diff --git a/api-gateway/src/main/resources/application.yml b/api-gateway/src/main/resources/application.yml
index 2b5b7172..874e7548 100644
--- a/api-gateway/src/main/resources/application.yml
+++ b/api-gateway/src/main/resources/application.yml
@@ -97,7 +97,7 @@ maf:
   configuration:
     ignored-url:
       post:
-        - "/authentication/**"
+        - "/auth-center/users/login"
       get:
         - "/favicon.ico"
         - "/auth/check-username-uniqueness"
diff --git a/auth-center/src/main/java/com/jmsoftware/maf/authcenter/universal/configuration/WebSecurityConfiguration.java b/auth-center/src/main/java/com/jmsoftware/maf/authcenter/universal/configuration/WebSecurityConfiguration.java
index 810d07a6..940524e0 100644
--- a/auth-center/src/main/java/com/jmsoftware/maf/authcenter/universal/configuration/WebSecurityConfiguration.java
+++ b/auth-center/src/main/java/com/jmsoftware/maf/authcenter/universal/configuration/WebSecurityConfiguration.java
@@ -35,6 +35,6 @@ public AuthenticationManager authenticationManager() throws Exception {
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         // Disable Web Security.
-        http.authorizeRequests().anyRequest().permitAll().and().csrf().disable();
+        http.authorizeRequests().anyRequest().permitAll().and().csrf().disable().cors().disable();
     }
 }
diff --git a/auth-center/src/main/java/com/jmsoftware/maf/authcenter/user/controller/UserController.java b/auth-center/src/main/java/com/jmsoftware/maf/authcenter/user/controller/UserController.java
index e440a4b3..63c42fe3 100644
--- a/auth-center/src/main/java/com/jmsoftware/maf/authcenter/user/controller/UserController.java
+++ b/auth-center/src/main/java/com/jmsoftware/maf/authcenter/user/controller/UserController.java
@@ -1,11 +1,18 @@
 package com.jmsoftware.maf.authcenter.user.controller;
 
 import com.jmsoftware.maf.authcenter.user.service.UserService;
+import com.jmsoftware.maf.common.bean.ResponseBodyBean;
+import com.jmsoftware.maf.common.domain.authcenter.user.LoginPayload;
+import com.jmsoftware.maf.common.domain.authcenter.user.LoginResponse;
 import lombok.RequiredArgsConstructor;
-import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
 
- /**
+import javax.validation.Valid;
+
+/**
  * <h1>UserController</h1>
  * <p>
  * Controller implementation of UserPersistence.(UserPersistence)
@@ -13,8 +20,14 @@
  * @author Johnny Miller (锺俊)
  * @date 2020-05-10 12:08:28
  */
+@Validated
 @RestController
 @RequiredArgsConstructor
 public class UserController {
     private final UserService userService;
+
+    @PostMapping("/users/login")
+    public ResponseBodyBean<LoginResponse> login(@Valid @RequestBody LoginPayload payload) {
+        return ResponseBodyBean.ofSuccess(userService.login(payload));
+    }
 }
diff --git a/auth-center/src/main/java/com/jmsoftware/maf/authcenter/user/service/UserService.java b/auth-center/src/main/java/com/jmsoftware/maf/authcenter/user/service/UserService.java
index 7f645374..a87ffb59 100644
--- a/auth-center/src/main/java/com/jmsoftware/maf/authcenter/user/service/UserService.java
+++ b/auth-center/src/main/java/com/jmsoftware/maf/authcenter/user/service/UserService.java
@@ -2,9 +2,7 @@
 
 import com.baomidou.mybatisplus.extension.service.IService;
 import com.jmsoftware.maf.authcenter.user.entity.UserPersistence;
-import com.jmsoftware.maf.common.domain.authcenter.user.GetUserByLoginTokenResponse;
-import com.jmsoftware.maf.common.domain.authcenter.user.SaveUserForRegisteringPayload;
-import com.jmsoftware.maf.common.domain.authcenter.user.SaveUserForRegisteringResponse;
+import com.jmsoftware.maf.common.domain.authcenter.user.*;
 import org.springframework.validation.annotation.Validated;
 
