From 9fbefda9d5c7c857e38d4d86d7c37af92cc773ee Mon Sep 17 00:00:00 2001
From: teddy <teddy.kim.kim@tf.dabeeo.com>
Date: Wed, 10 Dec 2025 15:53:25 +0900
Subject: [PATCH] =?UTF-8?q?=ED=86=A0=ED=81=B0=20response=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../cd/kamcoback/config/SecurityConfig.java   | 33 ++++++++++---------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
index 132c053d..b7fdcbf2 100644
--- a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
+++ b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
@@ -6,12 +6,14 @@ import java.util.List;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@@ -39,22 +41,21 @@ public class SecurityConfig {
         .authenticationProvider(
             customAuthenticationProvider) // 로그인 패스워드 비교방식 스프링 기본 Provider 사용안함 커스텀 사용
         .authorizeHttpRequests(
-            auth -> auth.anyRequest().permitAll()
-            //            .requestMatchers(HttpMethod.OPTIONS, "/**")
-            //            .permitAll() // preflight 허용
-            //            .requestMatchers(
-            //              "/api/auth/signin",
-            //              "/api/auth/refresh",
-            //              "/swagger-ui/**",
-            //              "/v3/api-docs/**")
-            //            .permitAll()
-            //            .anyRequest()
-            //            .authenticated()
-            )
-    //      .addFilterBefore(
-    //        jwtAuthenticationFilter,
-    //        UsernamePasswordAuthenticationFilter
-    //          .class) // 요청 들어오면 먼저 JWT 토큰 검사 후 security context 에 사용자 정보 저장.
+            auth ->
+                auth.requestMatchers(HttpMethod.OPTIONS, "/**")
+                    .permitAll() // preflight 허용
+                    .requestMatchers(
+                        "/api/auth/signin",
+                        "/api/auth/refresh",
+                        "/swagger-ui/**",
+                        "/v3/api-docs/**")
+                    .permitAll()
+                    .anyRequest()
+                    .authenticated())
+        .addFilterBefore(
+            jwtAuthenticationFilter,
+            UsernamePasswordAuthenticationFilter
+                .class) // 요청 들어오면 먼저 JWT 토큰 검사 후 security context 에 사용자 정보 저장.
     ;
 
     return http.build();