diff --git a/hippo4j-server/hippo4j-auth/pom.xml b/hippo4j-server/hippo4j-auth/pom.xml
index c4fa4446..11164c20 100644
--- a/hippo4j-server/hippo4j-auth/pom.xml
+++ b/hippo4j-server/hippo4j-auth/pom.xml
@@ -44,6 +44,11 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.hibernate.validator</groupId>
+            <artifactId>hibernate-validator</artifactId>
+            <version>${hibernate-validator.version}</version>
+        </dependency>
         <dependency>
             <groupId>io.jsonwebtoken</groupId>
             <artifactId>jjwt</artifactId>
diff --git a/hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/model/biz/user/UserReqDTO.java b/hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/model/biz/user/UserReqDTO.java
index 4dd3586c..01dbc286 100644
--- a/hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/model/biz/user/UserReqDTO.java
+++ b/hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/model/biz/user/UserReqDTO.java
@@ -19,23 +19,28 @@ package cn.hippo4j.auth.model.biz.user;
 
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import lombok.Data;
+import lombok.EqualsAndHashCode;
 import lombok.experimental.Accessors;
+import org.hibernate.validator.constraints.Length;
 
 /**
  * User req dto.
  */
 @Data
 @Accessors(chain = true)
+@EqualsAndHashCode(callSuper = true)
 public class UserReqDTO extends Page {
 
     /**
      * userName
      */
+    @Length(max = 64, message = "用户名最长为64个字符")
     private String userName;
 
     /**
      * password
      */
+    @Length(min = 6, message = "密码最少为6个字符")
     private String password;
 
     /**
diff --git a/hippo4j-server/hippo4j-console/src/main/java/cn/hippo4j/console/controller/UserController.java b/hippo4j-server/hippo4j-console/src/main/java/cn/hippo4j/console/controller/UserController.java
index e30719c0..0d7be1e4 100644
--- a/hippo4j-server/hippo4j-console/src/main/java/cn/hippo4j/console/controller/UserController.java
+++ b/hippo4j-server/hippo4j-console/src/main/java/cn/hippo4j/console/controller/UserController.java
@@ -29,6 +29,7 @@ import cn.hippo4j.common.web.base.Result;
 import cn.hippo4j.common.web.base.Results;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import lombok.AllArgsConstructor;
+import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -74,7 +75,7 @@ public class UserController {
     }
 
     @PostMapping("/add")
-    public Result<Void> addUser(@RequestBody UserReqDTO reqDTO) {
+    public Result<Void> addUser(@Validated @RequestBody UserReqDTO reqDTO) {
         userService.addUser(reqDTO);
         return Results.success();
     }