From a9688165c4d78a6967bc0acba6b8107535306395 Mon Sep 17 00:00:00 2001
From: whitenoise13 <amnesiamar13@gmail.com>
Date: Wed, 14 May 2025 10:23:39 +0900
Subject: [PATCH] =?UTF-8?q?Feat::=20=EB=8F=84=EB=A9=94=EC=9D=B8=20?=
 =?UTF-8?q?=EC=84=A4=EC=A0=95=20=EB=B3=80=EA=B2=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../global/config/SecurityConfig.java         | 30 +++++++++++++++----
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/src/main/java/Minari/cheongForDo/global/config/SecurityConfig.java b/src/main/java/Minari/cheongForDo/global/config/SecurityConfig.java
index fdcc070..de9f7fd 100644
--- a/src/main/java/Minari/cheongForDo/global/config/SecurityConfig.java
+++ b/src/main/java/Minari/cheongForDo/global/config/SecurityConfig.java
@@ -25,19 +25,39 @@ public class SecurityConfig {
 
     private final ObjectMapper OBJECT_MAPPER;
 
+//    @Bean
+//    public SecurityFilterChain filterChain(HttpSecurity http, JwtUtils jwtUtils) throws Exception {
+//        http
+//                .cors ((cors) -> cors.configurationSource(corsConfigurationSource()))
+//                .csrf(AbstractHttpConfigurer::disable)
+//                .formLogin(AbstractHttpConfigurer::disable)
+//                .authorizeHttpRequests(auth -> auth
+//                        .requestMatchers("/member/login", "/member/register", "/news", "").permitAll()
+//                        .requestMatchers("/swagger-ui/**", "/v3/**").permitAll()
+//                        .anyRequest().authenticated()
+//                )
+//                .sessionManagement(session -> session
+//                                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+//                );
+//
+//        http.addFilterBefore(new JwtAuthenticationFilter(jwtUtils, OBJECT_MAPPER), UsernamePasswordAuthenticationFilter.class);
+//        return http.build();
+//    }
+
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http, JwtUtils jwtUtils) throws Exception {
         http
-                .cors ((cors) -> cors.configurationSource(corsConfigurationSource()))
+                .cors((cors) -> cors.configurationSource(corsConfigurationSource()))
                 .csrf(AbstractHttpConfigurer::disable)
                 .formLogin(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(auth -> auth
-                        .requestMatchers("/member/login", "/member/register", "/news").permitAll()
-                        .requestMatchers("/swagger-ui/**", "/v3/**").permitAll()
-                        .anyRequest().authenticated()
+                        // 로그인, 회원가입, 뉴스 관련 API, Swagger UI는 인증 없이 접근 가능
+                        .requestMatchers("/member/login", "/member/register", "/news", "/swagger-ui/**", "/v3/**").permitAll()
+                        // 모든 다른 요청도 인증 없이 접근 가능
+                        .anyRequest().permitAll()
                 )
                 .sessionManagement(session -> session
-                                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                 );
 
         http.addFilterBefore(new JwtAuthenticationFilter(jwtUtils, OBJECT_MAPPER), UsernamePasswordAuthenticationFilter.class);