diff --git a/build.gradle b/build.gradle
index 829bee4..89226b7 100644
--- a/build.gradle
+++ b/build.gradle
@@ -18,6 +18,8 @@
     implementation 'org.springframework.boot:spring-boot-starter-jersey'
     implementation 'org.springframework.boot:spring-boot-starter-web'
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
+    //spring security
+    implementation 'org.springframework.boot:spring-boot-starter-security'
     runtimeOnly 'com.h2database:h2'
     providedRuntime 'org.springframework.boot:spring-boot-starter-tomcat'
     testImplementation('org.springframework.boot:spring-boot-starter-test') {
diff --git a/src/main/java/com/example/springtest/demo/SecurityConfig.java b/src/main/java/com/example/springtest/demo/SecurityConfig.java
new file mode 100644
index 0000000..620067b
--- /dev/null
+++ b/src/main/java/com/example/springtest/demo/SecurityConfig.java
@@ -0,0 +1,22 @@
+package com.example.springtest.demo;
+
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web.ignoring().mvcMatchers("/users/**");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+                .authorizeRequests()
+                    .mvcMatchers("/", "/users*", "/users/{uId}*"/*, "h2-console*"*/).permitAll();
+    }
+}
diff --git a/src/main/java/com/example/springtest/demo/entities/User.java b/src/main/java/com/example/springtest/demo/entities/User.java
index 684a3b3..64806f8 100644
--- a/src/main/java/com/example/springtest/demo/entities/User.java
+++ b/src/main/java/com/example/springtest/demo/entities/User.java
@@ -1,6 +1,9 @@
 package com.example.springtest.demo.entities;
 
+import com.fasterxml.jackson.annotation.JsonProperty;
+
 import javax.persistence.*;
+import java.net.URI;
 
 @Entity // This tells Hibernate to make a table out of this class
 @Table(name="USERS")
@@ -9,8 +12,9 @@
 //    @GeneratedValue(strategy= GenerationType.AUTO)
     public String uId;
     public String name;
+    @JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
     public String password;
-    public String uri;
+    public URI uri;
 
     public User() {
     }
@@ -19,6 +23,7 @@
         this.uId = uId;
         this.name = name;
         this.password = password;
+        this.uri = URI.create("./users/" + uId);
     }
 
 //    public User(String uId, String name, String password, String uri) {
@@ -52,7 +57,7 @@
         this.password = password;
     }
 
-    public void setUri(String uri) {
+    public void setUri(URI uri) {
         this.uri = uri;
     }
 }
diff --git a/src/main/java/com/example/springtest/demo/repositories/UserRepository.java b/src/main/java/com/example/springtest/demo/repositories/UserRepository.java
index d70bb2e..8c9729d 100644
--- a/src/main/java/com/example/springtest/demo/repositories/UserRepository.java
+++ b/src/main/java/com/example/springtest/demo/repositories/UserRepository.java
@@ -3,5 +3,8 @@
 import com.example.springtest.demo.entities.User;
 import org.springframework.data.repository.CrudRepository;
 
+import java.util.List;
+
 public interface UserRepository extends CrudRepository<User, String> {
+    List<User> findByName(String name);
 }
diff --git a/src/main/java/com/example/springtest/demo/resources/UsersRest.java b/src/main/java/com/example/springtest/demo/resources/UsersRest.java
index 8b4ab4a..b4fb9e5 100644
--- a/src/main/java/com/example/springtest/demo/resources/UsersRest.java
+++ b/src/main/java/com/example/springtest/demo/resources/UsersRest.java
@@ -4,6 +4,8 @@
 import com.example.springtest.demo.repositories.UserRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.lang.Nullable;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Component;
 
 import javax.ws.rs.*;
@@ -19,7 +21,11 @@
     @Autowired // This means to get the bean called userRepository
     // Which is auto-generated by Spring, we will use it to handle the data
     private UserRepository userRepository;
-//    @GET
+
+    // BCrypt
+    PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+
+    //    @GET
 //    public String getUser(@QueryParam("uId") String uId, @QueryParam("name") String name, @QueryParam("password") String password) {
 //        ObjectMapper objectMapper = new ObjectMapper();
 //        String json = null;
@@ -38,13 +44,14 @@
 //        return users.values();    // JSONが返る
             return userRepository.findAll();
         } else {
-            List<User> users = new ArrayList<>();
-            for(User user: userRepository.findAll()) {
-                if (user.getName().equals(name)) {
-                    users.add(user);
-                }
-            }
-            return users;
+            return userRepository.findByName(name);
+//            List<User> users = new ArrayList<>();
+//            for(User user: userRepository.findAll()) {
+//                if (user.getName().equals(name)) {
+//                    users.add(user);
+//                }
+//            }
+//            return users;
         }
     }
 
@@ -81,7 +88,7 @@
     @Produces(MediaType.APPLICATION_JSON)
     public User createUser(@FormParam("name") String name, @FormParam("password") String password) {
         String uId = UUID.randomUUID().toString();
-        User user = new User(uId, name, password);
+        User user = new User(uId, name, getHashedPassword(password));
 //        users.put(uId, user);
         return userRepository.save(user);
     }
@@ -93,8 +100,8 @@
 //        User user = users.get(uId);
         Optional<User> user = userRepository.findById(uId);
         if (user.isPresent()) {
-            user.get().setName(name);
-            user.get().setPassword(password);
+            if (name != null) user.get().setName(name);
+            if (password != null) user.get().setPassword(getHashedPassword(password));
             return userRepository.save(user.get());    // JSONが返る
         } else { // uIdが無ければ
             throw new WebApplicationException(404);    // 404が返る
@@ -113,4 +120,10 @@
             throw new WebApplicationException(410);    // 410が返る(GONE)
         }
     }
+
+    // ハッシュ値取得
+    private String getHashedPassword(String password) {
+        String hash = passwordEncoder.encode(password);
+        return hash;
+    }
 }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 18028a3..b398c26 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,3 +1,6 @@
+#acutuator�Ɋւ���|�[�g�ԍ��E�R���e�L�X�g�p�X
+management.server.port=9001
+management.server.servlet.context-path=/jerseydemo
 server.servlet.context-path=/demo
 # �g�p����f�[�^�\�[�X�̃N���X���i�ȗ������ꍇ�Ɠ����ݒ�j
 #spring.datasource.type=com.zaxxer.hikari.HikariDataSource