[fix/#350] SecurityFilterChain 방식에 맞게 @order를 Bean 레벨로 재배치

agree0002 · agree0002 · commit 09dd7eaf0719 · 2025-11-17T20:30:25.000+09:00
diff --git a/module-auth/src/main/java/com/inhabas/api/auth/config/AuthSecurityConfig.java b/module-auth/src/main/java/com/inhabas/api/auth/config/AuthSecurityConfig.java
@@ -18,7 +18,6 @@
 import com.inhabas.api.auth.domain.oauth2.handler.Oauth2AuthenticationFailureHandler;
 import com.inhabas.api.auth.domain.oauth2.handler.Oauth2AuthenticationSuccessHandler;
 
-@Order(0) // 인증 관련 security filter chain 은 우선순위가 가장 높아야 함.
 @Configuration
 @EnableWebSecurity
 @RequiredArgsConstructor
@@ -55,6 +54,7 @@ public class AuthSecurityConfig {
    * 따라서 critical 한 url 에 대해서 OAuth2 인증이 완료된 세션에 한해서만 허용.
    */
   @Bean
+  @Order(0) // 인증 관련 security filter chain 은 우선순위가 가장 높아야 함.
   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
     http.securityMatcher("/login/**")
diff --git a/resource-server/src/main/java/com/inhabas/api/config/WebSecurityConfig.java b/resource-server/src/main/java/com/inhabas/api/config/WebSecurityConfig.java
@@ -67,7 +67,6 @@ public class WebSecurityConfig {
   private static final String[] AUTH_WHITELIST_CONTEST_BOARD = {"/contest/count"};
 
   @Configuration
-  @Order(1)
   @EnableMethodSecurity(jsr250Enabled = true)
   @EnableWebSecurity
   @RequiredArgsConstructor
