diff --git a/src/main/java/com/dukz/authdemo/session/controller/LoginController.java b/src/main/java/com/dukz/authdemo/session/controller/LoginController.java
index 8b636e4..03f2098 100644
--- a/src/main/java/com/dukz/authdemo/session/controller/LoginController.java
+++ b/src/main/java/com/dukz/authdemo/session/controller/LoginController.java
@@ -4,9 +4,13 @@
 import com.dukz.authdemo.session.model.UserDto;
 import com.dukz.authdemo.session.service.AuthenticationService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import javax.servlet.http.HttpSession;
+import java.util.Objects;
+
 @RestController
 public class LoginController {
 
@@ -14,8 +18,30 @@ public class LoginController {
     private AuthenticationService authenticationService;
 
     @PostMapping(value = "/login", produces = "text/plain;charset=utf-8")
-    public String authentication(AuthenticationRequest authenticationRequest){
+    public String authentication(AuthenticationRequest authenticationRequest, HttpSession session){
         UserDto userDto = authenticationService.authentication(authenticationRequest);
+        // set session
+        session.setAttribute(UserDto.USER_SESSION_KEY, userDto);
         return userDto.getFullname() + " login success";
     }
+
+    @GetMapping(value = "/logout", produces = "text/plain;charset=utf-8")
+    public String logout(HttpSession session){
+        session.invalidate();
+        return "logout success";
+    }
+    @GetMapping(value = "/r/r1", produces = "text/plain;charset=utf-8")
+    public String readResource(HttpSession session){
+        String fullname = "";
+        Object obj = session.getAttribute(UserDto.USER_SESSION_KEY);
+        if(Objects.isNull(obj)){
+            fullname = "匿名";
+        }else {
+            UserDto user = (UserDto) obj;
+            fullname = user.getFullname();
+        }
+        return fullname + "访问资源r1";
+    }
+
+
 }
diff --git a/src/main/java/com/dukz/authdemo/session/model/UserDto.java b/src/main/java/com/dukz/authdemo/session/model/UserDto.java
index cf96d3c..0e6b18e 100644
--- a/src/main/java/com/dukz/authdemo/session/model/UserDto.java
+++ b/src/main/java/com/dukz/authdemo/session/model/UserDto.java
@@ -8,6 +8,7 @@
 @AllArgsConstructor
 @NoArgsConstructor
 public class UserDto {
+    public static final String USER_SESSION_KEY = "_user";
     private Integer id;
     private String username;
     private String password;