 import javax.validation.Valid;
@@ -35,4 +33,6 @@ public interface UserService extends IService<UserPersistence> {
      * @return the save user for registering response
      */
     SaveUserForRegisteringResponse saveUserForRegister(@Valid SaveUserForRegisteringPayload payload);
+
+    LoginResponse login(@Valid LoginPayload payload);
 }
diff --git a/auth-center/src/main/java/com/jmsoftware/maf/authcenter/user/service/impl/UserServiceImpl.java b/auth-center/src/main/java/com/jmsoftware/maf/authcenter/user/service/impl/UserServiceImpl.java
index bd89dbac..59a2aefd 100644
--- a/auth-center/src/main/java/com/jmsoftware/maf/authcenter/user/service/impl/UserServiceImpl.java
+++ b/auth-center/src/main/java/com/jmsoftware/maf/authcenter/user/service/impl/UserServiceImpl.java
@@ -5,16 +5,17 @@
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import com.jmsoftware.maf.authcenter.universal.service.JwtService;
 import com.jmsoftware.maf.authcenter.user.entity.UserPersistence;
 import com.jmsoftware.maf.authcenter.user.mapper.UserMapper;
 import com.jmsoftware.maf.authcenter.user.service.UserService;
-import com.jmsoftware.maf.common.domain.authcenter.user.GetUserByLoginTokenResponse;
-import com.jmsoftware.maf.common.domain.authcenter.user.SaveUserForRegisteringPayload;
-import com.jmsoftware.maf.common.domain.authcenter.user.SaveUserForRegisteringResponse;
-import com.jmsoftware.maf.common.domain.authcenter.user.UserStatus;
+import com.jmsoftware.maf.common.domain.authcenter.user.*;
+import com.jmsoftware.maf.common.exception.BusinessException;
+import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import lombok.val;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
 
 import javax.validation.Valid;
@@ -31,7 +32,11 @@
  */
 @Slf4j
 @Service
+@RequiredArgsConstructor
 public class UserServiceImpl extends ServiceImpl<UserMapper, UserPersistence> implements UserService {
+    private final BCryptPasswordEncoder bCryptPasswordEncoder;
+    private final JwtService jwtService;
+
     @Override
     public GetUserByLoginTokenResponse getUserByLoginToken(@NotBlank String loginToken) {
         LambdaQueryWrapper<UserPersistence> wrapper = Wrappers.lambdaQuery();
@@ -66,4 +71,19 @@ public SaveUserForRegisteringResponse saveUserForRegister(@Valid SaveUserForRegi
         response.setUserId(userPersistence.getId());
         return response;
     }
+
+    @Override
+    @SneakyThrows
+    public LoginResponse login(@Valid LoginPayload payload) {
+        val user = this.getUserByLoginToken(payload.getLoginToken());
+        log.info("User: {}", user);
+        boolean matched = bCryptPasswordEncoder.matches(payload.getPassword(), user.getPassword());
+        if (matched) {
+            String jwt = jwtService.createJwt(payload.getRememberMe(), user.getId(), user.getUsername(), null, null);
+            val response = new LoginResponse();
+            response.setJwt(jwt);
+            return response;
+        }
+        throw new BusinessException("Login failure!");
+    }
 }
diff --git a/common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/user/LoginPayload.java b/common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/user/LoginPayload.java
new file mode 100644
index 00000000..c0a6dac9
--- /dev/null
+++ b/common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/user/LoginPayload.java
@@ -0,0 +1,33 @@
+package com.jmsoftware.maf.common.domain.authcenter.user;
+
+import lombok.Data;
+import org.hibernate.validator.constraints.Length;
+
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+/**
+ * Description: LoginPayload, change description here.
+ *
+ * @author 钟俊（zhongjun）, email: zhongjun@toguide.cn, date: 12/22/2020 6:26 PM
+ **/
+@Data
+public class LoginPayload {
+    /**
+     * The Login token: username / email
+     */
+    @NotEmpty
+    @Length(max = 100)
+    private String loginToken;
+    /**
+     * The Password.
+     */
+    @NotEmpty
+    @Length(max = 60)
+    private String password;
+    /**
+     * Remember me
+     */
+    @NotNull
+    private Boolean rememberMe;
+}
diff --git a/common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/user/LoginResponse.java b/common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/user/LoginResponse.java
new file mode 100644
index 00000000..2b359988
--- /dev/null
+++ b/common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/user/LoginResponse.java
@@ -0,0 +1,13 @@
+package com.jmsoftware.maf.common.domain.authcenter.user;
+
+import lombok.Data;
+
+/**
+ * Description: LoginResponse, change description here.
+ *
+ * @author 钟俊（zhongjun）, email: zhongjun@toguide.cn, date: 12/22/2020 6:27 PM
+ **/
+@Data
+public class LoginResponse {
+    private String jwt;
+}
diff --git a/common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/user/SignupPayload.java b/common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/user/SignupPayload.java
new file mode 100644
index 00000000..da48c71a
--- /dev/null
+++ b/common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/user/SignupPayload.java
@@ -0,0 +1,33 @@
+package com.jmsoftware.maf.common.domain.authcenter.user;
+
+import lombok.Data;
+import org.hibernate.validator.constraints.Length;
+
+import javax.validation.constraints.NotEmpty;
+
+/**
+ * Description: RegisterPayload, change description here.
+ *
+ * @author 钟俊（zhongjun）, email: zhongjun@toguide.cn, date: 12/22/2020 6:27 PM
+ **/
+@Data
+public class SignupPayload {
+    /**
+     * Username (Unique)
+     */
+    @NotEmpty
+    @Length(min = 4, max = 50)
+    private String username;
+    /**
+     * Email (Unique)
+     */
+    @NotEmpty
+    @Length(max = 100)
+    private String email;
+    /**
+     * Password
+     */
+    @NotEmpty
+    @Length(min = 8, max = 30)
+    private String password;
+}