000000000000000000..22712fc29c5bc9da70eb082a127fb70443989408
--- /dev/null
+++ b/src/main/java/com/fstack/util/CommonUtil.java
@@ -0,0 +1,22 @@
+package com.fstack.util;
+
+import java.io.File;
+
+/**
+ * @author wongH
+ * @date 2019/4/24 8:08
+ * @Version 1.0
+ */
+public class CommonUtil {
+
+
+    public static String getRootPath() {
+        File file = new File("/");
+        String path = file.getAbsolutePath().replaceAll("\\\\", "/");
+        return path;
+    }
+
+    public static String getProjectPath() {
+        return System.getProperty("user.dir");
+    }
+}
diff --git a/src/main/resources/application-dev.properties b/src/main/resources/application-dev.properties
index 720dea035b62275e0c9bcd2f4fc248f97868e163..5c51037faaf3a01d710ffb9f4040af95b7861dd1 100644
--- a/src/main/resources/application-dev.properties
+++ b/src/main/resources/application-dev.properties
@@ -28,7 +28,6 @@ spring.redis.lettuce.pool.min-idle=5
 spring.redis.lettuce.pool.max-active=20
 spring.redis.lettuce.pool.max-wait=-1ms
 
-
 # ==============================
 # SMTP Email
 # ==============================
diff --git a/src/main/resources/application-pro.properties b/src/main/resources/application-pro.properties
index 720dea035b62275e0c9bcd2f4fc248f97868e163..4e83710f08f2826f63b5c626819fbf552abf6878 100644
--- a/src/main/resources/application-pro.properties
+++ b/src/main/resources/application-pro.properties
@@ -2,9 +2,9 @@
 # MySQL connection config
 # ==============================
 spring.datasource.driverClassName = com.mysql.cj.jdbc.Driver
-spring.datasource.url = jdbc:mysql://localhost:3306/forum?serverTimezone=GMT&useSSL=false&useUnicode=true&characterEncoding=UTF-8
-spring.datasource.username = root
-spring.datasource.password = root
+spring.datasource.url = jdbc:mysql://www.polysys.cn:13306/fs_forum?serverTimezone=GMT&useSSL=false&useUnicode=true&characterEncoding=UTF-8
+spring.datasource.username = fstack
+spring.datasource.password = fstack
 spring.datasource.type=com.zaxxer.hikari.HikariDataSource
 spring.datasource.hikari.minimum-idle=5
 spring.datasource.hikari.maximum-pool-size=15
@@ -19,16 +19,15 @@ spring.datasource.hikari.connection-test-query=SELECT 1
 # Redis configuration
 # ==============================
 spring.redis.database=0
-spring.redis.host=192.168.1.129
+spring.redis.host=www.polysys.cn
 spring.redis.port=6379
-spring.redis.password=kaixin
+spring.redis.password=fstack
 spring.redis.timeout=5000ms
 spring.redis.lettuce.pool.max-idle=10
 spring.redis.lettuce.pool.min-idle=5
 spring.redis.lettuce.pool.max-active=20
 spring.redis.lettuce.pool.max-wait=-1ms
 
-
 # ==============================
 # SMTP Email
 # ==============================
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index e3cfacfa45edada0d2fbfadcd8beb36a7d33e9ef..3cc53ef67cdc3dc9b7b6164415fb0b4a260a84d6 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,5 +1,5 @@
 server.port=8080
-spring.profiles.active=dev
+spring.profiles.active=pro
 server.servlet.context-path= /
 spring.aop.proxy-target-class=true
 
@@ -35,9 +35,9 @@ pagehelper.supportMethodsArguments=true
 pagehelper.params=count=countSql
 
 # ==============================
-# avator location
+# avatar location, must  end with /
 # ==============================
-resource.staticResourceLocation=/avatar
+resource.staticResourceLocation=avatar/
 
