diff --git a/demo-client-app/src/App.js b/demo-client-app/src/App.js
index d965210..3caf61b 100644
--- a/demo-client-app/src/App.js
+++ b/demo-client-app/src/App.js
@@ -28,9 +28,10 @@ const connect = async (token) => {
   stomp = Stomp.over(sock);
 
   // disable stomp logging
-  stomp.debug = (msg) => {}
+  stomp.debug = (msg) => {};
 
   stomp.connect(
+    // { "X-Authorization": token.split(".").slice(0, 2).join(".") + "alkdjalskdjals" },
     { "X-Authorization": token },
     (frame) => {
       console.log("Connected", frame);
diff --git a/demo-resource-server/src/main/java/ru/digitalbanana/demoresourceserver/config/WebSocketConfig.java b/demo-resource-server/src/main/java/ru/digitalbanana/demoresourceserver/config/WebSocketConfig.java
index e979322..8a37ccc 100644
--- a/demo-resource-server/src/main/java/ru/digitalbanana/demoresourceserver/config/WebSocketConfig.java
+++ b/demo-resource-server/src/main/java/ru/digitalbanana/demoresourceserver/config/WebSocketConfig.java
@@ -4,6 +4,8 @@ import java.util.List;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
 import org.springframework.messaging.Message;
 import org.springframework.messaging.MessageChannel;
 import org.springframework.messaging.simp.config.ChannelRegistration;
@@ -25,6 +27,7 @@ import org.springframework.web.socket.config.annotation.WebSocketTransportRegist
  * Created by dima on 8/12/16.
  */
 @Configuration
+@Order(Ordered.HIGHEST_PRECEDENCE + 99)
 @EnableWebSocketMessageBroker
 public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
 
@@ -40,6 +43,10 @@ public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
                         MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);
                 if (StompCommand.CONNECT.equals(accessor.getCommand())) {
                     List<String> authorization = accessor.getNativeHeader("X-Authorization");
+
+                    if (authorization == null || authorization.isEmpty()) {
+                        return null;
+                    }
     
                     String accessToken = authorization.get(0);
                     Jwt jwt = jwtDecoder.decode(accessToken);
diff --git a/demo-resource-server/src/main/java/ru/digitalbanana/demoresourceserver/config/WebSocketSecurityConfig.java b/demo-resource-server/src/main/java/ru/digitalbanana/demoresourceserver/config/WebSocketSecurityConfig.java
new file mode 100644
index 0000000..63bc3ef
--- /dev/null
+++ b/demo-resource-server/src/main/java/ru/digitalbanana/demoresourceserver/config/WebSocketSecurityConfig.java
@@ -0,0 +1,22 @@
+package ru.digitalbanana.demoresourceserver.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry;
+import org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer;
+
+/**
+ * Simple web socket security Created by dima on 8/13/16.
+ */
+@Configuration
+public class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
+    
+    @Override
+    protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
+        messages.anyMessage().authenticated();
+    }
+
+    @Override
+    protected boolean sameOriginDisabled() {
+        return true;
+    }
+}