From df354ac4b0a012744890bb6fb9dd5af7e29d98db Mon Sep 17 00:00:00 2001
From: lsh9672 <lsh80165@gmail.com>
Date: Fri, 13 Jun 2025 10:29:15 +0900
Subject: [PATCH] =?UTF-8?q?Fix=20:=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../review/infra/config/SecurityConfig.java   | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 review/src/main/java/com/ktds/hi/review/infra/config/SecurityConfig.java

diff --git a/review/src/main/java/com/ktds/hi/review/infra/config/SecurityConfig.java b/review/src/main/java/com/ktds/hi/review/infra/config/SecurityConfig.java
new file mode 100644
index 0000000..92a1a7f
--- /dev/null
+++ b/review/src/main/java/com/ktds/hi/review/infra/config/SecurityConfig.java
@@ -0,0 +1,43 @@
+package com.ktds.hi.review.infra.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+
+/**
+ * Analytics 서비스 보안 설정 클래스
+ * 테스트를 위해 모든 엔드포인트를 인증 없이 접근 가능하도록 설정
+ */
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+	@Bean
+	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+		http
+			.csrf(AbstractHttpConfigurer::disable)
+			.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+			.authorizeHttpRequests(auth -> auth
+				// Swagger 관련 경로 모두 허용
+				.requestMatchers("/swagger-ui.html","/swagger-ui/**", "/swagger-ui.html").permitAll()
+				.requestMatchers("/api-docs/**", "/v3/api-docs/**").permitAll()
+				.requestMatchers("/swagger-resources/**", "/webjars/**").permitAll()
+
+				// Analytics API 모두 허용 (테스트용)
+				.requestMatchers("/api/analytics/**").permitAll()
+				.requestMatchers("/api/action-plans/**").permitAll()
+
+				// Actuator 엔드포인트 허용
+				.requestMatchers("/actuator/**").permitAll()
+
+				// 기타 모든 요청 허용 (테스트용)
+				.anyRequest().permitAll()
+			);
+
+		return http.build();
+	}
+}