Index: ssts-web/src/main/java/com/forgon/disinfectsystem/security/userdetails/DaoUserDetailSSTSImpl.java
===================================================================
diff -u -r40542 -r40641
--- ssts-web/src/main/java/com/forgon/disinfectsystem/security/userdetails/DaoUserDetailSSTSImpl.java	(.../DaoUserDetailSSTSImpl.java)	(revision 40542)
+++ ssts-web/src/main/java/com/forgon/disinfectsystem/security/userdetails/DaoUserDetailSSTSImpl.java	(.../DaoUserDetailSSTSImpl.java)	(revision 40641)
@@ -279,10 +279,11 @@
 		String password = currentLoginedUser.getPasswd();
 		String j_passwordMd5 = null;
 		String j_passwordRsaMd5 = null;
+		String j_passwordAfterRsaDecrypt = null;
 		if(!CssdUtils.usernameIsBarcode(username) && StringUtils.isNotBlank(j_password)){
 			try {
 				j_passwordMd5 = CoderEncryption.encryptMD5ForSpringSecurity(j_password);
-				String j_passwordAfterRsaDecrypt = RSAEncrypt.decrypt(j_password);
+				j_passwordAfterRsaDecrypt = RSAEncrypt.decrypt(j_password);
 				j_passwordRsaMd5 = CoderEncryption.encryptMD5ForSpringSecurity(j_passwordAfterRsaDecrypt);
 			} catch (Exception e) {
 				logger.info("对密码进行MD5加密时出错!" + e.getMessage());
@@ -341,6 +342,19 @@
 			if(request != null){
 				userLogonRecord.setIp(request.getRemoteAddr());
 			}
+			
+			//第一次登录时，需要修改密码；检查密码复杂度；GZSZYY-121
+			boolean meetPwdComplexity = meetPwdComplexity(currentLoginedUser, j_passwordAfterRsaDecrypt);
+			if(!meetPwdComplexity){
+				logger.error("用户"+ username + "密码不符合复杂度要求，或者用户首次登录，请修改为符合要求的密码后再进行登录！");
+				if(request != null){
+					request.getSession().setAttribute("message", messageCommon);
+				}
+				//记录ip登录失败记录(GZSZYY-119【登录管理】新增多个登录功能改进(ip登录失败锁定次数，验证码刷新规则修改))
+				recordLoginFailIp(request);
+				throw new DisabledException("密码不符合复杂度要求，或者用户首次登录，请修改为符合要求的密码后再进行登录！");
+			}
+			
 			userManager.insertUserLogonRecord(userLogonRecord);
 			//如果密码一致,则清除该用户的锁定截止时间字段的值
 			currentLoginedUser.setLockEndDate(null);
@@ -433,6 +447,33 @@
 	}
 
 	/**
+	 * 第一次登录时，需要修改密码；检查密码复杂度；
+	 * @param currentLoginedUser	当前登录用户
+	 * @param j_passwordAfterRsaDecrypt	用户登录密码
+	 * @return	true/false
+	 */
+	private boolean meetPwdComplexity(User currentLoginedUser, String j_passwordAfterRsaDecrypt) {
+		if(currentLoginedUser == null || StringUtils.isBlank(j_passwordAfterRsaDecrypt)){
+			return true;
+		}
+		boolean meetPwdComplexity = true;
+		boolean modifiedPwd = currentLoginedUser.getModifiedPwd() == null ? false : currentLoginedUser.getModifiedPwd();
+		boolean needForceModifyPwdWhenFirstTime = ConfigUtils.getSystemSetConfigByNameBool("needForceModifyPwdWhenFirstTime");
+		if(needForceModifyPwdWhenFirstTime && !modifiedPwd){
+			// 开启了needForceModifyPwdWhenFirstTime配置项，第一次登录时，需要修改密码，原密码直接认定为不符合要求
+			meetPwdComplexity = false;
+		}else{
+			//开启了forceUserChangePwdWhenNotMeetPwdComplexityReq配置项，就需要检查密码复杂度
+			boolean forceUserChangePwdWhenNotMeetPwdComplexityReq =
+					ConfigUtils.getSystemSetConfigByNameBool("forceUserChangePwdWhenNotMeetPwdComplexityReq");
+			if(forceUserChangePwdWhenNotMeetPwdComplexityReq){
+				meetPwdComplexity = userManager.forceUserChangePwdWhenNotMeetPwdComplexityReq(currentLoginedUser.getName(), currentLoginedUser.getName(), j_passwordAfterRsaDecrypt);
+			}
+		}
+		return meetPwdComplexity;
+	}
+
+	/**
 	 * 登录失败后，记录IP锁定记录，及返回提示信息
 	 * @param request	请求
 	 */