♻️Refactor: Security filterChain 경로 수정

imjuyongp · imjuyongp · commit ce725b1fec9d · 2026-02-01T00:54:44.000+09:00
diff --git a/src/main/java/com/be/sportizebe/domain/user/controller/UserController.java b/src/main/java/com/be/sportizebe/domain/user/controller/UserController.java
@@ -1,10 +1,12 @@
 package com.be.sportizebe.domain.user.controller;
 
+import com.be.sportizebe.domain.auth.exception.AuthErrorCode;
 import com.be.sportizebe.domain.user.dto.request.SignUpRequest;
 import com.be.sportizebe.domain.user.dto.response.ProfileImageResponse;
 import com.be.sportizebe.domain.user.dto.response.SignUpResponse;
 import com.be.sportizebe.domain.user.entity.User;
 import com.be.sportizebe.domain.user.service.UserServiceImpl;
+import com.be.sportizebe.global.exception.CustomException;
 import com.be.sportizebe.global.response.BaseResponse;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
diff --git a/src/main/java/com/be/sportizebe/global/security/SecurityConfig.java b/src/main/java/com/be/sportizebe/global/security/SecurityConfig.java
@@ -35,10 +35,11 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
         .authorizeHttpRequests(auth -> auth
             .requestMatchers("/api/auth/**").permitAll()
-            .requestMatchers("/api/users/**").permitAll()
+            .requestMatchers("/api/users/signup").permitAll()
+            .requestMatchers("/api/users/**").authenticated()
             .requestMatchers("/ws-stomp/**").permitAll()
             .requestMatchers("/swagger-ui/**", "/v3/api-docs/**", "/swagger-resources/**").permitAll()
-            .requestMatchers(HttpMethod.GET, "/api/**").permitAll()
+            .requestMatchers(HttpMethod.GET, "/api/**").permitAll() // 조회는 인증 필요 없음
             .anyRequest().authenticated()
         )
         .exceptionHandling(exception -> exception