 spring.output.ansi.enabled=always
 logging.config=classpath:logback.xml
\ No newline at end of file
diff --git a/src/main/resources/templates/forum/post.html b/src/main/resources/templates/forum/post.html
index 63d0d0048c7f69b481f941699aca7130d0473b24..3a917b8afcd6872b2fa446a5b07f6f1651692e63 100644
--- a/src/main/resources/templates/forum/post.html
+++ b/src/main/resources/templates/forum/post.html
@@ -18,7 +18,7 @@
 								</div>
  								<div class="media-right media-middle">
  								    <a th:href="@{/user/{userId}(userId=${post.user.id})}">
- 										<img class="media-object img-rounded" th:src="${post.user.avatarLocation}"
+ 										<img class="media-object img-rounded" th:src="@{'../'+${post.user.avatarLocation}}"
  										alt="profile_pic" width="65px" height="65px">
  									</a>
  							    </div>
diff --git a/src/main/resources/templates/forum/user-profile.html b/src/main/resources/templates/forum/user-profile.html
index 1e7103b4a0ff30faf5832210f864b8be61ed827b..1477a11024ede275d2d8d38c1c4c9fe1ebab9446 100644
--- a/src/main/resources/templates/forum/user-profile.html
+++ b/src/main/resources/templates/forum/user-profile.html
@@ -12,7 +12,7 @@
                         <div class="panel-body">
 	                        <div class="media-left media-top">
 	                            <img class="media-object img-rounded" width="50px" height="50px" alt="profile_pic"
-                                    th:src="${user.avatarLocation}">
+                                    th:src="@{'../'+${user.avatarLocation}}">
 	                        </div>
 	                        <div class="media-body">
 	                            <div class="media-heading">
diff --git a/src/main/resources/templates/forum/user-settings.html b/src/main/resources/templates/forum/user-settings.html
index bb1d24a9249c1bc3401165c5ed9dde9201f5dec7..ff6b8b4c88436d0c6f41ba1cf6c688b125a5117d 100644
--- a/src/main/resources/templates/forum/user-settings.html
+++ b/src/main/resources/templates/forum/user-settings.html
@@ -62,9 +62,9 @@ $(function() {
                                         <table>
 						                    <tr>
 							                    <td width="100px" align="left">当前头像：</td>
-							                    <td width="180px" align="left"><img width="150px" height="150px" class="thumbnail" th:src="${user.avatarLocation}" alt="profile_file"></td>
-							                    <td width="120px" align="left"><img width="100px" height="100px" class="thumbnail" th:src="${user.avatarLocation}" alt="profile_file"></td>
-							                    <td align="left"><img width="50px" height="50px" class="thumbnail" th:src="${user.avatarLocation}" alt="profile_file"></td>
+							                    <td width="180px" align="left"><img width="150px" height="150px" class="thumbnail" th:src="@{'../' + ${user.avatarLocation}}" alt="profile_file"></td>
+							                    <td width="120px" align="left"><img width="100px" height="100px" class="thumbnail" th:src="@{'../' + ${user.avatarLocation}}" alt="profile_file"></td>
+							                    <td align="left"><img width="50px" height="50px" class="thumbnail" th:src="@{'../' + ${user.avatarLocation}}" alt="profile_file"></td>
 						                    </tr>
 					                    </table>
 									    <div class="row form-group">
diff --git a/src/main/resources/templates/fragments/comments.html b/src/main/resources/templates/fragments/comments.html
index 33f5cca3d0ee9fb638e3c736b8b1a0976c77fd47..26e191dda10cef99327fdb57bfb9f8fb96a97422 100644
--- a/src/main/resources/templates/fragments/comments.html
+++ b/src/main/resources/templates/fragments/comments.html
@@ -10,7 +10,7 @@
 				<div class="media">
 					<div class="media-left">
 						<a th:href="@{/user/{username}(username=${comment.user.id})}">
-							<img class="media-object img-rounded" th:src="${comment.user.avatarLocation}"
+							<img class="media-object img-rounded" th:src="@{'../'+${comment.user.avatarLocation}}"
 							alt="profile_pic" width="50" height="50">
 						</a>
 					</div>
diff --git a/src/main/resources/templates/fragments/posts-list.html b/src/main/resources/templates/fragments/posts-list.html
index 7901f739be30037713ac3e280a1081722d75849c..a60edb9a00950cb172e2a9bc5de744c94a9661d2 100644
--- a/src/main/resources/templates/fragments/posts-list.html
+++ b/src/main/resources/templates/fragments/posts-list.html
@@ -1,74 +1,75 @@
 <!DOCTYPE html>
 <html lang="zh-cn" xmlns:th="http://www.thymeleaf.org">
 <body>
-	<div class="panel panel-default" th:fragment="posts">
-	
-		<div class="panel-body">
-			<div class="container">
-				<div th:switch="${pageType}">
-					<div th:case="'homePage'">
-						<div th:replace="fragments/category-nav :: category-nav"></div>
-					</div>
-					<div th:case="'categoryPage'">
-						<div th:replace="fragments/category-heading :: category-heading"></div>
+<div class="panel panel-default" th:fragment="posts">
+
+    <div class="panel-body">
+        <div class="container">
+            <div th:switch="${pageType}">
+                <div th:case="'homePage'">
+                    <div th:replace="fragments/category-nav :: category-nav"></div>
+                </div>
+                <div th:case="'categoryPage'">
+                    <div th:replace="fragments/category-heading :: category-heading"></div>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <!-- posts list -->
