2. Add authorization checks 3. Handle exceptions ( controller advice, exception package) 4. Login-logout operations bug fixes