diff --git a/api/src/main/java/lab/en2b/quizapi/auth/config/SecurityConfig.java b/api/src/main/java/lab/en2b/quizapi/auth/config/SecurityConfig.java
index 85379e4c..321fb182 100644
--- a/api/src/main/java/lab/en2b/quizapi/auth/config/SecurityConfig.java
+++ b/api/src/main/java/lab/en2b/quizapi/auth/config/SecurityConfig.java
@@ -1,5 +1,6 @@
 package lab.en2b.quizapi.auth.config;
 
+import lab.en2b.quizapi.auth.jwt.JwtAuthFilter;
 import lab.en2b.quizapi.commons.user.UserService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -16,6 +17,7 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;
@@ -27,6 +29,10 @@ public class SecurityConfig {
     @Autowired
     public UserService userService;
     @Bean
+    public JwtAuthFilter authenticationJwtTokenFilter() {
+        return new JwtAuthFilter();
+    }
+    @Bean
     public PasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
     }
@@ -58,6 +64,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http, Authentication
                         .anyRequest().authenticated())
                 .csrf(AbstractHttpConfigurer::disable)
                 .authenticationManager(authenticationManager)
+                .addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class)
                 .build();
         //TODO: add exception handling
     }
diff --git a/api/src/main/java/lab/en2b/quizapi/commons/user/User.java b/api/src/main/java/lab/en2b/quizapi/commons/user/User.java
index d6f041cb..56d64935 100644
--- a/api/src/main/java/lab/en2b/quizapi/commons/user/User.java
+++ b/api/src/main/java/lab/en2b/quizapi/commons/user/User.java
@@ -56,7 +56,7 @@ public class User {
     private Instant refreshExpiration;
 
     @NotNull
-    @ManyToMany
+    @ManyToMany(fetch = FetchType.EAGER)
     @JoinTable(name="users_roles",
             joinColumns=
             @JoinColumn(name="user_id", referencedColumnName="id"),
diff --git a/api/src/main/java/lab/en2b/quizapi/questions/question/QuestionController.java b/api/src/main/java/lab/en2b/quizapi/questions/question/QuestionController.java
new file mode 100644
index 00000000..1c1e7127
--- /dev/null
+++ b/api/src/main/java/lab/en2b/quizapi/questions/question/QuestionController.java
@@ -0,0 +1,14 @@
+package lab.en2b.quizapi.questions.question;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/questions")
+public class QuestionController {
+    @GetMapping("/dummy")
+    private String getDummyQuestion(){
+        return "Who the hell is Steve Jobs?";
+    }
+}