diff --git a/src/main/java/mops/gruppen2/Security/SecurityConfig.java b/src/main/java/mops/gruppen2/Security/SecurityConfig.java
deleted file mode 100644
index eda62b3..0000000
--- a/src/main/java/mops/gruppen2/Security/SecurityConfig.java
+++ /dev/null
@@ -1,81 +0,0 @@
-package mops.gruppen2.Security;
-
-import org.keycloak.KeycloakPrincipal;
-import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents;
-import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
-import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
-import org.keycloak.representations.AccessToken;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.*;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
-import org.springframework.security.core.session.SessionRegistryImpl;
-import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
-import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
-import org.springframework.web.context.WebApplicationContext;
-import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;
-
-import javax.servlet.http.HttpServletRequest;
-
-@Configuration
-@EnableWebSecurity
-@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
-class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
-
-	@Autowired
-	public void configureGlobal(AuthenticationManagerBuilder auth) {
-		KeycloakAuthenticationProvider keycloakAuthenticationProvider
-				= keycloakAuthenticationProvider();
-		keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
-		auth.authenticationProvider(keycloakAuthenticationProvider);
-	}
-
-	@Bean
-	@Override
-	protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
-		return new RegisterSessionAuthenticationStrategy(
-				new SessionRegistryImpl());
-	}
-
-	@Bean
-	@Scope(scopeName = WebApplicationContext.SCOPE_REQUEST,
-			proxyMode = ScopedProxyMode.TARGET_CLASS)
-	public AccessToken getAccessToken() {
-		HttpServletRequest request =
-				((ServletRequestAttributes) RequestContextHolder
-						.currentRequestAttributes()).getRequest();
-		return ((KeycloakPrincipal) request.getUserPrincipal())
-				.getKeycloakSecurityContext().getToken();
-	}
-
-	@Override
-	protected void configure(HttpSecurity http) throws Exception {
-		super.configure(http);
-		http.authorizeRequests()
-				.antMatchers("/actuator/**")
-				.hasRole("monitoring")
-				.anyRequest()
-				.permitAll();
-	}
-
-	/**
-	 * Declaring this class enables us to use the Spring specific
-	 * {@link org.springframework.security.access.annotation.Secured} annotation
-	 * or the JSR-250 Java Standard
-	 * {@link javax.annotation.security.RolesAllowed} annotation
-	 * for Role-based authorization
-	 */
-	@Configuration
-	@EnableGlobalMethodSecurity(
-			prePostEnabled = true,
-			securedEnabled = true,
-			jsr250Enabled = true)
-	public static class MethodSecurityConfig
-			extends GlobalMethodSecurityConfiguration {
-	}
-}
\ No newline at end of file
diff --git a/src/main/java/mops/gruppen2/controllers/Gruppen2Controller.java b/src/main/java/mops/gruppen2/controllers/Gruppen2Controller.java
index 4a12d29..8c676e1 100644
--- a/src/main/java/mops/gruppen2/controllers/Gruppen2Controller.java
+++ b/src/main/java/mops/gruppen2/controllers/Gruppen2Controller.java
@@ -1,15 +1,24 @@
 package mops.gruppen2.controllers;
 
-import mops.gruppen2.Security.Account;
+import javax.annotation.security.RolesAllowed;
+import mops.gruppen2.security.Account;
 import org.keycloak.KeycloakPrincipal;
 import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
-import org.springframework.security.access.annotation.Secured;
+import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.context.annotation.SessionScope;
 
+@SessionScope
 @Controller
 public class Gruppen2Controller {
+    /**
+     * Creates an Account.
+     *
+     * @param token
+     * @return Account with current userdata
+     */
     private Account createAccountFromPrincipal(KeycloakAuthenticationToken token) {
         KeycloakPrincipal principal = (KeycloakPrincipal) token.getPrincipal();
         return new Account(
@@ -20,13 +29,17 @@ public class Gruppen2Controller {
                 token.getAccount().getRoles());
     }
 
