From ad421e3c74c4b47dcde104b594bad02b49d0d191 Mon Sep 17 00:00:00 2001
From: "gayoun.park" <gayoun.park@tf.dabeeo.com>
Date: Fri, 20 Feb 2026 11:36:21 +0900
Subject: [PATCH] =?UTF-8?q?=EB=B9=84=EB=B0=80=EB=B2=88=ED=98=B8=20?=
 =?UTF-8?q?=EB=B3=80=EA=B2=BD=20security=20=EB=A1=9C=EC=A7=81=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../com/kamco/cd/training/auth/JwtAuthenticationFilter.java   | 3 ++-
 .../java/com/kamco/cd/training/config/SecurityConfig.java     | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/kamco/cd/training/auth/JwtAuthenticationFilter.java b/src/main/java/com/kamco/cd/training/auth/JwtAuthenticationFilter.java
index 57c0df6..a997eb9 100644
--- a/src/main/java/com/kamco/cd/training/auth/JwtAuthenticationFilter.java
+++ b/src/main/java/com/kamco/cd/training/auth/JwtAuthenticationFilter.java
@@ -23,7 +23,8 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
   private final UserDetailsService userDetailsService;
   private static final AntPathMatcher PATH_MATCHER = new AntPathMatcher();
   private static final String[] EXCLUDE_PATHS = {
-    "/api/auth/signin", "/api/auth/refresh", "/api/auth/logout", "/api/members/*/password"
+    //    "/api/auth/signin", "/api/auth/refresh", "/api/auth/logout", "/api/members/*/password"
+    "/api/auth/signin", "/api/auth/refresh", "/api/auth/logout"
   };
 
   @Override
diff --git a/src/main/java/com/kamco/cd/training/config/SecurityConfig.java b/src/main/java/com/kamco/cd/training/config/SecurityConfig.java
index 0f4068f..dd5ba6d 100644
--- a/src/main/java/com/kamco/cd/training/config/SecurityConfig.java
+++ b/src/main/java/com/kamco/cd/training/config/SecurityConfig.java
@@ -76,13 +76,13 @@ public class SecurityConfig {
                         "/api/auth/logout",
                         "/swagger-ui/**",
                         "/v3/api-docs/**",
-                        "/api/members/*/password",
                         "/api/upload/chunk-upload-dataset",
                         "/api/upload/chunk-upload-complete",
                         "/download_progress_test.html",
                         "/api/models/download/**")
                     .permitAll()
-
+                    .requestMatchers("/api/members/*/password")
+                    .authenticated()
                     // default
                     .anyRequest()
                     .authenticated())