From 6f1712eb679987de5dc53e52f7667f1bc9190f6c Mon Sep 17 00:00:00 2001
From: WonyuChoi <phillip07290@naver.com>
Date: Wed, 11 Sep 2024 15:49:25 +0900
Subject: [PATCH 1/2] =?UTF-8?q?FLASH-258=20feat:=20WEB=20=EC=97=AD?=
 =?UTF-8?q?=ED=95=A0=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/main/java/com/first/flash/account/member/domain/Role.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/com/first/flash/account/member/domain/Role.java b/src/main/java/com/first/flash/account/member/domain/Role.java
index 0671d593..7cadf339 100644
--- a/src/main/java/com/first/flash/account/member/domain/Role.java
+++ b/src/main/java/com/first/flash/account/member/domain/Role.java
@@ -7,7 +7,7 @@
 @ToString
 public enum Role {
 
-    ROLE_ADMIN("ROLE_ADMIN"), ROLE_USER("ROLE_USER");
+    ROLE_ADMIN("ROLE_ADMIN"), ROLE_USER("ROLE_USER"), ROLE_WEB("ROLE_WEB");
 
     private String role;
 }

From 04219c95ce0270166a597df5a076c7e9e692008b Mon Sep 17 00:00:00 2001
From: WonyuChoi <phillip07290@naver.com>
Date: Wed, 11 Sep 2024 15:49:40 +0900
Subject: [PATCH 2/2] =?UTF-8?q?FLASH-258=20feat:=20WEB=20=EC=97=AD?=
 =?UTF-8?q?=ED=95=A0=EC=9D=80=20GET=20=EB=A9=94=EC=84=9C=EB=93=9C=20?=
 =?UTF-8?q?=EC=9A=94=EC=B2=AD=EB=A7=8C=20=EA=B0=80=EB=8A=A5=ED=95=98?=
 =?UTF-8?q?=EB=8F=84=EB=A1=9D=20=EC=84=A4=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/com/first/flash/global/config/SecurityConfig.java   | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/first/flash/global/config/SecurityConfig.java b/src/main/java/com/first/flash/global/config/SecurityConfig.java
index 56f202f1..b4094433 100644
--- a/src/main/java/com/first/flash/global/config/SecurityConfig.java
+++ b/src/main/java/com/first/flash/global/config/SecurityConfig.java
@@ -8,6 +8,7 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -47,7 +48,9 @@ public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception
                    .authorizeHttpRequests(authorize -> authorize
                        .requestMatchers(AUTH_WHITELIST).permitAll()
                        .requestMatchers("/admin/**").hasRole("ADMIN")
-                       .anyRequest().authenticated()
+                       .requestMatchers(HttpMethod.GET, "/**").hasRole("WEB")
+                       .requestMatchers("/**").hasAnyRole("ADMIN", "USER")
+                       .anyRequest().denyAll()
                    )
                    .addFilterBefore(new JwtAuthFilter(tokenManager, userDetailsService),
                        UsernamePasswordAuthenticationFilter.class)