+    <div id="post-list">
+        <ul class="list-group list-custom-corner">
+            <li class="list-group-item side-borderless last-border" th:each="post:${posts}">
+                <div class="media">
+                    <div class="media-left media-middle">
+                        <a th:href="@{/user/{userId}(userId=${post.user.id})}">
+                            <img class="media-object img-rounded" th:src="@{'../'+${post.user.avatarLocation}}"
+                                 alt="profile_pic" width="50px" height="50px"></a>
                     </div>
-				</div>
-			</div>
-		</div>
-		
-		<!-- posts list -->
-		<div id="post-list">
-            <ul class="list-group list-custom-corner">
-                <li class="list-group-item side-borderless last-border" th:each="post:${posts}">
-                    <div class="media">
-                        <div class="media-left media-middle">
-		                    <a th:href="@{/user/{userId}(userId=${post.user.id})}">
-		                    <img class="media-object img-rounded" th:src="${post.user.avatarLocation}"
-		                    	alt="profile_pic" width="50px" height="50px"></a>
-		                </div>
-		                <div class="media-body">
-                            <div class="media-heading">
-                                <a class="post-title" th:href="@{/post/{postId}(postId=${post.id})}" th:text="${post.title}">title</a>
-                            </div>
-                            <a class="post-tag"
-                                    th:href="@{/category/{categoryName}(categoryName=${post.category.name})}"
-                                    th:text="${post.category.displayName}"></a>
-                            <a class="post-user"
-                                    th:href="@{/user/{userId}(userId=${post.user.id})}"
-                                    th:text="${post.user.username}"></a>
-                            <span class="post-date" th:text="${'发布于 ' + post.dateFormat()}"></span>
-                        </div>
-                        <div class="media-right media-middle">
-                            <div th:if="${post.commentCount > 0}" th:text="${post.commentCount}" class="badge"></div>
+                    <div class="media-body">
+                        <div class="media-heading">
+                            <a class="post-title" th:href="@{/post/{postId}(postId=${post.id})}"
+                               th:text="${post.title}">title</a>
                         </div>
+                        <a class="post-tag"
+                           th:href="@{/category/{categoryName}(categoryName=${post.category.name})}"
+                           th:text="${post.category.displayName}"></a>
+                        <a class="post-user"
+                           th:href="@{/user/{userId}(userId=${post.user.id})}"
+                           th:text="${post.user.username}"></a>
+                        <span class="post-date" th:text="${'发布于 ' + post.dateFormat()}"></span>
+                    </div>
+                    <div class="media-right media-middle">
+                        <div th:if="${post.commentCount > 0}" th:text="${post.commentCount}" class="badge"></div>
                     </div>
+                </div>
+            </li>
+        </ul>
+    </div>
+
+    <!-- pagination -->
+    <div class="text-center">
+        <nav aria-label="Page navigation">
+            <ul class="pagination pagination-centered">
+                <li th:class="${isFirstPage} ? 'hidden' : ''">
+                    <a th:href="@{?p={pn}(pn=${pageNum-1})}" aria-label="Previous">
+                        <span aria-hidden="true">&laquo;</span>
+                    </a>
                 </li>
-            </ul>
-        </div>
-		
-		<!-- pagination -->
-		<div class="text-center">
-			<nav aria-label="Page navigation">
-				<ul class="pagination pagination-centered">
-					<li th:class="${isFirstPage} ? 'hidden' : ''">
-						<a th:href="@{?p={pn}(pn=${pageNum-1})}" aria-label="Previous">
-	                        <span aria-hidden="true">&laquo;</span>
-						</a>
-					</li>
-					<li th:each="currPage : ${#numbers.sequence({pageNum + 2 < totalPages} ? pageNum : {totalPages - 2 < 1} ? 1 : totalPages - 2, 
+                <li th:each="currPage : ${#numbers.sequence({pageNum + 2 < totalPages} ? pageNum : {totalPages - 2 < 1} ? 1 : totalPages - 2,
 					{pageNum + 2 < totalPages} ? pageNum + 2 : totalPages)}">
-                        <a th:href="@{?p={pn}(pn=${currPage})}" th:text="${currPage}">page number</a>
-					</li>
-					<li th:class="${isLastPage} ? 'hidden' : ''">
-						<a th:href="@{?p={pn}(pn=${pageNum+1})}" aria-label="Next">
-	                        <span aria-hidden="true">&raquo;</span>
-						</a>
-					</li>
-				</ul>
-			</nav>
-		</div>
-		<!-- end pagination -->
+                    <a th:href="@{?p={pn}(pn=${currPage})}" th:text="${currPage}">page number</a>
+                </li>
+                <li th:class="${isLastPage} ? 'hidden' : ''">
+                    <a th:href="@{?p={pn}(pn=${pageNum+1})}" aria-label="Next">
+                        <span aria-hidden="true">&raquo;</span>
+                    </a>
+                </li>
+            </ul>
+        </nav>
+    </div>
+    <!-- end pagination -->
 
-	</div>
+</div>
 </body>
 </html>
\ No newline at end of file