diff --git a/src/main/java/com/govmade/common/utils/Assert.java b/src/main/java/com/govmade/common/utils/Assert.java
new file mode 100644
index 0000000000000000000000000000000000000000..821469f7494aec3d6183cfa1b1e20e895b881895
--- /dev/null
+++ b/src/main/java/com/govmade/common/utils/Assert.java
@@ -0,0 +1,24 @@
+package com.govmade.common.utils;
+
+import org.apache.commons.lang.StringUtils;
+
+import com.govmade.common.exception.RRException;
+
+/**
+ * 数据校验
+ * 
+ */
+public abstract class Assert {
+
+    public static void isBlank(String str, String message) {
+        if (StringUtils.isBlank(str)) {
+            throw new RRException(message);
+        }
+    }
+
+    public static void isNull(Object object, String message) {
+        if (object == null) {
+            throw new RRException(message);
+        }
+    }
+}
diff --git a/src/main/java/com/govmade/common/utils/ShiroUtils.java b/src/main/java/com/govmade/common/utils/ShiroUtils.java
new file mode 100644
index 0000000000000000000000000000000000000000..a2a8853d3fd02abdee2159ec37f76529b95bbc6b
--- /dev/null
+++ b/src/main/java/com/govmade/common/utils/ShiroUtils.java
@@ -0,0 +1,57 @@
+package com.govmade.common.utils;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.Subject;
+
+import com.govmade.common.exception.RRException;
+import com.govmade.modules.system.entity.UserEntity;
+
+/**
+ * Shiro工具类
+ * 
+ */
+public class ShiroUtils {
+
+	public static Session getSession() {
+		return SecurityUtils.getSubject().getSession();
+	}
+
+	public static Subject getSubject() {
+		return SecurityUtils.getSubject();
+	}
+
+	public static UserEntity getUserEntity() {
+		return (UserEntity) SecurityUtils.getSubject().getPrincipal();
+	}
+
+	public static Long getUserId() {
+		return getUserEntity().getId();
+	}
+
+	public static void setSessionAttribute(Object key, Object value) {
+		getSession().setAttribute(key, value);
+	}
+
+	public static Object getSessionAttribute(Object key) {
+		return getSession().getAttribute(key);
+	}
+
+	public static boolean isLogin() {
+		return SecurityUtils.getSubject().getPrincipal() != null;
+	}
+
+	public static void logout() {
+		SecurityUtils.getSubject().logout();
+	}
+
+	public static String getKaptcha(String key) {
+		Object kaptcha = getSessionAttribute(key);
+		if (kaptcha == null) {
+			throw new RRException("验证码已失效");
+		}
+		getSession().removeAttribute(key);
+		return kaptcha.toString();
+	}
+
+}
diff --git a/src/main/java/com/govmade/modules/system/controller/UserController.java b/src/main/java/com/govmade/modules/system/controller/UserController.java
index 3009a9e8b52fb5434782cbc260f1db0515cfbfe9..5ee4712f3ca403909abd5aec501068c53ea8e04f 100644
--- a/src/main/java/com/govmade/modules/system/controller/UserController.java
+++ b/src/main/java/com/govmade/modules/system/controller/UserController.java
@@ -3,23 +3,28 @@ package com.govmade.modules.system.controller;
 import java.util.Map;
 import java.util.Set;
 
+import org.apache.shiro.crypto.hash.Sha256Hash;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
+import com.govmade.common.utils.Assert;
 import com.govmade.common.utils.Constant;
 import com.govmade.common.utils.PageUtils;
 import com.govmade.common.utils.R;
+import com.govmade.common.utils.ShiroUtils;
 import com.govmade.modules.basic.controller.AbstractController;
 import com.govmade.modules.system.entity.UserEntity;
 import com.govmade.modules.system.service.UserService;
 
 import cn.hutool.crypto.SecureUtil;
+import io.swagger.annotations.ApiOperation;
 
 /**
  * 系统管理 - 用户设置
@@ -111,5 +116,25 @@ public class UserController extends AbstractController {
         
         return R.ok();
     }
+    
+    /**
+     * 修改登录用户密码
+     */
+    @PutMapping("updatePassword")
+    public R password(String password, String newPassword) {
+        Assert.isBlank(newPassword, "新密码不为能空");
+
+        password = new Sha256Hash(password).toHex();
+        newPassword = new Sha256Hash(newPassword).toHex();
+
+        //int count = userService.updatePassword(ShiroUtils.getUserId(), password, newPassword);
+//        if (count == 0) {
+//            return R.error("原密码不正确");
+//        }
+
+        ShiroUtils.logout();
+
+        return R.ok();
+    }
 
 }