Decodeat · Yujin1219 · Sep 22, 2025 · Sep 22, 2025
diff --git a/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java b/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java
@@ -17,6 +17,7 @@
 import org.springframework.security.web.authentication.HttpStatusEntryPoint;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RegexRequestMatcher;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.beans.factory.annotation.Value;
 
@@ -56,9 +57,10 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
         http.authorizeHttpRequests(auth -> auth
 //                .anyRequest().permitAll());
                 .requestMatchers("/img/**", "/css/**", "/js/**", "/favicon.ico", "/error").permitAll()
-                .requestMatchers("/swagger-ui/**","/v3/api-docs/**").permitAll() // 토큰 재발급 요청은 누구나 가능
-                .requestMatchers("/api/token").permitAll()
-//                .requestMatchers("/api/users/**").hasAnyRole("USER", "ADMIN") // 유저 관련 API는 USER 또는 ADMIN 권한 필요
+                .requestMatchers("/swagger-ui/**","/v3/api-docs/**").permitAll() //누구나 가능
+                .requestMatchers("/api/token", "/api/products/latest","/api/products/search/**").permitAll() //누구나 가능
+                .requestMatchers(new RegexRequestMatcher("^/api/products/\\d+$", "GET")).permitAll()
+                .requestMatchers("/api/users/**").hasAnyRole("USER", "ADMIN") // 유저 관련 API는 USER 또는 ADMIN 권한 필요
                 .requestMatchers("/api/admin/**").hasRole("ADMIN") // 어드민 관련 API는 ADMIN 권한만 가능
                 .anyRequest().authenticated()); // 나머지 요청은 인증 필요