public HttpHeaders doPasswd() { AuthUserDetails authUserDetails = AuthContextHolder.getAuthUserDetails(); Assert.notNull(authUserDetails); HttpServletRequest request = ServletActionContext.getRequest(); String oldpasswd = request.getParameter("oldpasswd"); String newpasswd = request.getParameter("newpasswd"); Assert.isTrue(StringUtils.isNotBlank(oldpasswd)); Assert.isTrue(StringUtils.isNotBlank(newpasswd)); User user = userService.findByUid(authUserDetails.getUid()); String encodedPasswd = userService.encodeUserPasswd(user, oldpasswd); if (!encodedPasswd.equals(user.getPassword())) { setModel(OperationResult.buildFailureResult("原密码不正确,请重新输入")); } else { userService.save(user, newpasswd); setModel(OperationResult.buildSuccessResult("密码修改成功,请在下次登录使用新密码")); } return new DefaultHttpHeaders().disableCaching(); }