diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java
index a8c6f14..9fbd2c9 100644
--- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java
+++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java
@@ -1,9 +1,11 @@
 package io.bluemoon.authorizationserver.config;
 
+import io.bluemoon.authorizationserver.domain.social.ClientResources;
 import io.bluemoon.authorizationserver.service.user.CustomUserDetailsServiceImpl;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.autoconfigure.security.SecurityProperties;
+import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
@@ -11,15 +13,20 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.oauth2.client.OAuth2ClientContext;
 import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+import org.springframework.security.web.csrf.CsrfFilter;
+import org.springframework.web.filter.CharacterEncodingFilter;
 
 import javax.servlet.Filter;
 
 @Configuration
+@EnableWebSecurity
 //@Order(SecurityProperties.BASIC_AUTH_ORDER - 6)
 @EnableOAuth2Client
 @Order(-1)
@@ -27,12 +34,15 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     private CustomUserDetailsServiceImpl customUserDetailsService;
 
+    @Qualifier("oauth2ClientContext")
+    @Autowired
+    private OAuth2ClientContext oAuth2ClientContext;
+
     public WebSecurityConfig(
             CustomUserDetailsServiceImpl customUserDetailsService
     ) {
         this.customUserDetailsService = customUserDetailsService;
     }
-
     /**
      * authentication processing
      * if success -> Authentication in info object return
@@ -49,11 +59,32 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        http.formLogin().loginPage("/login").permitAll()
-                .and()
-                .requestMatchers().antMatchers("/login", "/logout", "/oauth/authorize", "/oauth/confirm_access")
-                .and()
-                .authorizeRequests().anyRequest().authenticated();
+        CharacterEncodingFilter filter = new CharacterEncodingFilter();
+        http
+            .authorizeRequests()
+                .antMatchers("/", "/login/**", "/css/**", "/images/**", "/js/**",
+                        "/console/**").permitAll()
+                .anyRequest().authenticated()
+            .and()
+                .headers().frameOptions().disable()
+            .and()
+                .exceptionHandling()
+                .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
+            .and()
+                .formLogin().loginPage("/login")
+            .and()
+                .logout()
+                .logoutUrl("/logout")
+                .deleteCookies("JSESSSIONID")
+                .invalidateHttpSession(true)
+            .and()
+                .addFilterBefore(filter, CsrfFilter.class)
+                .csrf().disable();
+//        http.formLogin().loginPage("/login").permitAll()
+//                .and()
+//                .requestMatchers().antMatchers("/login", "/logout", "/oauth/authorize", "/oauth/confirm_access")
+//                .and()
+//                .authorizeRequests().anyRequest().authenticated();
 
     }
 
@@ -88,4 +119,14 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
         return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
     }
 
+
+    // social login
+
+
+    @Bean
+    @ConfigurationProperties("facebook")
+    public ClientResources facebook() {
+        return new ClientResources();
+    }
+
 }
diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/social/ClientResources.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/social/ClientResources.java
new file mode 100644
index 0000000..d49fe99
--- /dev/null
+++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/social/ClientResources.java
@@ -0,0 +1,22 @@
+package io.bluemoon.authorizationserver.domain.social;
+
+import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
+import org.springframework.boot.context.properties.NestedConfigurationProperty;
+import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
+
+public class ClientResources {
+
+    @NestedConfigurationProperty
+    private AuthorizationCodeResourceDetails client = new AuthorizationCodeResourceDetails();
+
+    @NestedConfigurationProperty
+    private ResourceServerProperties resource = new ResourceServerProperties();
+
+    public AuthorizationCodeResourceDetails getClient() {
+        return client;
+    }
+
+    private ResourceServerProperties getResource() {
+        return resource;
+    }
+}
diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/social/SocialType.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/social/SocialType.java
new file mode 100644
index 0000000..84e57fb
--- /dev/null
+++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/social/SocialType.java
@@ -0,0 +1,29 @@
+package io.bluemoon.authorizationserver.domain.social;
+
+import lombok.Getter;
+
+public enum  SocialType {
+    FACEBOOK("facebook"),
+    GOOGLE("google"),
+    KAKAO("kakao");
+
+    private final String ROLE_PREFIX = "ROLE_";
+
+    private String name;
+
+    SocialType(String name) {
+        this.name = name;
+    }
+
+    public String getRoleType() {
+        return ROLE_PREFIX + name.toUpperCase();
+    }
+
+    public String getVaule() {
+        return name;
+    }
+
+    public boolean isEquals(String authority) {
+        return this.getRoleType().equals(authority);
+    }
+}
diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/User.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/User.java
index c837572..040deab 100644
--- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/User.java
+++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/User.java
@@ -1,28 +1,63 @@
 package io.bluemoon.authorizationserver.domain.user;
 
+import io.bluemoon.authorizationserver.domain.social.SocialType;
+import lombok.Builder;
 import lombok.Data;
+import lombok.NoArgsConstructor;
 
 import javax.persistence.*;
+import java.time.LocalDateTime;
 import java.util.Date;
 
 @Entity
 @Data
+@NoArgsConstructor
 public class User {
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     private Long id;
 
-    @Column(length = 20, nullable = false, unique = true)
-    private String userName;
+    @Column
+    private String username;
 
-    @Column(length = 100, nullable = false)
+    @Column
     private String password;
 
-    //1:수퍼관리자, 2:관리자, 3:사용자
-    @Column(length = 1, nullable = false)
-    private String userType;
+    @Column
+    private String email;
 
-    @Column(nullable = false)
-    @Temporal(TemporalType.TIMESTAMP)
-    private Date regDate = new Date();
+    @Column
+    private String principal;
+
+    @Column
+    @Enumerated(EnumType.STRING)
+    private SocialType socialType;
+
+    @Column
+    private LocalDateTime createdAt;
+
+    @Column
+    private LocalDateTime updatedAt;
+
+
+
+//    //1:수퍼관리자, 2:관리자, 3:사용자
+//    @Column
+//    private String userType;
+
+//    @Column
+//    @Temporal(TemporalType.TIMESTAMP)
+//    private Date regDate = new Date();
+
+    @Builder
+    public User(String username, String password, String email, String principal,
+                SocialType socialType, LocalDateTime createdAt, LocalDateTime updatedAt) {
+        this.username = username;
+        this.password = password;
+        this.email = email;
+        this.principal = principal;
+        this.socialType = socialType;
+        this.createdAt = createdAt;
+        this.updatedAt = updatedAt;
+    }
 }