YAPP-Github · move-hoon · Aug 9, 2025 · Aug 8, 2025 · Aug 8, 2025 · Aug 8, 2025
diff --git a/apis/src/main/kotlin/org/yapp/apis/auth/controller/AuthControllerApi.kt b/apis/src/main/kotlin/org/yapp/apis/auth/controller/AuthControllerApi.kt
@@ -15,12 +15,14 @@ import org.springframework.web.bind.annotation.RequestBody
 import org.yapp.apis.auth.dto.request.SocialLoginRequest
 import org.yapp.apis.auth.dto.request.TokenRefreshRequest
 import org.yapp.apis.auth.dto.response.AuthResponse
+import org.yapp.globalutils.annotation.DisableSwaggerSecurity
 import org.yapp.globalutils.exception.ErrorResponse
 import java.util.*
 
 @Tag(name = "Authentication", description = "인증 관련 API")
 interface AuthControllerApi {
 
+    @DisableSwaggerSecurity
     @Operation(
         summary = "소셜 로그인",
         description = "카카오 또는 애플 계정으로 로그인합니다. 사용자가 존재하지 않으면 자동으로 회원가입됩니다."
@@ -47,6 +49,7 @@ interface AuthControllerApi {
     @PostMapping("/signin")
     fun signIn(@RequestBody @Valid request: SocialLoginRequest): ResponseEntity<AuthResponse>
 
+    @DisableSwaggerSecurity
     @Operation(
         summary = "토큰 갱신",
         description = "리프레시 토큰을 사용하여 액세스 토큰을 갱신합니다. 새로운 액세스 토큰과 리프레시 토큰을 반환합니다."

diff --git a/apis/src/main/kotlin/org/yapp/apis/config/SwaggerConfig.kt b/apis/src/main/kotlin/org/yapp/apis/config/SwaggerConfig.kt
@@ -6,10 +6,12 @@ import io.swagger.v3.oas.models.info.Info
 import io.swagger.v3.oas.models.security.SecurityRequirement
 import io.swagger.v3.oas.models.security.SecurityScheme
 import io.swagger.v3.oas.models.servers.Server
+import org.springdoc.core.customizers.OperationCustomizer
 import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.context.annotation.Profile
+import org.yapp.globalutils.annotation.DisableSwaggerSecurity
 
 @Configuration
 @EnableConfigurationProperties(SwaggerProperties::class)
@@ -50,4 +52,18 @@ class SwaggerConfig(
                     )
             )
     }
+
+    @Bean
+    fun securityOperationCustomizer(): OperationCustomizer {
+        return OperationCustomizer { operation, handlerMethod ->
+            val disableSwaggerSecurity: DisableSwaggerSecurity? =
+                handlerMethod.getMethodAnnotation(DisableSwaggerSecurity::class.java)
+
+            if (disableSwaggerSecurity != null) {
+                operation.security = listOf()
+            }
+
+            operation
+        }
+    }
 }
diff --git a/gateway/src/main/kotlin/org/yapp/gateway/security/SecurityConfig.kt b/gateway/src/main/kotlin/org/yapp/gateway/security/SecurityConfig.kt
@@ -49,9 +49,6 @@ class SecurityConfig(
             .authorizeHttpRequests {
                 it.requestMatchers(*WHITELIST_URLS).permitAll()
                 it.requestMatchers("/api/v1/admin/**").hasRole("ADMIN")
-                it.requestMatchers("/api/v1/user/**").hasAnyRole("USER", "ADMIN")
-                it.requestMatchers("/api/v1/auth/**").authenticated()
-                it.requestMatchers("/api/v1/books/**").authenticated()
                 it.anyRequest().authenticated()
             }
 

diff --git a/global-utils/src/main/kotlin/org/yapp/globalutils/annotation/DisableSwaggerSecurity.kt b/global-utils/src/main/kotlin/org/yapp/globalutils/annotation/DisableSwaggerSecurity.kt
@@ -0,0 +1,5 @@
+package org.yapp.globalutils.annotation
+
+@Target(AnnotationTarget.FUNCTION)
+@Retention(AnnotationRetention.RUNTIME)
+annotation class DisableSwaggerSecurity()