diff --git a/src/main/java/br/com/zupacademy/fabiano/mercadolivre/config/security/Security.java b/src/main/java/br/com/zupacademy/fabiano/mercadolivre/config/security/Security.java
index 1d65add2..600f5fdb 100644
--- a/src/main/java/br/com/zupacademy/fabiano/mercadolivre/config/security/Security.java
+++ b/src/main/java/br/com/zupacademy/fabiano/mercadolivre/config/security/Security.java
@@ -1,16 +1,22 @@
 package br.com.zupacademy.fabiano.mercadolivre.config.security;
 
 import br.com.zupacademy.fabiano.mercadolivre.authentication.AutenticacaoService;
+import br.com.zupacademy.fabiano.mercadolivre.authentication.TokenService;
+import br.com.zupacademy.fabiano.mercadolivre.config.validation.AutenticacaoViaTokenFilter;
+import br.com.zupacademy.fabiano.mercadolivre.repository.UsuarioRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 @EnableWebSecurity
 @Configuration
@@ -18,6 +24,12 @@ public class Security extends WebSecurityConfigurerAdapter {
     @Autowired
     private AutenticacaoService autenticacaoService;
 
+    @Autowired
+    private TokenService tokenService;
+
+    @Autowired
+    private UsuarioRepository usuarioRepository;
+
     @Override
     @Bean
     protected AuthenticationManager authenticationManager() throws Exception {
@@ -32,8 +44,11 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.authorizeRequests()
-                .antMatchers("/**").permitAll()
-                .and().csrf().disable();
+                .antMatchers(HttpMethod.POST,"/usuarios").permitAll()
+                .antMatchers(HttpMethod.POST,"/auth").permitAll()
+                .anyRequest().authenticated().and().csrf().disable()
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and().addFilterBefore(new AutenticacaoViaTokenFilter(tokenService, usuarioRepository), UsernamePasswordAuthenticationFilter.class);
     }
 
     @Override
diff --git a/src/main/java/br/com/zupacademy/fabiano/mercadolivre/config/validation/AutenticacaoViaTokenFilter.java b/src/main/java/br/com/zupacademy/fabiano/mercadolivre/config/validation/AutenticacaoViaTokenFilter.java
new file mode 100644
index 00000000..163a8a01
--- /dev/null
+++ b/src/main/java/br/com/zupacademy/fabiano/mercadolivre/config/validation/AutenticacaoViaTokenFilter.java
@@ -0,0 +1,55 @@
+package br.com.zupacademy.fabiano.mercadolivre.config.validation;
+
+import br.com.zupacademy.fabiano.mercadolivre.authentication.TokenService;
+import br.com.zupacademy.fabiano.mercadolivre.modelo.Usuario;
+import br.com.zupacademy.fabiano.mercadolivre.repository.UsuarioRepository;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class AutenticacaoViaTokenFilter extends OncePerRequestFilter {
+
+    private TokenService tokenService;
+
+    private UsuarioRepository usuarioRepository;
+
+    public AutenticacaoViaTokenFilter(TokenService tokenService, UsuarioRepository usuarioRepository) {
+        this.tokenService = tokenService;
+        this.usuarioRepository = usuarioRepository;
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+
+        String token = recuperarToken(request);
+        boolean valido = tokenService.isTokenValido(token);
+        if(valido) {
+            autenticarCliente(token);
+        }
+        filterChain.doFilter(request, response);
+    }
+
+    private void autenticarCliente(String token) {
+        Long idUsuario = tokenService.getIdUsuario(token);
+        Usuario usuario = usuarioRepository.findById(idUsuario).get();
+        UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(usuario, null, usuario.getAuthorities());
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+    }
+
+    private String recuperarToken(HttpServletRequest request) {
+        String token =  request.getHeader("Authorization");
+        if(token == null || token.isEmpty() || !token.startsWith("Bearer ")) {
+            return null;
+        }
+        return token.substring(7, token.length());
+    }
+
+}