diff --git a/development.ini b/development.ini
index 5247249..ad476fa 100644
--- a/development.ini
+++ b/development.ini
@@ -6,8 +6,9 @@ pyramid.debug_authorization = false
 pyramid.debug_notfound = false
 pyramid.debug_routematch = false
 pyramid.default_locale_name = en
-pyramid.includes =
-    pyramid_tm
+#pyramid.includes = pyramid_tm
+
+rest_url = http://api.brlight.net/api
 
 [server:main]
 use = egg:waitress#main
@@ -46,5 +47,3 @@ formatter = generic
 [formatter_generic]
 format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s
 
-[lbgenerator]
-rest_url = http://api.brlight.net/api
diff --git a/wscacicneo/__init__.py b/wscacicneo/__init__.py
index 1093ee4..e12ba16 100644
--- a/wscacicneo/__init__.py
+++ b/wscacicneo/__init__.py
@@ -1,89 +1,85 @@
 #!/usr/env python
 # -*- coding: utf-8 -*-
-import os
-import configparser
-from pyramid.config import Configurator
 
+from wscacicneo import config
+from pyramid.authentication import AuthTktAuthenticationPolicy
+from pyramid.authorization import ACLAuthorizationPolicy
+from pyramid.config import Configurator
 
-config = configparser.ConfigParser()
-here = os.path.abspath(os.path.dirname(__file__))
-config_file = os.path.join(here, '../development.ini')
-config.read(config_file)
-
-
-class WSCacicNeo(object):
-    """
-    Classe genérica com os parâmetros de configuração
-    """
-    def __init__(self):
-        """
-        Método construtor
-        """
-        self.rest_url = config.get('lbgenerator', 'rest_url')
 
 
 def main(global_config, **settings):
     """ This function returns a Pyramid WSGI application.
     """
-    config = Configurator(settings=settings)
-    config.include('pyramid_chameleon')
-    config.add_static_view('static', 'static', cache_max_age=3600)
-    config.add_route('master', 'master')
-    config.add_route('blankmaster', 'blankmaster')
-    config.add_route('root', '/')
+    
+    config.setup(settings)
+    from wscacicneo.security import groupfinder
+    authn_policy = AuthTktAuthenticationPolicy(
+    'sosecret', callback=groupfinder, hashalg='sha512')
+    authz_policy = ACLAuthorizationPolicy()
+    cfg = Configurator(settings=settings, root_factory='wscacicneo.models.RootFactory')
+    cfg.set_authentication_policy(authn_policy)
+    cfg.set_authorization_policy(authz_policy)
+    
+    cfg.include('pyramid_chameleon')
+    cfg.add_static_view('static', 'static', cache_max_age=3600)
+    cfg.add_route('master', 'master')
+    cfg.add_route('blankmaster', 'blankmaster')
+    cfg.add_route('root', '/')
 
