diff --git a/backend/src/main/java/io/dataease/auth/config/F2CRealm.java b/backend/src/main/java/io/dataease/auth/config/F2CRealm.java
index 46b942ef48..719f6db9d9 100644
--- a/backend/src/main/java/io/dataease/auth/config/F2CRealm.java
+++ b/backend/src/main/java/io/dataease/auth/config/F2CRealm.java
@@ -68,6 +68,9 @@ public class F2CRealm extends AuthorizingRealm {
         if (user == null) {
             throw new AuthenticationException("User didn't existed!");
         }
+        if (user.getEnabled()==0) {
+            throw new AuthenticationException("User is valid!");
+        }
         String pass = null;
         try {
             pass = user.getPassword();
diff --git a/backend/src/main/java/io/dataease/auth/server/AuthServer.java b/backend/src/main/java/io/dataease/auth/server/AuthServer.java
index 6c454034f7..56211cab1d 100644
--- a/backend/src/main/java/io/dataease/auth/server/AuthServer.java
+++ b/backend/src/main/java/io/dataease/auth/server/AuthServer.java
@@ -35,10 +35,14 @@ public class AuthServer implements AuthApi {
         String username = loginDto.getUsername();
         String password = loginDto.getPassword();
         SysUserEntity user = authUserService.getUserByName(username);
-        String realPwd = user.getPassword();
+
         if (ObjectUtils.isEmpty(user)){
             throw new RuntimeException("没有该用户！");
         }
+        if (user.getEnabled()==0){
+            throw new RuntimeException("用户已经失效！");
+        }
+        String realPwd = user.getPassword();
         //私钥解密
         String pwd = RsaUtil.decryptByPrivateKey(RsaProperties.privateKey, password);
         //md5加密
diff --git a/backend/src/main/java/io/dataease/service/sys/SysUserService.java b/backend/src/main/java/io/dataease/service/sys/SysUserService.java
index 85ccfc0ef2..096eb96511 100644
--- a/backend/src/main/java/io/dataease/service/sys/SysUserService.java
+++ b/backend/src/main/java/io/dataease/service/sys/SysUserService.java
@@ -15,12 +15,12 @@ import io.dataease.controller.sys.base.BaseGridRequest;
 import io.dataease.controller.sys.request.SysUserCreateRequest;
 import io.dataease.controller.sys.request.SysUserPwdRequest;
 import io.dataease.controller.sys.request.SysUserStateRequest;
-import io.dataease.controller.sys.request.UserGridRequest;
 import io.dataease.controller.sys.response.SysUserGridResponse;
 import io.dataease.controller.sys.response.SysUserRole;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -31,7 +31,10 @@ import java.util.stream.Collectors;
 @Service
 public class SysUserService {
 
-    private final static String DEFAULT_PWD = "DataEase123..";
+    //private final static String DEFAULT_PWD = "DataEase123..";
+
+    @Value("${dataease.init_password:DataEase123..}")
+    private String DEFAULT_PWD;
 
     @Resource
     private SysUserMapper sysUserMapper;
@@ -89,6 +92,7 @@ public class SysUserService {
     }
 
 
+    @CacheEvict(value = AuthConstants.USER_CACHE_NAME, key = "'user' + #request.userId")
     public int updateStatus(SysUserStateRequest request){
         SysUser sysUser = new SysUser();
         sysUser.setUserId(request.getUserId());