diff --git a/smarketing-java/common/src/main/java/com/won/smarketing/common/config/SecurityConfig.java b/smarketing-java/common/src/main/java/com/won/smarketing/common/config/SecurityConfig.java
index b5179bb..dcc1f20 100644
--- a/smarketing-java/common/src/main/java/com/won/smarketing/common/config/SecurityConfig.java
+++ b/smarketing-java/common/src/main/java/com/won/smarketing/common/config/SecurityConfig.java
@@ -43,10 +43,13 @@ public class SecurityConfig {
             .cors(cors -> cors.configurationSource(corsConfigurationSource()))
             .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
             .authorizeHttpRequests(auth -> auth
-                    .anyRequest().permitAll()
+                .requestMatchers("/api/auth/**", "/api/member/register", "/api/member/check-duplicate/**",
+                               "/api/member/validate-password", "/swagger-ui/**", "/v3/api-docs/**",
+                               "/swagger-resources/**", "/webjars/**", "/actuator/**", "/health/**", "/error"
+                ).permitAll()
+                .anyRequest().authenticated()
             )
-//            .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
-        ;
+            .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
 
         return http.build();
     }