diff --git a/src/main/java/com/covas/Resources/TokenRessource.java b/src/main/java/com/covas/Resources/TokenRessource.java
index 1411acb..9daf5e3 100644
--- a/src/main/java/com/covas/Resources/TokenRessource.java
+++ b/src/main/java/com/covas/Resources/TokenRessource.java
@@ -56,8 +56,8 @@ public class TokenRessource {
             return Response.status(Response.Status.NOT_FOUND).build();
         }        
         if (jwtCookie == null) {
-            if(!password.equals(users.password)){
-                return Response.status(Response.Status.FORBIDDEN).build();                
+            if((!password.equals(users.password)) && (!users.status)) {
+                return Response.status(Response.Status.FORBIDDEN).build();      
             }
             // Create a JWT token signed using the 'HS256' algorithm
             String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(users.roles).claim(Claims.kid, users.id.toString()).expiresIn(Duration.ofMinutes(1)).sign();
diff --git a/src/main/java/com/covas/Resources/UsersRessources.java b/src/main/java/com/covas/Resources/UsersRessources.java
index dcf3221..be8fea2 100644
--- a/src/main/java/com/covas/Resources/UsersRessources.java
+++ b/src/main/java/com/covas/Resources/UsersRessources.java
@@ -42,7 +42,15 @@ public class UsersRessources {
     @GET
     @RolesAllowed("Admin")
     @Path("{id}")
-    public Response getSingleUser(@PathParam("id") String id){
+    public Response getSingleUser(@PathParam("id") String id, @CookieParam("user") String userCookie, @Context SecurityContext ctx){
+        if(!ctx.getUserPrincipal().getName().equals(jwt.getName())){
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
+        }
+        UUID kid = UUID.fromString(jwt.getClaim(Claims.kid));
+        UsersEntity user = UsersEntity.findById(kid);
+        if(!checkUserCookie(userCookie, user)){
+            return Response.status(Response.Status.FORBIDDEN).build();
+        }
         UUID uid = UUID.fromString(id);
         UsersEntity users = UsersEntity.findById(uid);
         if(users == null){
@@ -63,10 +71,16 @@ public class UsersRessources {
         if (user == null){
             return Response.status(Response.Status.NOT_FOUND).build();
         }
-        String name = new String(Base64.decode(userCookie), StandardCharsets.UTF_8);
-        if(!name.equals(user.pseudo)){
+        if(!checkUserCookie(userCookie, user)){
             return Response.status(Response.Status.FORBIDDEN).build();
         }
         return Response.ok(new UserSingle(user.name, user.pseudo, user.firstName)).build();
-    }    
+    }
+    private Boolean checkUserCookie(String userCookie, UsersEntity users){
+        String name = new String(Base64.decode(userCookie), StandardCharsets.UTF_8);
+        if(!name.equals(users.pseudo) && (!users.status)){
+            return false;
+        }
+        return true;
+    }
 }