diff --git a/src/main/java/org/cmh/backend/Config/SecurityConfig.java b/src/main/java/org/cmh/backend/Config/SecurityConfig.java
index c917d0a..6ca67b9 100644
--- a/src/main/java/org/cmh/backend/Config/SecurityConfig.java
+++ b/src/main/java/org/cmh/backend/Config/SecurityConfig.java
@@ -4,6 +4,8 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
@@ -13,11 +15,28 @@ public class SecurityConfig {
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         // Use the new API to disable CSRF
         http.csrf(AbstractHttpConfigurer::disable)
-                // Permit all requests
+                // Permit all requests to specific endpoints
                 .authorizeHttpRequests(authorize -> authorize
-                        .anyRequest().permitAll()
+                        .requestMatchers("/users/register", "/users/login").permitAll() // Allow these endpoints without authentication
+                        .anyRequest().authenticated() // All other endpoints require authentication
+                )
+                // Configure form login
+                .formLogin(form -> form
+                        .loginPage("/login") // Custom login page (you need to create this endpoint)
+                        .permitAll()
+                )
+                // Configure logout
+                .logout(logout -> logout
+                        .logoutUrl("/logout")
+                        .logoutSuccessUrl("/login?logout")
+                        .permitAll()
                 );
 
         return http.build();
     }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 }
diff --git a/src/main/java/org/cmh/backend/authentication/controller/UserController.java b/src/main/java/org/cmh/backend/authentication/controller/UserController.java
index f4e6aae..0fc8dc7 100644
--- a/src/main/java/org/cmh/backend/authentication/controller/UserController.java
+++ b/src/main/java/org/cmh/backend/authentication/controller/UserController.java
@@ -20,4 +20,4 @@ public class UserController {
         User user = userService.getUserByUsername(username);
         return ResponseEntity.ok(user);
     }
-}
+}
\ No newline at end of file
diff --git a/src/main/java/org/cmh/backend/authentication/repository/UserRepository.java b/src/main/java/org/cmh/backend/authentication/repository/UserRepository.java
index 2c5116e..b1dae57 100644
--- a/src/main/java/org/cmh/backend/authentication/repository/UserRepository.java
+++ b/src/main/java/org/cmh/backend/authentication/repository/UserRepository.java
@@ -5,4 +5,4 @@ import org.springframework.data.jpa.repository.JpaRepository;
 
 public interface UserRepository extends JpaRepository<User, Long> {
     User findByUsername(String username);
-}
+}
\ No newline at end of file
diff --git a/src/main/java/org/cmh/backend/authentication/service/UserService.java b/src/main/java/org/cmh/backend/authentication/service/UserService.java
index 30e5134..0bdd5a0 100644
--- a/src/main/java/org/cmh/backend/authentication/service/UserService.java
+++ b/src/main/java/org/cmh/backend/authentication/service/UserService.java
@@ -13,4 +13,4 @@ public class UserService {
     public User getUserByUsername(String username) {
         return userRepository.findByUsername(username);
     }
-}
+}
\ No newline at end of file