From 04b1913753ee5ac5dfd6c6afceec7d19d5b71ba0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?dhji=28=EC=A7=80=EB=8C=80=ED=95=9C=29?= <dhji@palnet.co.kr>
Date: Fri, 16 Feb 2024 14:03:07 +0900
Subject: [PATCH] =?UTF-8?q?fix:=20open=ED=95=B4=EB=91=94=20uri=EC=A4=91=20?=
 =?UTF-8?q?GET=20method=EB=A7=8C=20=EC=A0=81=EC=9A=A9=EC=9D=B4=20=EB=90=98?=
 =?UTF-8?q?=EB=8A=94=20=ED=98=84=EC=83=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../kr/co/palnet/kac/app/core/security/AppSecurityConfig.java  | 1 +
 .../java/kr/co/palnet/kac/config/security/SecurityConfig.java  | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/kac-app/src/main/java/kr/co/palnet/kac/app/core/security/AppSecurityConfig.java b/app/kac-app/src/main/java/kr/co/palnet/kac/app/core/security/AppSecurityConfig.java
index 8b62e3c..48e8893 100644
--- a/app/kac-app/src/main/java/kr/co/palnet/kac/app/core/security/AppSecurityConfig.java
+++ b/app/kac-app/src/main/java/kr/co/palnet/kac/app/core/security/AppSecurityConfig.java
@@ -8,6 +8,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.DependsOn;
+import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
diff --git a/web/security/src/main/java/kr/co/palnet/kac/config/security/SecurityConfig.java b/web/security/src/main/java/kr/co/palnet/kac/config/security/SecurityConfig.java
index fbbf0fc..2d08f82 100644
--- a/web/security/src/main/java/kr/co/palnet/kac/config/security/SecurityConfig.java
+++ b/web/security/src/main/java/kr/co/palnet/kac/config/security/SecurityConfig.java
@@ -108,11 +108,12 @@ public abstract class SecurityConfig {
         }
 
         http
+                .csrf(AbstractHttpConfigurer::disable)
+                .sessionManagement(AbstractHttpConfigurer::disable)
                 .securityMatchers(matchers -> matchers.requestMatchers(ignoreURI))
                 .authorizeHttpRequests(authz -> authz.anyRequest().permitAll())
                 .requestCache(RequestCacheConfigurer::disable)
                 .securityContext(AbstractHttpConfigurer::disable)
-                .sessionManagement(AbstractHttpConfigurer::disable)
         ;
         return http.build();
     }