diff --git a/public/index.php b/public/index.php
index 829da88..acc664f 100644
--- a/public/index.php
+++ b/public/index.php
@@ -30,15 +30,31 @@ $match = Container::$routeCollection->match($method, explode('/', $url));
 if ($match !== null) {
     list($route, $params) = $match;
 
-    $response = $route->callController($params);
+    $handler = $route->getHandler();
 
-    if ($response instanceof MapGuesser\Interfaces\Response\IContent) {
-        header('Content-Type: ' . $response->getContentType() . '; charset=UTF-8');
-        echo $response->render();
-    } elseif ($response instanceof MapGuesser\Interfaces\Response\IRedirect) {
-        header('Location: ' . $host . '/' . $response->getUrl(), true, $response->getHttpCode());
+    $controller = new $handler[0];
+
+    if ($controller instanceof MapGuesser\Interfaces\Authorization\ISecured) {
+        $authorized = $controller->authorize();
+    } else {
+        $authorized = true;
+    }
+
+    if ($authorized) {
+        $response = call_user_func([$controller, $handler[1]], $params);
+
+        if ($response instanceof MapGuesser\Interfaces\Response\IContent) {
+            header('Content-Type: ' . $response->getContentType() . '; charset=UTF-8');
+            echo $response->render();
+
+            return;
+        } elseif ($response instanceof MapGuesser\Interfaces\Response\IRedirect) {
+            header('Location: ' . $host . '/' . $response->getUrl(), true, $response->getHttpCode());
+
+            return;
+        }
     }
-} else {
-    header('Content-Type: text/html; charset=UTF-8', true, 404);
-    require ROOT . '/views/error/404.php';
 }
+
+header('Content-Type: text/html; charset=UTF-8', true, 404);
+require ROOT . '/views/error/404.php';
diff --git a/src/Controller/MapAdminController.php b/src/Controller/MapAdminController.php
index a0bd507..59a2c3f 100644
--- a/src/Controller/MapAdminController.php
+++ b/src/Controller/MapAdminController.php
@@ -1,6 +1,7 @@
 <?php namespace MapGuesser\Controller;
 
 use MapGuesser\Database\Query\Select;
+use MapGuesser\Interfaces\Authorization\ISecured;
 use MapGuesser\Interfaces\Database\IResultSet;
 use MapGuesser\Interfaces\Response\IContent;
 use MapGuesser\Repository\PlaceRepository;
@@ -8,7 +9,7 @@ use MapGuesser\Response\HtmlContent;
 use MapGuesser\Response\JsonContent;
 use MapGuesser\Util\Geo\Bounds;
 
-class MapAdminController
+class MapAdminController implements ISecured
 {
     private PlaceRepository $placeRepository;
 
@@ -17,6 +18,13 @@ class MapAdminController
         $this->placeRepository = new PlaceRepository();
     }
 
+    public function authorize(): bool
+    {
+        //TODO
+
+        return false;
+    }
+
     public function getMaps(): IContent
     {
         //TODO
diff --git a/src/Interfaces/Authorization/ISecured.php b/src/Interfaces/Authorization/ISecured.php
new file mode 100644
index 0000000..4e3a84e
--- /dev/null
+++ b/src/Interfaces/Authorization/ISecured.php
@@ -0,0 +1,6 @@
+<?php namespace MapGuesser\Interfaces\Authorization;
+
+interface ISecured
+{
+    public function authorize(): bool;
+}
diff --git a/src/Routing/Route.php b/src/Routing/Route.php
index af5f659..afe5491 100644
--- a/src/Routing/Route.php
+++ b/src/Routing/Route.php
@@ -20,6 +20,11 @@ class Route
         return $this->id;
     }
 
+    public function getHandler(): array
+    {
+        return $this->handler;
+    }
+
     public function generateLink(array $parameters = []): string
     {
         $link = [];
@@ -51,14 +56,6 @@ class Route
         return implode('/', $link) . $query;
     }
 
-    public function callController(array $parameters)
-    {
-        $controllerName = $this->handler[0];
-        $controller = new $controllerName();
-
-        return call_user_func([$controller, $this->handler[1]], $parameters);
-    }
-
     public function testAgainst(array $path): ?array
     {
         $parameters = [];