+    /**
+     *
+     * @param token
+     * @param model
+     * @return index.html
+     */
     @GetMapping("/")
-    @Secured("ROLE_Orga")
+    @RolesAllowed({"ROLE_Orga", "ROLE_studentin", "ROLE_actuator)"})
     public String index(KeycloakAuthenticationToken token, Model model) {
         if (token != null) {
-
             model.addAttribute("account", createAccountFromPrincipal(token));
-
         }
         return "index";
     }
diff --git a/src/main/java/mops/gruppen2/Security/Account.java b/src/main/java/mops/gruppen2/security/Account.java
similarity index 90%
rename from src/main/java/mops/gruppen2/Security/Account.java
rename to src/main/java/mops/gruppen2/security/Account.java
index 3d1c77e..86b7ef2 100644
--- a/src/main/java/mops/gruppen2/Security/Account.java
+++ b/src/main/java/mops/gruppen2/security/Account.java
@@ -1,9 +1,8 @@
-package mops.gruppen2.Security;
-
-import lombok.AllArgsConstructor;
-import lombok.Getter;
+package mops.gruppen2.security;
 
 import java.util.Set;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
 
 @Getter
 @AllArgsConstructor
diff --git a/src/main/java/mops/gruppen2/Security/KeycloakConfig.java b/src/main/java/mops/gruppen2/security/KeycloakConfig.java
similarity index 65%
rename from src/main/java/mops/gruppen2/Security/KeycloakConfig.java
rename to src/main/java/mops/gruppen2/security/KeycloakConfig.java
index 58b951f..57032ab 100644
--- a/src/main/java/mops/gruppen2/Security/KeycloakConfig.java
+++ b/src/main/java/mops/gruppen2/security/KeycloakConfig.java
@@ -1,6 +1,5 @@
-package mops.gruppen2.Security;
+package mops.gruppen2.security;
 
-import mops.gruppen2.Security.SecurityConfig;
 import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -12,8 +11,8 @@ import org.springframework.context.annotation.Configuration;
 
 @Configuration
 public class KeycloakConfig {
-	@Bean
-	public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
-		return new KeycloakSpringBootConfigResolver();
-	}
+    @Bean
+    public KeycloakSpringBootConfigResolver keycloakConfigResolver() {
+        return new KeycloakSpringBootConfigResolver();
+    }
 }
\ No newline at end of file
diff --git a/src/main/java/mops/gruppen2/security/SecurityConfig.java b/src/main/java/mops/gruppen2/security/SecurityConfig.java
new file mode 100644
index 0000000..a12e3bd
--- /dev/null
+++ b/src/main/java/mops/gruppen2/security/SecurityConfig.java
@@ -0,0 +1,84 @@
+package mops.gruppen2.security;
+
+import javax.servlet.http.HttpServletRequest;
+import org.keycloak.KeycloakPrincipal;
+import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents;
+import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
+import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
+import org.keycloak.representations.AccessToken;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Scope;
+import org.springframework.context.annotation.ScopedProxyMode;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
+import org.springframework.security.core.session.SessionRegistryImpl;
+import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+@Configuration
+@EnableWebSecurity
+@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
+class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
+
+    @Autowired
+    public void configureGlobal(AuthenticationManagerBuilder auth) {
+        KeycloakAuthenticationProvider keycloakAuthenticationProvider
+                = keycloakAuthenticationProvider();
+        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
+        auth.authenticationProvider(keycloakAuthenticationProvider);
+    }
+
+    @Bean
+    @Override
+    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
+        return new RegisterSessionAuthenticationStrategy(
+                new SessionRegistryImpl());
+    }
+
+    @Bean
+    @Scope(scopeName = WebApplicationContext.SCOPE_REQUEST,
+            proxyMode = ScopedProxyMode.TARGET_CLASS)
+    public AccessToken getAccessToken() {
+        HttpServletRequest request =
+                ((ServletRequestAttributes) RequestContextHolder
+                        .currentRequestAttributes()).getRequest();
+        return ((KeycloakPrincipal) request.getUserPrincipal())
+                .getKeycloakSecurityContext().getToken();
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        super.configure(http);
+        http.authorizeRequests()
+                .antMatchers("/actuator/**")
+                .hasRole("monitoring")
+                .anyRequest()
+                .permitAll();
+    }
+
+    /**
+     * Declaring this class enables us to use the Spring specific
+     * {@link org.springframework.security.access.annotation.Secured} annotation
+     * or the JSR-250 Java Standard
+     * {@link javax.annotation.security.RolesAllowed} annotation
+     * for Role-based authorization.
+     **/
+    @Configuration
+    @EnableGlobalMethodSecurity(
+            prePostEnabled = true,
+            securedEnabled = true,
+            jsr250Enabled = true)
+    public static class MethodSecurityConfig
+            extends GlobalMethodSecurityConfiguration {
+    }
+}
\ No newline at end of file