[YS-131] refact: WebSecurityConfig 우선순위 수정 및 memberId 삽입 위치 변경

src/main/kotlin/com/dobby/backend/presentation/api/config/WebSecurityConfig.kt

@@ -17,69 +17,64 @@ import org.springframework.web.servlet.HandlerExceptionResolver
 
 @Configuration
 @EnableMethodSecurity
-class WebSecurityConfig(
-) {
+class WebSecurityConfig {
     @Bean
-    @Order(0)
-    fun securityFilterChain(
+    @Order(1)
+    fun authSecurityFilterChain(
         httpSecurity: HttpSecurity,
         jwtTokenProvider: JwtTokenProvider,
-        handlerExceptionResolver: HandlerExceptionResolver,
+        handlerExceptionResolver: HandlerExceptionResolver
     ): SecurityFilterChain = httpSecurity
-        .securityMatcher( "/v1/**")
+        .securityMatcher("/v1/auth/**", "/v1/members/signup", "/v1/emails/**")
         .csrf { it.disable() }
         .cors(Customizer.withDefaults())
         .sessionManagement {
             it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
         }
         .authorizeHttpRequests {
-            it.anyRequest().permitAll() // 모든 요청 허용
-        }
-        .addFilterBefore(
-            JwtAuthenticationFilter(jwtTokenProvider, handlerExceptionResolver),
-            UsernamePasswordAuthenticationFilter::class.java
-        )
-        .exceptionHandling {
-            it.accessDeniedHandler { request, response, exception ->
-                handlerExceptionResolver.resolveException(request, response, null, PermissionDeniedException())
-            }.authenticationEntryPoint { request, response, authException ->
-                handlerExceptionResolver.resolveException(request, response, null, UnauthorizedException())
-            }
+            it.requestMatchers("/v1/auth/**").permitAll()
+            it.requestMatchers("/v1/members/signup", "/v1/emails/**").permitAll()
+            it.anyRequest().authenticated()
         }
         .build()
 
     @Bean
-    @Order(1)
-    fun authSecurityFilterChain(
+    @Order(2)
+    fun securityFilterChain(
         httpSecurity: HttpSecurity,
         jwtTokenProvider: JwtTokenProvider,
-        handlerExceptionResolver: HandlerExceptionResolver
+        handlerExceptionResolver: HandlerExceptionResolver,
     ): SecurityFilterChain = httpSecurity
-        .securityMatcher("/v1/auth/**")
+        .securityMatcher("/v1/**")
         .csrf { it.disable() }
         .cors(Customizer.withDefaults())
         .sessionManagement {
             it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
         }
         .authorizeHttpRequests {
-            println("[DEBUG] authSecurityFilterChain triggered")
-            it.requestMatchers("/v1/auth/**").permitAll()
             it.anyRequest().authenticated()
         }
+        .addFilterBefore(
+            JwtAuthenticationFilter(jwtTokenProvider, handlerExceptionResolver),
+            UsernamePasswordAuthenticationFilter::class.java
+        )
+        .exceptionHandling {
+            it.accessDeniedHandler { request, response, exception ->
+                handlerExceptionResolver.resolveException(request, response, null, PermissionDeniedException())
+            }.authenticationEntryPoint { request, response, authException ->
+                handlerExceptionResolver.resolveException(request, response, null, UnauthorizedException())
+            }
+        }
         .build()
 
     @Bean
-    @Order(2)
+    @Order(3)
     fun swaggerSecurityFilterChain(httpSecurity: HttpSecurity): SecurityFilterChain = httpSecurity
         .securityMatcher("/swagger-ui/**", "/v3/api-docs/**")
         .csrf { it.disable() }
         .cors(Customizer.withDefaults())
         .authorizeHttpRequests {
-            it.requestMatchers(
-                "/swagger-ui/**",
-                "/v3/api-docs/**"
-            ).permitAll()
+            it.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
         }
         .build()
-
 }