Index: forgon-core/src/main/java/com/forgon/directory/action/PersonalSettingAction.java
===================================================================
diff -u -r29164 -r40637
--- forgon-core/src/main/java/com/forgon/directory/action/PersonalSettingAction.java	(.../PersonalSettingAction.java)	(revision 29164)
+++ forgon-core/src/main/java/com/forgon/directory/action/PersonalSettingAction.java	(.../PersonalSettingAction.java)	(revision 40637)
@@ -6,6 +6,7 @@
 
 import net.sf.json.JSONObject;
 
+import org.apache.commons.lang.StringUtils;
 import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
 import org.springframework.security.authentication.encoding.PasswordEncoder;
 
@@ -15,6 +16,7 @@
 import com.forgon.security.model.User;
 import com.forgon.tools.StrutsParamUtils;
 import com.forgon.tools.StrutsResponseUtils;
+import com.forgon.tools.crypto.rsa.RSAEncrypt;
 import com.google.gson.JsonArray;
 
 /**
@@ -52,7 +54,14 @@
 	}
 	public void save() {
 		Long id = AcegiHelper.getLoginUser().getUserId();
-		User user = personalSettingManager.getUserByproperty("id", id);
+		String userName = StrutsParamUtils.getPraramValue("userName", "");
+		String j_useNameAfterRsaDecrypt = RSAEncrypt.decrypt(userName);
+		User user = null;
+		if(StringUtils.isNotBlank(userName)){
+			user = personalSettingManager.getUserByproperty("name", j_useNameAfterRsaDecrypt);
+		}else{
+			user = personalSettingManager.getUserByproperty("id", id);
+		}
 		JSONObject jSONObject = new JSONObject();
 		jSONObject.put("success", true);
 //		if(newPassword.length()<6){
Index: forgon-core/src/main/java/com/forgon/security/action/UserAction.java
===================================================================
diff -u -r39758 -r40637
--- forgon-core/src/main/java/com/forgon/security/action/UserAction.java	(.../UserAction.java)	(revision 39758)
+++ forgon-core/src/main/java/com/forgon/security/action/UserAction.java	(.../UserAction.java)	(revision 40637)
@@ -1,7 +1,5 @@
 package com.forgon.security.action;
 
-import java.util.List;
-import java.util.Map;
 import java.util.Set;
 
 import javax.servlet.http.HttpServletRequest;
@@ -23,6 +21,7 @@
 import com.forgon.security.service.UserManager;
 import com.forgon.tools.StrutsParamUtils;
 import com.forgon.tools.StrutsResponseUtils;
+import com.forgon.tools.crypto.coder.CoderEncryption;
 import com.forgon.tools.crypto.rsa.RSAEncrypt;
 import com.forgon.tools.json.JSONUtil;
 import com.forgon.tools.util.ConfigUtils;
@@ -51,15 +50,29 @@
 
 	/**
 	 * 根据用户id判断是否已经修改密码,或者密码复杂度是否符合
-	 * meetPwdComplexity:  true:符合复杂度要求，不需要修改密码；false:不符合复杂度要求，需要修改密码；
+	 * meetPwdComplexity:  true:符合复杂度要求，不需要修改密码；用户名和密码异常；
+	 * 						false:不符合复杂度要求，需要修改密码；
+	 * 								开启了needForceModifyPwdWhenFirstTime配置项，第一次登录时，需要修改密码，原密码直接认定为不符合要求；
 	 */
 	public void isModifiedPwdByUser(){
 		StrutsParamUtils.getResponse().setCharacterEncoding("utf8");
 		String password = StrutsParamUtils.getPraramValue("password", "");
 		String userName = StrutsParamUtils.getPraramValue("userName", "");
-		User user = userManager.getCurrentUser();
 		Boolean meetPwdComplexity = true;
-		if(user != null){
+		try {
+			if(StringUtils.isBlank(userName) || StringUtils.isBlank(password)){
+				throw new RuntimeException("用户名或密码不能为空！");
+			}
+			String j_passwordAfterRsaDecrypt = RSAEncrypt.decrypt(password);
+			String j_passwordRsaMd5 = CoderEncryption.encryptMD5ForSpringSecurity(j_passwordAfterRsaDecrypt);
+			String j_useNameAfterRsaDecrypt = RSAEncrypt.decrypt(userName);
+			User user = userManager.getUserByUserCode(j_useNameAfterRsaDecrypt);
+			if(user == null){
+				throw new RuntimeException("用户名异常！");
+			}
+			if(!StringUtils.equals(user.getPasswd(), j_passwordRsaMd5)){
+				throw new RuntimeException("密码错误！");
+			}
 			Boolean modifiedPwd = user.getModifiedPwd() == null ? false :user.getModifiedPwd();
 			Boolean needForceModifyPwdWhenFirstTime = ConfigUtils.getSystemSetConfigByNameBool("needForceModifyPwdWhenFirstTime");
 			if(needForceModifyPwdWhenFirstTime && !modifiedPwd){
@@ -69,12 +82,12 @@
 				//开启了forceUserChangePwdWhenNotMeetPwdComplexityReq配置项，就需要检查密码复杂度
 				Boolean forceUserChangePwdWhenNotMeetPwdComplexityReq =
 						ConfigUtils.getSystemSetConfigByNameBool("forceUserChangePwdWhenNotMeetPwdComplexityReq");
-				if(forceUserChangePwdWhenNotMeetPwdComplexityReq && StringUtils.isNotBlank(userName)){
-					String j_passwordAfterRsaDecrypt = RSAEncrypt.decrypt(password);
-					String j_useNameAfterRsaDecrypt = RSAEncrypt.decrypt(userName);
+				if(forceUserChangePwdWhenNotMeetPwdComplexityReq){
 					meetPwdComplexity = userManager.forceUserChangePwdWhenNotMeetPwdComplexityReq(user.getName(), j_useNameAfterRsaDecrypt, j_passwordAfterRsaDecrypt);
 				}
 			}
+		} catch (Exception e) {
+			e.printStackTrace();
 		}
 		StrutsResponseUtils.output(meetPwdComplexity);
 	}