refactor: security 설정(일단 개발 편의성 위해 permit all)

Author: seungwookc97

src/main/java/com/back/global/security/CustomAuthenticationFilter.java

@@ -53,23 +53,28 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 
     private void work(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
         String uri = request.getRequestURI();
+        String method = request.getMethod();
 
-        // SecurityConfig에서 permitAll()로 설정된 경로들은 필터를 통과시키기
+        // 개발 편의성을 위해 모든 요청 통과 (SecurityConfig에서 모든 요청 permitAll)
+        /*
         if (
                 uri.startsWith("/h2-console") ||
                 uri.startsWith("/login/oauth2/") ||
                 uri.startsWith("/oauth2/") ||
                 uri.startsWith("/actuator/") ||
                 uri.startsWith("/swagger-ui/") ||
                 uri.startsWith("/api-docs/") ||
-                uri.startsWith("/user/") ||
-                uri.startsWith("/cocktails/") ||
-                uri.startsWith("/chatbot/") ||
-                uri.equals("/")
+                uri.equals("/") ||
+                // 조회 API들 - 권한 불필요
+                (method.equals("GET") && uri.startsWith("/cocktails")) ||
+                (method.equals("POST") && uri.equals("/cocktails/search")) ||
+                (method.equals("GET") && uri.startsWith("/posts")) ||
+                (method.equals("GET") && uri.contains("/comments"))
         ) {
             filterChain.doFilter(request, response);
             return;
         }
+        */
 
         // 쿠키에서 accessToken 가져오기
         String accessToken = rq.getCookieValue("accessToken", "");

src/main/java/com/back/global/security/SecurityConfig.java

@@ -51,21 +51,33 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 ) // OAuth 인증시 필요할때만 세션 사용
 
                 .authorizeHttpRequests(auth -> auth
+                        // 개발 편의성을 위해 모든 요청 허용
+                        .anyRequest().permitAll()
+
+                        /*
                         .requestMatchers("/").permitAll()
                         .requestMatchers("/h2-console/**").permitAll()
                         .requestMatchers("/actuator/**").permitAll()
                         .requestMatchers("/oauth2/**").permitAll()
                         .requestMatchers("/login/oauth2/**").permitAll()
                         .requestMatchers("/swagger-ui/**", "/api-docs/**").permitAll()
-                        .requestMatchers("/user/**").permitAll()
-                        .requestMatchers("/cocktails/**").permitAll()
-                        .requestMatchers("/chatbot/**").permitAll()
+
+                        // 권한 불필요 - 조회 API
+                        .requestMatchers(GET, "/cocktails/**").permitAll()
+                        .requestMatchers(POST, "/cocktails/search").permitAll()
+                        .requestMatchers(GET, "/posts").permitAll()
+                        .requestMatchers(GET, "/posts/{postId}").permitAll()
+                        .requestMatchers(GET, "/posts/{postId}/comments").permitAll()
+                        .requestMatchers(GET, "/posts/{postId}/comments/{commentId}").permitAll()
+                        .requestMatchers(GET, "/cocktails/{cocktailId}/comments").permitAll()
+                        .requestMatchers(GET, "/cocktails/{cocktailId}/comments/{cocktailCommentId}").permitAll()
 
                         // 회원 or 인증된 사용자만 가능
                         .requestMatchers("/admin/**").hasRole("ADMIN")
 
-                        //그 외에는 인증해야함
+                        // 나머지 모든 API는 인증 필요
                         .anyRequest().authenticated()
+                        */
                 )
                 .formLogin(AbstractHttpConfigurer::disable)
                 .httpBasic(AbstractHttpConfigurer::disable)