관리자 관리수정, 에러코드 공통 추가

2025-12-11 12:27:20 +09:00
parent 2b38a317ba
commit ed0159edda
16 changed files with 222 additions and 133 deletions
--- a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
+++ b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
@@ -6,12 +6,14 @@ import java.util.List;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@@ -40,21 +42,21 @@ public class SecurityConfig {
        customAuthenticationProvider) // 로그인 패스워드 비교방식 스프링 기본 Provider 사용안함 커스텀 사용
      .authorizeHttpRequests(
        auth ->
-          auth.anyRequest().permitAll());
-//                  requestMatchers(HttpMethod.OPTIONS, "/**")
-//                    .permitAll() // preflight 허용
-//                    .requestMatchers(
-//                        "/api/auth/signin",
-//                        "/api/auth/refresh",
-//                        "/swagger-ui/**",
-//                        "/v3/api-docs/**")
-//                    .permitAll()
-//                    .anyRequest()
-//                    .authenticated())
-//        .addFilterBefore(
-//            jwtAuthenticationFilter,
-//            UsernamePasswordAuthenticationFilter
-//                .class) // 요청 들어오면 먼저 JWT 토큰 검사 후 security context 에 사용자 정보 저장.
+          auth.requestMatchers(HttpMethod.OPTIONS, "/**")
+            .permitAll() // preflight 허용
+            .requestMatchers(
+              "/api/auth/signin",
+              "/api/auth/refresh",
+              "/swagger-ui/**",
+              "/api/members/{memberId}/password",
+              "/v3/api-docs/**")
+            .permitAll()
+            .anyRequest()
+            .authenticated())
+      .addFilterBefore(
+        jwtAuthenticationFilter,
+        UsernamePasswordAuthenticationFilter
+          .class) // 요청 들어오면 먼저 JWT 토큰 검사 후 security context 에 사용자 정보 저장.
    ;

    return http.build();