-    config.add_route('home', 'home')
-    config.add_route('graficop', 'graficop')
-    config.add_route('notifications', 'notifications')
-    config.add_route('admin', 'admin')
-    config.add_route('proc', 'proc')
-    config.add_route('sistema', 'sistema')
-    #Órgão
-    config.add_route('orgao', 'orgao/cadastro')
-    config.add_route('post_orgao', 'post_orgao')
-    config.add_route('put_orgao', 'put_orgao')
-    config.add_route('editorgao', 'orgao/editar/{sigla}')
-    config.add_route('listorgao', 'orgao/lista')
-    config.add_route('delete_orgao', 'orgao/delete/{sigla}')
-    config.add_route('base_de_dados', 'orgao/base/{sigla}')
+    cfg.add_route('home', 'home')
+    cfg.add_route('graficop', 'graficop')
+    cfg.add_route('notifications', 'notifications')
+    cfg.add_route('admin', 'admin')
+    cfg.add_route('proc', 'proc')
+    cfg.add_route('sistema', 'sistema')
+    cfg
+    cfg.add_route('orgao', 'orgao/cadastro')
+    cfg.add_route('post_orgao', 'post_orgao')
+    cfg.add_route('put_orgao', 'put_orgao')
+    cfg.add_route('editorgao', 'orgao/editar/{sigla}')
+    cfg.add_route('listorgao', 'orgao/lista')
+    cfg.add_route('delete_orgao', 'orgao/delete/{sigla}')
+    cfg.add_route('base_de_dados', 'orgao/base/{sigla}')
     #
-    #Usuários
-    config.add_route('user', 'usuario/cadastro')
-    config.add_route('post_user', 'post_user')
-    config.add_route('put_user', 'put_user')
-    config.add_route('edituser', 'usuario/editar/{matricula}')
-    config.add_route('favoritos', 'usuario/favoritos/{matricula}')
-    config.add_route('edit_favoritos', 'edit_favoritos')
-    config.add_route('listuser', 'usuario/lista')
-    config.add_route('delete_user', 'usuario/delete/{matricula}')
+    
+    cfg.add_route('user', 'usuario/cadastro')
+    cfg.add_route('post_user', 'post_user')
+    cfg.add_route('put_user', 'put_user')
+    cfg.add_route('edituser', 'usuario/editar/{matricula}')
+    cfg.add_route('favoritos', 'usuario/favoritos/{matricula}')
+    cfg.add_route('edit_favoritos', 'edit_favoritos')
+    cfg.add_route('listuser', 'usuario/lista')
+    cfg.add_route('delete_user', 'usuario/delete/{matricula}')
     #
-    config.add_route('list', 'list')
-    config.add_route('gestao', 'gestao')
-    config.add_route('memoria', 'memoria')
-    config.add_route('basico', 'basico')
-    config.add_route('rede', 'rede')
-    config.add_route('escritorio', 'escritorio')
-    config.add_route('hd', 'hd')
-    config.add_route('config', 'config')
-    config.add_route('bot', 'bot')
-    config.add_route('login', 'login')
-    config.add_route('reports', 'reports')
-    config.add_route('computador', 'computador')
-    config.add_route('busca', 'busca')
-    config.add_route('gestor', 'gestor')
-    config.add_route('diagnostic', 'diagnostic')
-    config.add_route('cadastro', 'cadastro')
-    config.add_route('sobre', 'sobre')
-    config.add_route('perfil', 'perfil')
-    config.add_route('configapi','configapi')
-    config.add_route('notify','notify')
-    config.add_route('processador','processador')
-    config.add_route('configcoleta','configcoleta')
-    config.add_route('configfav','configfav')
-    config.add_route('reportsgestor','reportsgestor')
-    config.add_route('questionarcoleta','questionarcoleta')
-    config.add_route('confighome','confighome')
-    config.add_route('db','db')
-    config.scan()
-    return config.make_wsgi_app()
-
+    cfg.add_route('list', 'list')
+    cfg.add_route('gestao', 'gestao')
+    cfg.add_route('memoria', 'memoria')
+    cfg.add_route('basico', 'basico')
+    cfg.add_route('rede', 'rede')
+    cfg.add_route('escritorio', 'escritorio')
+    cfg.add_route('hd', 'hd')
+    cfg.add_route('config', 'config')
+    cfg.add_route('bot', 'bot')
+    cfg.add_route('login', 'login')
+    cfg.add_route('loginautentication', 'loginautentication')
+    cfg.add_route('logout', 'logout')
+    cfg.add_route('reports', 'reports')
+    cfg.add_route('computador', 'computador')
+    cfg.add_route('busca', 'busca')
+    cfg.add_route('gestor', 'gestor')
+    cfg.add_route('diagnostic', 'diagnostic')
+    cfg.add_route('cadastro', 'cadastro')
+    cfg.add_route('sobre', 'sobre')
+    cfg.add_route('perfil', 'perfil')
+    cfg.add_route('configapi','configapi')
+    cfg.add_route('notify','notify')
+    cfg.add_route('processador','processador')
+    cfg.add_route('configcoleta','configcoleta')
+    cfg.add_route('configfav','configfav')
+    cfg.add_route('reportsgestor','reportsgestor')
+    cfg.add_route('questionarcoleta','questionarcoleta')
+    cfg.add_route('confighome','confighome')
+    cfg.add_route('db','db')
+    cfg.scan()
+    return cfg.make_wsgi_app()
diff --git a/wscacicneo/config/__init__.py b/wscacicneo/config/__init__.py
new file mode 100644
index 0000000..4a82d98
--- /dev/null
+++ b/wscacicneo/config/__init__.py
@@ -0,0 +1,13 @@
+import os
+import configparser
+
+def setup(settings):
+
+	# config = configparser.ConfigParser()
+	# here = os.path.abspath(os.path.dirname(__file__))
+	# config_file = os.path.join(here, '../../development.ini')
+	# config.read(config_file)
+
+	global REST_URL
+	REST_URL = settings['rest_url']
+
diff --git a/wscacicneo/model/orgao.py b/wscacicneo/model/orgao.py
index aead990..8e36f1e 100644
--- a/wscacicneo/model/orgao.py
+++ b/wscacicneo/model/orgao.py
@@ -3,7 +3,7 @@
 __author__ = 'macieski'
 
