diff --git a/src/main/java/com/glxp/api/constant/Constant.java b/src/main/java/com/glxp/api/constant/Constant.java
index 7887d34eb..a55bce90b 100644
--- a/src/main/java/com/glxp/api/constant/Constant.java
+++ b/src/main/java/com/glxp/api/constant/Constant.java
@@ -334,4 +334,7 @@ public class Constant {
     public static final Integer SK_PRO_DSB_TYPE = 1;//1：定数包，内部使用
     public static final Integer SK_PRO_THR_TYPE = 2;//2：项目、组套外部关联
     public static final Integer SK_PRO_SS_TYPE = 3;//3：术式组套
+
+    //密码错误次数
+    public static final String PASSWORD_ERROR_COUNT = "PasswordErrorCount";
 }
diff --git a/src/main/java/com/glxp/api/controller/auth/LoginController.java b/src/main/java/com/glxp/api/controller/auth/LoginController.java
index 0c173906c..3b60d9264 100644
--- a/src/main/java/com/glxp/api/controller/auth/LoginController.java
+++ b/src/main/java/com/glxp/api/controller/auth/LoginController.java
@@ -62,7 +62,8 @@ public class LoginController extends BaseController {
     private CompanyService companyService;
     @Resource
     private AuthLicenseDao authLicenseDao;
-
+    @Resource
+    RedisUtil redisUtil;
 
     /**
      * 用户登录
@@ -82,18 +83,26 @@ public class LoginController extends BaseController {
             throw new JsonException(ResultEnum.DATA_NOT, "用户名或密码错误");
         }
 
-        log.info(loginRequest.getPassword());
-        log.info(PasswordUtils.authAdminPwd(authAdmin.getPassWord()));
+        //验证错误了几次
+        Integer errorCount = (Integer) redisUtil.get(Constant.PASSWORD_ERROR_COUNT + authAdmin.getId());
+        if (errorCount == null ){
+            errorCount = 0;
+        }else {
+            if (errorCount == 5){
+                throw new JsonException(ResultEnum.DATA_NOT, "已连续5次输入错误密码，账号被锁定30分钟！");
+            }
+        }
         if (PasswordUtils.authAdminPwd(loginRequest.getPassword()).equals(PasswordUtils.authAdminPwd(authAdmin.getPassWord()))
-                || loginRequest.getPassword().equals(authAdmin.getPassWord())
-                || (loginRequest.getPassword().equals(PasswordUtils.authAdminPwd(authAdmin.getPassWord())))
+                || loginRequest.getPassword().equals(authAdmin.getPassWord()) || (loginRequest.getPassword().equals(PasswordUtils.authAdminPwd(authAdmin.getPassWord())))
         ) {
-
+            redisUtil.del(Constant.PASSWORD_ERROR_COUNT+authAdmin.getId());
         } else {
             if (!PasswordUtils.authAdminPwd(loginRequest.getPassword()).equals(SecureUtil.sha256(authAdmin.getPassWord()))) {
+                redisUtil.set(Constant.PASSWORD_ERROR_COUNT+authAdmin.getId(), errorCount + 1,30*60);
                 throw new JsonException(ResultEnum.DATA_NOT, "用户名或密码错误");
             }
         }
+
         if (authAdmin.getUserFlag() == 0) {
             throw new JsonException(ResultEnum.DATA_NOT, "该用户已被禁用！");
         }