diff --git a/src/main/java/com/mirna/hospitalmanagementapi/infra/security/config/WebSecurityConfiguration.java b/src/main/java/com/mirna/hospitalmanagementapi/infra/security/config/WebSecurityConfiguration.java
index af22d06..3d30f9b 100644
--- a/src/main/java/com/mirna/hospitalmanagementapi/infra/security/config/WebSecurityConfiguration.java
+++ b/src/main/java/com/mirna/hospitalmanagementapi/infra/security/config/WebSecurityConfiguration.java
@@ -1,7 +1,9 @@
 package com.mirna.hospitalmanagementapi.infra.security.config;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -10,15 +12,26 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+import com.mirna.hospitalmanagementapi.infra.security.filters.AuthTokenFilter;
 
 @Configuration
 @EnableWebSecurity
 public class WebSecurityConfiguration {
 
+	@Autowired
+	private AuthTokenFilter authTokenFilter;
+	 
 	@Bean
 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-		return http.csrf(csrf -> csrf.disable())
+		return   http.csrf(csrf -> csrf.disable())
 	            .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+	            .authorizeHttpRequests(req -> {
+	                req.requestMatchers(HttpMethod.POST, "/api/auth").permitAll();
+	                req.anyRequest().authenticated();
+	            })
+	            .addFilterBefore(authTokenFilter, UsernamePasswordAuthenticationFilter.class)
 	            .build();
 	}