diff --git a/src/main/java/com/opengroupe/cloud/saas/Application.java b/src/main/java/com/opengroupe/cloud/saas/Application.java
index 8902a7b..4e2ac8f 100644
--- a/src/main/java/com/opengroupe/cloud/saas/Application.java
+++ b/src/main/java/com/opengroupe/cloud/saas/Application.java
@@ -2,7 +2,9 @@ package com.opengroupe.cloud.saas;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
 
+//@EnableOAuth2Sso
 @SpringBootApplication
 public class Application {
 
diff --git a/src/main/java/com/opengroupe/cloud/saas/config/WebSecurityConfig.java b/src/main/java/com/opengroupe/cloud/saas/config/WebSecurityConfiguration.java
similarity index 61%
rename from src/main/java/com/opengroupe/cloud/saas/config/WebSecurityConfig.java
rename to src/main/java/com/opengroupe/cloud/saas/config/WebSecurityConfiguration.java
index 7cf2cab..e879faf 100644
--- a/src/main/java/com/opengroupe/cloud/saas/config/WebSecurityConfig.java
+++ b/src/main/java/com/opengroupe/cloud/saas/config/WebSecurityConfiguration.java
@@ -1,15 +1,20 @@
 package com.opengroupe.cloud.saas.config;
 
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
 @Configuration
 @EnableWebSecurity
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
-		http.authorizeRequests().anyRequest().permitAll();
+		http.csrf().disable()
+			.authorizeRequests()
+				.antMatchers(HttpMethod.GET, "/**").anonymous()
+				.antMatchers(HttpMethod.POST, "/api/**").anonymous()
+				.anyRequest().permitAll();
 	}
 }