diff --git a/springcloud/apigateway-service/build.gradle b/springcloud/apigateway-service/build.gradle
index 378fc114..eaba4d5b 100644
--- a/springcloud/apigateway-service/build.gradle
+++ b/springcloud/apigateway-service/build.gradle
@@ -23,8 +23,12 @@ ext {
 }
 
 dependencies {
+    implementation 'org.springframework.boot:spring-boot-starter-actuator'
+
     implementation 'org.springframework.cloud:spring-cloud-starter-gateway'
     implementation 'org.springframework.cloud:spring-cloud-starter-netflix-eureka-client'
+    implementation 'org.springframework.cloud:spring-cloud-starter-config'
+    implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap'
 
     implementation group: 'io.jsonwebtoken', name: 'jjwt', version: '0.9.1'
     implementation group: 'javax.xml.bind', name: 'jaxb-api'
diff --git a/springcloud/apigateway-service/src/main/java/com/example/apigatewayservice/ApigatewayServiceApplication.java b/springcloud/apigateway-service/src/main/java/com/example/apigatewayservice/ApigatewayServiceApplication.java
index 145ebb31..23322b38 100644
--- a/springcloud/apigateway-service/src/main/java/com/example/apigatewayservice/ApigatewayServiceApplication.java
+++ b/springcloud/apigateway-service/src/main/java/com/example/apigatewayservice/ApigatewayServiceApplication.java
@@ -1,7 +1,10 @@
 package com.example.apigatewayservice;
 
 import org.springframework.boot.SpringApplication;
+import org.springframework.boot.actuate.trace.http.HttpTraceRepository;
+import org.springframework.boot.actuate.trace.http.InMemoryHttpTraceRepository;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
 
 @SpringBootApplication
 public class ApigatewayServiceApplication {
@@ -10,4 +13,8 @@ public class ApigatewayServiceApplication {
         SpringApplication.run(ApigatewayServiceApplication.class, args);
     }
 
+    @Bean
+    public HttpTraceRepository httpTraceRepository() {
+        return new InMemoryHttpTraceRepository();
+    }
 }
diff --git a/springcloud/apigateway-service/src/main/java/com/example/apigatewayservice/filter/AuthorizationHeaderFilter.java b/springcloud/apigateway-service/src/main/java/com/example/apigatewayservice/filter/AuthorizationHeaderFilter.java
index 1670f2db..dc1e8e84 100644
--- a/springcloud/apigateway-service/src/main/java/com/example/apigatewayservice/filter/AuthorizationHeaderFilter.java
+++ b/springcloud/apigateway-service/src/main/java/com/example/apigatewayservice/filter/AuthorizationHeaderFilter.java
@@ -1,7 +1,6 @@
 package com.example.apigatewayservice.filter;
 
 import io.jsonwebtoken.Jwts;
-import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.cloud.gateway.filter.GatewayFilter;
 import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
@@ -41,6 +40,9 @@ public class AuthorizationHeaderFilter extends AbstractGatewayFilterFactory<Auth
             String authorizationHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION).get(0);
             String jwt = authorizationHeader.replace("Bearer ", "");
 
+            System.out.println("jwt = " + jwt);
+            System.out.println(env.getProperty("token.secret"));
+
             if (!isJwtValid(jwt)) {
                 return onError(exchange, "JWT token is not vaild", HttpStatus.UNAUTHORIZED);
             }
@@ -65,7 +67,8 @@ public class AuthorizationHeaderFilter extends AbstractGatewayFilterFactory<Auth
         if (subject == null || subject.isEmpty()) {
             returnValue = false;
         }
-
+        System.out.println(subject);
+        System.out.println(returnValue);
         return returnValue;
     }
 
diff --git a/springcloud/apigateway-service/src/main/resources/application.yml b/springcloud/apigateway-service/src/main/resources/application.yml
index 6e098ba9..4fe35332 100644
--- a/springcloud/apigateway-service/src/main/resources/application.yml
+++ b/springcloud/apigateway-service/src/main/resources/application.yml
@@ -56,6 +56,14 @@ spring:
             - RemoveRequestHeader=Cookie
             - RewritePath=/user-service/(?<segment>.*), /$\{segment}
             - AuthorizationHeaderFilter
+        - id: user-service
+          uri: lb://USER-SERVICE
+          predicates:
+            - Path=/user-service/actuator/**
+            - Method=GET, POST
+          filters:
+            - RemoveRequestHeader=Cookie
+            - RewritePath=/user-service/(?<segment>.*), /$\{segment}
 
         - id: first-service
           uri: lb://MY-FIRST-SERVICE
@@ -80,5 +88,11 @@ spring:
                 preLogger: true
                 postLogger: true
 
-token:
-  secret: user_token
\ No newline at end of file
+#token:
+#  secret: user_token
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: refresh, health, beans, httptrace
\ No newline at end of file
diff --git a/springcloud/apigateway-service/src/main/resources/bootstrap.yml b/springcloud/apigateway-service/src/main/resources/bootstrap.yml
new file mode 100644
index 00000000..9b3dfcb6
--- /dev/null
+++ b/springcloud/apigateway-service/src/main/resources/bootstrap.yml
@@ -0,0 +1,5 @@
+spring:
+  cloud:
+    config:
+      uri: http://127.0.0.1:8888
+      name: ecommerce
\ No newline at end of file
diff --git a/springcloud/user-service/src/main/java/com/example/userservice/security/WebSecurity.java b/springcloud/user-service/src/main/java/com/example/userservice/security/WebSecurity.java
index 8957b5c0..f4c338d8 100644
--- a/springcloud/user-service/src/main/java/com/example/userservice/security/WebSecurity.java
+++ b/springcloud/user-service/src/main/java/com/example/userservice/security/WebSecurity.java
@@ -30,10 +30,10 @@ public class WebSecurity extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) throws Exception {
         http.csrf().disable().headers().frameOptions().disable();
 
-//        http.authorizeRequests().antMatchers("/users/**").permitAll();
+        http.authorizeRequests().antMatchers("/users/**").permitAll();
         http.authorizeRequests().antMatchers("/actuator/**").permitAll();
         http.authorizeRequests().antMatchers("/**")
-                .hasIpAddress("127.0.0.1")
+                .hasIpAddress("192.168.219.178")
                 .and()
                 .addFilter(getAuthenticationFilter());