diff --git a/src/main/java/com/controllers/ClienteController.java b/src/main/java/com/controllers/ClienteController.java
index 5c45593..7f0e781 100644
--- a/src/main/java/com/controllers/ClienteController.java
+++ b/src/main/java/com/controllers/ClienteController.java
@@ -11,6 +11,7 @@
 import java.util.Collection;
 import java.util.Map;
 
+import javax.servlet.http.HttpServletRequest;
 import javax.validation.Valid;
 
 
@@ -23,11 +24,13 @@
 import org.springframework.data.domain.Pageable;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.validation.BindingResult;
@@ -63,6 +66,7 @@ public ResponseEntity<Resource> verFoto(@PathVariable String filename) {
 				.body(recurso);
 	}
 
+	@Secured({"ROLE_USER"})
 	@GetMapping(value = "/ver/{id}")
 	public String ver(@PathVariable(value = "id") Long id, Map<String, Object> model, RedirectAttributes flash) {
 //		Optional<Cliente> cl = clienteService.findById(id);
@@ -78,7 +82,7 @@ public String ver(@PathVariable(value = "id") Long id, Map<String, Object> model
 	}
 
 	@RequestMapping(value = {"/listar","/"}, method = RequestMethod.GET)
-	public String listar(@RequestParam(name="page", defaultValue="0") int page, Model model, Authentication authentication) {
+	public String listar(@RequestParam(name="page", defaultValue="0") int page, Model model, Authentication authentication, HttpServletRequest request) {
 
 		if (authentication != null){
 			logger.info("Hola usuario autenticado, tu username es: ".concat(authentication.getName()));
@@ -90,12 +94,29 @@ public String listar(@RequestParam(name="page", defaultValue="0") int page, Mode
 			logger.info("Utilizando forma estática SecurityContextHolder.getContext().getAuthentication(): Usuario autenticado: ".concat(auth.getName()));
 		}
 
+		// 1er forma
 		if(hasRole("ROLE_ADMIN")) {
 			logger.info("Hola ".concat(auth.getName()).concat(" tienes acceso!"));
 		} else {
 			logger.info("Hola ".concat(auth.getName()).concat(" NO tienes acceso!"));
 		}
 
+		//2da forma
+		SecurityContextHolderAwareRequestWrapper securityContext = new SecurityContextHolderAwareRequestWrapper(request, "");
+
+		if(securityContext.isUserInRole("ROLE_ADMIN")) {
+			logger.info("Forma usando SecurityContextHolderAwareRequestWrapper: Hola ".concat(auth.getName()).concat(" tienes acceso!"));
+		} else {
+			logger.info("Forma usando SecurityContextHolderAwareRequestWrapper: Hola ".concat(auth.getName()).concat(" NO tienes acceso!"));
+		}
+
+		//3era forma
+		if(request.isUserInRole("ROLE_ADMIN")) {
+			logger.info("Forma usando HttpServletRequest: Hola ".concat(auth.getName()).concat(" tienes acceso!"));
+		} else {
+			logger.info("Forma usando HttpServletRequest: Hola ".concat(auth.getName()).concat(" NO tienes acceso!"));
+		}
+
 		Pageable pageRequest = PageRequest.of(page, 4); //spring 5
 		Page<Cliente> clientes = clienteService.findAll(pageRequest);
 		PageRender<Cliente> pageRender = new PageRender<Cliente>("/listar", clientes);
@@ -107,6 +128,7 @@ public String listar(@RequestParam(name="page", defaultValue="0") int page, Mode
 		return "listar";
 	}
 
+	@Secured("ROLE_ADMIN")
 	@RequestMapping(value = "/form")
 	public String crear(Map<String, Object> model) {
 		Cliente cliente = new Cliente();
@@ -114,7 +136,8 @@ public String crear(Map<String, Object> model) {
 		model.put("titulo", "Crear Cliente");
 		return "form";
 	}
-	
+
+	@Secured("ROLE_ADMIN")
 	@RequestMapping(value="/form/{id}")
 	public String editar(@PathVariable(value="id") Long id, Map<String, Object> model, RedirectAttributes flash) {
 		
@@ -135,6 +158,7 @@ public String editar(@PathVariable(value="id") Long id, Map<String, Object> mode
 		return "form";
 	}
 
+	@Secured("ROLE_ADMIN")
 	@RequestMapping(value = "/form", method = RequestMethod.POST)
 	public String guardar(@Valid Cliente cliente, BindingResult result, Model model, @RequestParam("file") MultipartFile foto, RedirectAttributes flash, SessionStatus status) {
 
@@ -166,7 +190,8 @@ public String guardar(@Valid Cliente cliente, BindingResult result, Model model,
 		flash.addFlashAttribute("success", mensajeFlash);
 		return "redirect:listar";
 	}
-	
+
+	@Secured("ROLE_ADMIN")
 	@RequestMapping(value="/eliminar/{id}")
 	public String eliminar(@PathVariable(value="id") Long id, RedirectAttributes flash) {