From 314b2aa1c8e5f14b35521f3c417e627d2866134b Mon Sep 17 00:00:00 2001
From: Yujin1219 <jin-1219@naver.com>
Date: Mon, 22 Sep 2025 14:17:27 +0900
Subject: [PATCH] =?UTF-8?q?Fix:=20=EA=B6=8C=ED=95=9C=20=EC=84=A4=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../DecodEat/global/config/WebOAuthSecurityConfig.java    | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java b/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java
index 348104f..71ca1b3 100644
--- a/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java
+++ b/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java
@@ -17,6 +17,7 @@
 import org.springframework.security.web.authentication.HttpStatusEntryPoint;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RegexRequestMatcher;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.beans.factory.annotation.Value;
 
@@ -56,9 +57,10 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
         http.authorizeHttpRequests(auth -> auth
 //                .anyRequest().permitAll());
                 .requestMatchers("/img/**", "/css/**", "/js/**", "/favicon.ico", "/error").permitAll()
-                .requestMatchers("/swagger-ui/**","/v3/api-docs/**").permitAll() // 토큰 재발급 요청은 누구나 가능
-                .requestMatchers("/api/token").permitAll()
-//                .requestMatchers("/api/users/**").hasAnyRole("USER", "ADMIN") // 유저 관련 API는 USER 또는 ADMIN 권한 필요
+                .requestMatchers("/swagger-ui/**","/v3/api-docs/**").permitAll() //누구나 가능
+                .requestMatchers("/api/token", "/api/products/latest","/api/products/search/**").permitAll() //누구나 가능
+                .requestMatchers(new RegexRequestMatcher("^/api/products/\\d+$", "GET")).permitAll()
+                .requestMatchers("/api/users/**").hasAnyRole("USER", "ADMIN") // 유저 관련 API는 USER 또는 ADMIN 권한 필요
                 .requestMatchers("/api/admin/**").hasRole("ADMIN") // 어드민 관련 API는 ADMIN 권한만 가능
                 .anyRequest().authenticated()); // 나머지 요청은 인증 필요