diff --git a/src/Controller/SecurityController.php b/src/Controller/SecurityController.php
new file mode 100644
index 0000000..082a7af
--- /dev/null
+++ b/src/Controller/SecurityController.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace App\Controller;
+
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Attribute\Route;
+
+class SecurityController extends AbstractController
+{
+    #[Route('/login', name: 'app_login')]
+    public function index(): Response
+    {
+        return $this->json([
+            $this->getUser()?->getId() ?? null
+        ]);
+    }
+}
diff --git a/src/Entity/Building.php b/src/Entity/Building.php
index 0d7cb22..3f904d7 100644
--- a/src/Entity/Building.php
+++ b/src/Entity/Building.php
@@ -16,8 +16,7 @@ use Symfony\Component\Serializer\Attribute\Groups;
     operations: [
         new Get(normalizationContext: ['groups' => 'building:item']),
         new GetCollection(normalizationContext: ['groups' => 'building:list']),
-        // TODO Security!!
-        new Post(),
+        new Post(security: "is_granted('ROLE_USER')"),
     ],
     order: ['name' => 'DESC'],
     paginationEnabled: false,