 from requests.exceptions import HTTPError
-from wscacicneo import WSCacicNeo
+from wscacicneo import config
 import logging
 from liblightbase.lbbase.struct import Base, BaseMetadata
 from liblightbase.lbbase.lbstruct.group import *
@@ -16,7 +16,7 @@ from liblightbase.lbsearch.search import Search, OrderBy
 
 log = logging.getLogger()
 
-class OrgaoBase(WSCacicNeo):
+class OrgaoBase():
     """
     Classe para a base de órgãos
     """
@@ -24,7 +24,7 @@ class OrgaoBase(WSCacicNeo):
         """
         Método construtor
         """
-        WSCacicNeo.__init__(self)
+        self.rest_url= config.REST_URL
         self.baserest = BaseREST(rest_url=self.rest_url, response_object=True)
         self.documentrest = DocumentREST(rest_url=self.rest_url,
                 base=self.lbbase, response_object=False)
diff --git a/wscacicneo/model/user.py b/wscacicneo/model/user.py
index 4f94034..129a49c 100644
--- a/wscacicneo/model/user.py
+++ b/wscacicneo/model/user.py
@@ -3,7 +3,7 @@
 __author__ = 'adley'
 
 from requests.exceptions import HTTPError
-from wscacicneo import WSCacicNeo
+from wscacicneo import config
 import logging
 from liblightbase.lbbase.struct import Base, BaseMetadata
 from liblightbase.lbbase.lbstruct.group import *
@@ -16,7 +16,7 @@ from liblightbase.lbsearch.search import Search, OrderBy
 
 log = logging.getLogger()
 
-class UserBase(WSCacicNeo):
+class UserBase():
     """
     Classe para a base de usuários
     """
@@ -24,7 +24,7 @@ class UserBase(WSCacicNeo):
         """
         Método construtor
         """
-        WSCacicNeo.__init__(self)
+        self.rest_url = config.REST_URL
         self.baserest = BaseREST(rest_url=self.rest_url, response_object=True)
         self.documentrest = DocumentREST(rest_url=self.rest_url,
                 base=self.lbbase, response_object=False)
@@ -179,7 +179,6 @@ class UserBase(WSCacicNeo):
         Cria base no LB
         """
         response = self.baserest.create(self.lbbase)
-        #print(response.status_code)
         if response.status_code == 200:
             return self.lbbase
         else:
@@ -293,3 +292,15 @@ class User(user_base.metaclass):
         results = self.documentrest.delete_path(id, path)
 
         return results
+
+    def search_user_by_email(self, email):
+        """
+        Busca registro completo do usuário pelo email
+        :return: obj collection com os dados da base
+        """
+        search = Search(
+            literal="document->>'email' = '"+email+"'"
+        )
+        results = self.documentrest.get_collection(search_obj=search)
+
+        return results
\ No newline at end of file
diff --git a/wscacicneo/models.py b/wscacicneo/models.py
index 0a02e58..5374974 100644
--- a/wscacicneo/models.py
+++ b/wscacicneo/models.py
@@ -12,6 +12,11 @@ from sqlalchemy.orm import (
 
 from zope.sqlalchemy import ZopeTransactionExtension
 
+from pyramid.security import (
+    Allow,
+    Everyone,
+    )
+
 DBSession = scoped_session(sessionmaker(extension=ZopeTransactionExtension()))
 Base = declarative_base()
 
