diff --git a/src/main/java/com/example/springdemo/security/DefaultSecurityConfigure.java b/src/main/java/com/example/springdemo/security/DefaultSecurityConfigure.java
new file mode 100644
index 0000000..da2dcff
--- /dev/null
+++ b/src/main/java/com/example/springdemo/security/DefaultSecurityConfigure.java
@@ -0,0 +1,31 @@
+package com.example.springdemo.security;
+
+import org.jetbrains.annotations.NotNull;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity // Enable Spring Security
+public class DefaultSecurityConfigure {
+    @Bean
+    public SecurityFilterChain defaultSecurityFilterChain(@NotNull HttpSecurity http) throws Exception {
+        var ignoreUrls = new String[]{""};
+        var authedUrls = new String[]{"/users"};
+        http.authorizeHttpRequests(
+                        (req) -> req.requestMatchers(ignoreUrls).permitAll()
+                )
+                .authorizeHttpRequests(
+                        (req) -> req.requestMatchers(authedUrls).authenticated()
+                )
+                .formLogin(Customizer.withDefaults())
+                .csrf(AbstractHttpConfigurer::disable)
+                .logout(LogoutConfigurer::permitAll);
+        return http.build();
+    }
+}