diff --git a/pom.xml b/pom.xml
index 88282ee..d73f6d5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -52,6 +52,25 @@
             <artifactId>spring-boot-starter-test</artifactId>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+
     </dependencies>
 
 </project>
\ No newline at end of file
diff --git a/src/main/java/com/example/nto/controller/EmployeeController.java b/src/main/java/com/example/nto/controller/EmployeeController.java
index 8537755..9adfa49 100644
--- a/src/main/java/com/example/nto/controller/EmployeeController.java
+++ b/src/main/java/com/example/nto/controller/EmployeeController.java
@@ -1,27 +1,35 @@
 package com.example.nto.controller;
 
 import com.example.nto.entity.Employee;
+import com.example.nto.entity.User;
 import com.example.nto.service.EmployeeService;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 //я поменял на BAD_REQUEST 06.12.24 23:00
 
 @RestController
-@RequestMapping("/api")//база
+@RequestMapping("/api")
 public class EmployeeController {
     private final EmployeeService employeeService;
 
     public EmployeeController(EmployeeService employeeService) {
-
         this.employeeService = employeeService;
-
-
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
+    @GetMapping("/admin/employees")
+    public ResponseEntity<List<Employee>> getAllEmployees() {
+        List<Employee> employees = employeeService.findAll();
+        return ResponseEntity.ok(employees);
+    }
+
+
 
     @GetMapping("/{login}/auth")//auth
     public ResponseEntity<?> authenticate(@PathVariable String login) {
@@ -37,20 +45,16 @@ public class EmployeeController {
 
     }
 
-    @GetMapping("/{login}/info")//info
+    @GetMapping("/{login}/info")
     public ResponseEntity<?> getInfo(@PathVariable String login) {
         Optional<Employee> employee = employeeService.findByLogin(login);
         if (employee.isPresent()) {
             return ResponseEntity.ok(employee.get());
-
-        } else {
-            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Invalid login");
-
         }
+        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Invalid login");
     }
 
 
-
     @PatchMapping("/{login}/open")//open
     public ResponseEntity<?> openDoor(@PathVariable String login, @RequestBody Map<String, Long> payload) {
         Long code = payload.get("value");
@@ -76,5 +80,14 @@ public class EmployeeController {
             return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid code");
         }
     }
+
+    @GetMapping("/auth")
+    public ResponseEntity<?> authenticate(@RequestParam String username, @RequestParam String password) {
+        User user = userService.findByUsername(username);
+        if (user != null && passwordEncoder.matches(password, user.getPassword())) {
+            return ResponseEntity.ok("Valid login");
+        }
+        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Invalid login");
+    }
 }
 // made by truettwo and maks ))
\ No newline at end of file