File Management API Upload ALL Success

src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java

@@ -11,9 +11,13 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.firewall.HttpFirewall;
+import org.springframework.security.web.firewall.StrictHttpFirewall;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@@ -30,19 +34,23 @@ public class SecurityConfig {
   public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 
     http.cors(cors -> cors.configurationSource(corsConfigurationSource()))
-        .csrf(csrf -> csrf.disable()) // CSRF 보안 기능 비활성화
-        .sessionManagement(
-            sm ->
-                sm.sessionCreationPolicy(
-                    SessionCreationPolicy.STATELESS)) // 서버 세션 만들지 않음, 요청은 JWT 인증
-        .formLogin(form -> form.disable()) // react에서 로그인 요청 관리
-        .httpBasic(basic -> basic.disable()) // 기본 basic 인증 비활성화 JWT 인증사용
-        .logout(logout -> logout.disable()) // 기본 로그아웃 비활성화 JWT는 서버 상태가 없으므로 로그아웃 처리 필요 없음
-        .authenticationProvider(
-            customAuthenticationProvider) // 로그인 패스워드 비교방식 스프링 기본 Provider 사용안함 커스텀 사용
+        .csrf(csrf -> csrf.disable())
+        .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+        .formLogin(form -> form.disable())
+        .httpBasic(basic -> basic.disable())
+        .logout(logout -> logout.disable())
+        .authenticationProvider(customAuthenticationProvider)
         .authorizeHttpRequests(
             auth ->
                 auth
+                    // 맵시트 영역 전체 허용 (우선순위 최상단)
+                    .requestMatchers("/api/mapsheet/**")
+                    .permitAll()
+
+                    // 업로드 명시적 허용
+                    .requestMatchers(HttpMethod.POST, "/api/mapsheet/upload")
+                    .permitAll()
+
                     // ADMIN만 접근
                     .requestMatchers("/api/test/admin")
                     .hasRole("ADMIN")
@@ -98,4 +106,19 @@ public class SecurityConfig {
     source.registerCorsConfiguration("/**", config); // CORS 정책을 등록
     return source;
   }
+
+  @Bean
+  public HttpFirewall httpFirewall() {
+    StrictHttpFirewall firewall = new StrictHttpFirewall();
+    firewall.setAllowUrlEncodedSlash(true);
+    firewall.setAllowUrlEncodedDoubleSlash(true);
+    firewall.setAllowUrlEncodedPercent(true);
+    firewall.setAllowSemicolon(true);
+    return firewall;
+  }
+
+  @Bean
+  public WebSecurityCustomizer webSecurityCustomizer() {
+    return (web) -> web.ignoring().requestMatchers(new AntPathRequestMatcher("/api/mapsheet/**"));
+  }
 }