test: 개발환경 보안 적용

seungwookc97 · seungwookc97 · commit b47ec9933e8e · 2025-10-15T09:53:28.000+09:00
diff --git a/src/main/java/com/back/global/security/SecurityConfig.java b/src/main/java/com/back/global/security/SecurityConfig.java
@@ -17,6 +17,9 @@
 
 import java.util.Arrays;
 
+import static org.springframework.http.HttpMethod.GET;
+import static org.springframework.http.HttpMethod.POST;
+
 @Configuration
 @EnableWebSecurity
 @EnableMethodSecurity
@@ -59,36 +62,38 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .addFilterBefore(customAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
                 .authorizeHttpRequests(auth -> auth
 
+                                // OAuth, GET POST 둘 다 사용
+                                .requestMatchers("/oauth2/**").permitAll()
+                                .requestMatchers("/login/oauth2/**").permitAll()
+
+                                //르프레시 갱신 및 칵테일 검색
+                                .requestMatchers(POST, "/user/auth/refresh").permitAll()
+                                .requestMatchers(POST, "/cocktails/search").permitAll()
+
+                                // share은 인증 필요
+                                .requestMatchers(GET, "/cocktails/{id}/share").authenticated()
+
+                                // 권한 불필요 - 조회 API
+                                .requestMatchers(GET, "/").permitAll()
+                                .requestMatchers(GET, "/actuator/**").permitAll()
+
+                                .requestMatchers(GET, "/cocktails/**").permitAll()
+
+                                .requestMatchers(GET, "/posts").permitAll()
+                                .requestMatchers(GET, "/posts/{postId}").permitAll()
+                                .requestMatchers(GET, "/posts/{postId}/comments").permitAll()
+                                .requestMatchers(GET, "/posts/{postId}/comments/{commentId}").permitAll()
+                                .requestMatchers(GET, "/cocktails/{cocktailId}/comments").permitAll()
+                                .requestMatchers(GET, "/cocktails/{cocktailId}/comments/{cocktailCommentId}").permitAll()
+                                .requestMatchers(GET, "/category").permitAll()
+
+                                // 나머지 모든 API는 인증 필요
+                                .anyRequest().authenticated()
+
+
+//                         회원 or 인증된 사용자만 가능
+//                        .requestMatchers("/admin/**").hasRole("ADMIN")
 
-                        .requestMatchers("/user/auth/logout").authenticated()
-                        /*
-                        .requestMatchers("/").permitAll()
-                        .requestMatchers("/h2-console/**").permitAll()
-                        .requestMatchers("/actuator/**").permitAll()
-                        .requestMatchers("/oauth2/**").permitAll()
-                        .requestMatchers("/login/oauth2/**").permitAll()
-                        .requestMatchers("/swagger-ui/**", "/api-docs/**").permitAll()
-                        .requestMatchers("/user/auth/refresh").permitAll()
-                        .requestMatchers("/user/auth/me").permitAll()
-
-                        // 권한 불필요 - 조회 API
-                        .requestMatchers(GET, "/cocktails/**").permitAll()
-                        .requestMatchers(POST, "/cocktails/search").permitAll()
-                        .requestMatchers(GET, "/posts").permitAll()
-                        .requestMatchers(GET, "/posts/{postId}").permitAll()
-                        .requestMatchers(GET, "/posts/{postId}/comments").permitAll()
-                        .requestMatchers(GET, "/posts/{postId}/comments/{commentId}").permitAll()
-                        .requestMatchers(GET, "/cocktails/{cocktailId}/comments").permitAll()
-                        .requestMatchers(GET, "/cocktails/{cocktailId}/comments/{cocktailCommentId}").permitAll()
-
-                        // 회원 or 인증된 사용자만 가능
-                        .requestMatchers("/admin/**").hasRole("ADMIN")
-
-                        // 나머지 모든 API는 인증 필요
-                        .anyRequest().authenticated()
-                        */
-                        // 개발 편의성을 위해 모든 요청 허용
-                        .anyRequest().permitAll()
                 )
                 .formLogin(AbstractHttpConfigurer::disable)
                 .httpBasic(AbstractHttpConfigurer::disable)