@@ -58,3 +63,9 @@ so = Table('so', Base.metadata,
                 )
 
 mapper(SistemaOperacional, so)
+
+class RootFactory(object):
+    __acl__ = [ (Allow, Everyone, 'view'),
+                (Allow, 'Administrador', 'edit') ]
+    def __init__(self, request):
+        pass
\ No newline at end of file
diff --git a/wscacicneo/security.py b/wscacicneo/security.py
new file mode 100644
index 0000000..8e3ae05
--- /dev/null
+++ b/wscacicneo/security.py
@@ -0,0 +1,23 @@
+# # 1. carregar usuário da sessão
+# # 2. carregar objeto usuário
+# # 3. pegar grupo do usuário
+
+from wscacicneo.model.user import User
+
+
+def groupfinder(userid, request):
+    user_obj = User(
+        nome = 'asdasd',
+        matricula = 'asdasd',
+        email = 'asdsad',
+        orgao = 'asdsad',
+        telefone = 'sdasd',
+        cargo = 'asdasdasd',
+        setor = 'asdasd',
+        permissao = 'asdasd',
+        senha = 'sadasdasd',
+        favoritos = ['asdasdasdasd']
+    )
+    usuario = user_obj.search_user_by_email(userid)
+    permissao = usuario.results[0].permissao
+    return [permissao]
\ No newline at end of file
diff --git a/wscacicneo/templates/login.pt b/wscacicneo/templates/login.pt
index 88579e6..35f1e01 100644
--- a/wscacicneo/templates/login.pt
+++ b/wscacicneo/templates/login.pt
@@ -1,7 +1,26 @@
 <metal:main use-macro="load: master.pt">
- <!-- Insere JavaScript -->
- <script metal:fill-slot="javascript" type="text/javascript" src="static/login.js"></script>
-
- <div metal:fill-slot="conteudo" id="widgets"></div>
+  <metal:content fill-slot="conteudo">
+        <div class="padd">
+            <br />
+            <!-- Form starts.  -->
+             <form action="${url}" class="form-horizontal" method="post">
+                <input type="hidden" name="came_from" value="${came_from}"/>
+                <div class="form-group">
+                  <label class="col-lg-2 control-label">E-mail</label>
+                  <div class="col-lg-5">
+                    <input type="text" name="email" id="email" value="${email}" class="form-control" /><br/>
+                  </div>
+                </div>
+                <div class="form-group">
+                  <label class="col-lg-2 control-label">Senha</label>
+                  <div class="col-lg-5">
+                    <input  type="password" name="senha" id="senha" value="${senha}" class="form-control"/><br/>
+                  </div>
+                </div>
+                  <div class="col-lg-offset-2 col-lg-6">
+                    <input type="submit" name="form.submitted" class="btn btn-sm" value="Acesar"/>
+                  </div>
+            </form>
+  </metal:content>
 </metal:main>
-
+    
\ No newline at end of file
diff --git a/wscacicneo/templates/master.pt b/wscacicneo/templates/master.pt
index adc4b2a..c6f6323 100644
--- a/wscacicneo/templates/master.pt
+++ b/wscacicneo/templates/master.pt
@@ -31,13 +31,12 @@
 						<ul class="nav navbar-nav pull-right">
 							<li class="dropdown pull-right">            
 								<a data-toggle="dropdown" class="dropdown-toggle" href="#">
-									<i class="fa fa-user"></i> Admin <b class="caret"></b>              
+									<i class="fa fa-user"></i> Usuário <b class="caret"></b>              
 								</a>
 								<!-- Dropdown menu -->
 								<ul class="dropdown-menu">
-									<li><a href="#"><i class="fa fa-user"></i> Profile</a></li>
-									<li><a href="#"><i class="fa fa-cogs"></i> Settings</a></li>
-									<li><a href="login.html"><i class="fa fa-sign-out"></i> Logout</a></li>
+									<li><a href="${request.route_url('root')}login"><i class="fa fa-user"></i> Login </a></li>
+									<li><a href="${request.route_url('root')}logout"><i class="fa fa-sign-out"></i> Logout</a></li>
 								</ul>
 							</li>
 						</ul>
diff --git a/wscacicneo/views.py b/wscacicneo/views.py
index ba71ce5..c674584 100644
--- a/wscacicneo/views.py
+++ b/wscacicneo/views.py
@@ -17,7 +17,12 @@ from wscacicneo.model.user import UserBase
 from liblightbase.lbbase.struct import Base
 from liblightbase.lbutils import conv
 from liblightbase.lbrest.document import DocumentREST
+from pyramid.view import forbidden_view_config
 
+from pyramid.security import (
+    remember,
+    forget,
+    )
 
 engine = create_engine('postgresql://rest:rest@localhost/cacic')
 REST_URL = 'http://api.brlight.net/api'
@@ -73,18 +78,10 @@ def admin(request):
 def diagnostic(request):
     return {'project': 'WSCacicNeo'}
 
