fix: AI 서비스 인증 제거

- SecurityConfig에서 JWT 인증 제거하여 모든 요청 허용 - JwtTokenProvider 및 JwtAuthenticationFilter 의존성 제거 - 프론트엔드에서 토큰 없이 API 호출 가능하도록 수정 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-06 10:16:24 +00:00 · 2025-10-29 11:30:58 +09:00 · 2025-10-29 11:30:58 +09:00 · 90e31451a5
commit 90e31451a5
parent c85845a7ee
1 changed files with 3 additions and 20 deletions
--- a/ai/src/main/java/com/unicorn/hgzero/ai/infra/config/SecurityConfig.java
+++ b/ai/src/main/java/com/unicorn/hgzero/ai/infra/config/SecurityConfig.java
@ -1,8 +1,5 @@
 package com.unicorn.hgzero.ai.infra.config;
 import com.unicorn.hgzero.common.security.JwtTokenProvider;
 import com.unicorn.hgzero.common.security.filter.JwtAuthenticationFilter;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@ -11,7 +8,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@ -20,15 +16,12 @@ import java.util.Arrays;
 /**
 * Spring Security 설정
- * JWT 기반 인증 및 API 보안 설정
+ * CORS 설정 및 API 보안 설정 (인증 없음)
 */
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
 public class SecurityConfig {
    private final JwtTokenProvider jwtTokenProvider;
    @Value("${cors.allowed-origins:http://localhost:3000,http://localhost:8080,http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084}")
    private String allowedOrigins;
@ -39,19 +32,9 @@ public class SecurityConfig {
                .cors(cors -> cors.configurationSource(corsConfigurationSource()))
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authorizeHttpRequests(auth -> auth
-                        // Actuator endpoints
+                        // 모든 요청 허용 (인증 없음)
-                        .requestMatchers("/actuator/**").permitAll()
+                        .anyRequest().permitAll()
                        // Swagger UI endpoints - context path와 상관없이 접근 가능하도록 설정
                        .requestMatchers("/swagger-ui/**", "/swagger-ui.html", "/v3/api-docs/**", "/swagger-resources/**", "/webjars/**").permitAll()
                        // Health check
                        .requestMatchers("/health").permitAll()
                        // TODO: AI 개발 완료 후 제거 - 개발 중 테스트를 위한 SSE 엔드포인트 인증 해제
                        .requestMatchers("/api/suggestions/meetings/*/stream").permitAll()
                        // All other requests require authentication
                        .anyRequest().authenticated()
                )
                .addFilterBefore(new JwtAuthenticationFilter(jwtTokenProvider),
                                UsernamePasswordAuthenticationFilter.class)
                .build();
    }