diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/ChangePasswodController.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/ChangePasswodController.java
index e3360fa02..62ad4aa24 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/ChangePasswodController.java
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/ChangePasswodController.java
@@ -69,7 +69,9 @@ public class ChangePasswodController {
 	public ResponseEntity<?> changePasswod(
 			@RequestBody ChangePassword changePassword,
 			@CurrentUser UserInfo currentUser) {
-
+		if(!currentUser.getId().equals(changePassword.getId())){
+			return null;
+		}
 		changePassword.setUserId(currentUser.getId());
 		changePassword.setUsername(currentUser.getUsername());
 		changePassword.setInstId(currentUser.getInstId());
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/ProfileController.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/ProfileController.java
index 6f41cae89..8cb606635 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/ProfileController.java
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/ProfileController.java
@@ -66,7 +66,9 @@ public class ProfileController {
 				@CurrentUser UserInfo currentUser,
                 BindingResult result) {
         logger.debug(userInfo.toString());
-
+        if(!currentUser.getId().equals(userInfo.getId())){
+            return null;
+        }
 //		if(userInfo.getExtraAttributeValue()!=null){
 //			String []extraAttributeLabel=userInfo.getExtraAttributeName().split(",");
 //			String []extraAttributeValue=userInfo.getExtraAttributeValue().split(",");