-@view_config(route_name='user', renderer='templates/user.pt')
-def user(request):
-    return {'project': 'WSCacicNeo'}
-
 @view_config(route_name='cadastro', renderer='templates/cadastro.pt')
 def cadastro(request):
     return {'project': 'WSCacicNeo'}
 
-@view_config(route_name='login', renderer='templates/login.pt')
-def login(request):
-    return {'project': 'WSCacicNeo'}
-
 @view_config(route_name='orgao', renderer='templates/orgao.pt')
 def orgao(request):
     return {'project': 'WSCacicNeo'}
@@ -226,7 +223,6 @@ def post_orgao(request):
     )
 
     id_doc = orgao_obj.create_orgao()
-    print(id_doc)
 
     return Response(str(id_doc))
 
@@ -289,6 +285,10 @@ def delete_orgao(request):
 
 #URL Users
 
+@view_config(route_name='user', renderer='templates/user.pt', permission='edit')
+def user(request):
+    return {'project': 'WSCacicNeo'}
+
 @view_config(route_name='post_user')
 def post_user(request):
     """
@@ -302,7 +302,7 @@ def post_user(request):
     if(email_is_institucional):
         document = doc['favoritos']
         favoritos = [document]
-        itens = [doc['lista_orgao'], doc['cadastro_orgao'], doc['lista_user'], doc['cadastro_user'], doc['relatorios'], doc['coleta'], doc['notify']]
+        itens = [doc['lista_orgao'], doc['cadastro_orgao'], doc['lista_user'], doc['cadastro_user'], doc['coleta'], doc['notify']]
         user_obj = User(
             nome = doc['nome'],
             matricula = doc['matricula'],
@@ -316,15 +316,13 @@ def post_user(request):
             favoritos = favoritos,
             itens = itens
         )
-        print(user_obj)
         id_doc = user_obj.create_user()
-        print(id_doc)
 
         return Response(str(id_doc))
     else:
         return {"yololo":"yololo"}
 
-@view_config(route_name='edituser', renderer='templates/editaruser.pt')
+@view_config(route_name='edituser', renderer='templates/editaruser.pt', permission="edit")
 def edituser(request):
     matricula = request.matchdict['matricula']
     user_obj = User(
@@ -387,7 +385,7 @@ def put_user(request):
 
     return Response(edit)
 
-@view_config(route_name='listuser', renderer='templates/list_user.pt')
+@view_config(route_name='listuser', renderer='templates/list_user.pt', permission="view")
 def listuser(request):
     user_obj = User(
         nome = 'asdasd',
@@ -466,3 +464,49 @@ def edit_favoritos(request):
 
     return Response(edit)
 
+@view_config(route_name='login', renderer='templates/login.pt')
+@forbidden_view_config(renderer='templates/login.pt')
+def login(request):
+    user_obj = User(
+        nome = 'asdasd',
+        matricula = 'asdasd',
+        email = 'asdsad',
+        orgao = 'asdsad',
+        telefone = 'sdasd',
+        cargo = 'asdasdasd',
+        setor = 'asdasd',
+        permissao = 'asdasd',
+        senha = 'sadasdasd',
+        favoritos = ['asdasdasdasd']
+    )
+    login_url = request.route_url('login')
+    referrer = request.url
+    if referrer == login_url:
+        referrer = request.route_url('root') + 'home' # never use the login form itself as came_from
+    came_from = request.params.get('came_from', referrer)
+    message = ''
+    email = ''
+    senha = ''
+    if 'form.submitted' in request.params:
+        email = request.params['email']
+        senha = request.params['senha']
+        usuario = user_obj.search_user_by_email(email)
+        if usuario.results[0].senha == senha:
+            headers = remember(request, email)
+            return HTTPFound(location = came_from,
+                             headers = headers)
+        message = 'Failed login'
+
+    return dict(
+        message = message,
+        url = request.application_url + '/login',
+        came_from = came_from,
+        email = email,
+        senha = senha,
+        )
+
+@view_config(route_name='logout')
+def logout(request):
+    headers = forget(request)
+    return HTTPFound(location = request.route_url('login'),
+                     headers = headers)
\ No newline at end of file
--
libgit2 0.21.2