KL-184/fix: change authorize endpoint sequence

taco-official · Oct 11, 2024 · 8576de0 · 8576de0
1 parent 34d14f4
commit 8576de0
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/src/main/java/taco/klkl/global/config/security/SecurityConfig.java b/src/main/java/taco/klkl/global/config/security/SecurityConfig.java
@@ -79,12 +79,12 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
 			// request authentication & authorization
 			.authorizeHttpRequests(authorizeRequests ->
 				authorizeRequests
-					.requestMatchers(getPublicEndpoints()).permitAll()
-					.requestMatchers(getBothEndpoints()).permitAll()
-					.requestMatchers(getUserRoleEndpoints()).hasRole(USER.name())
 					.requestMatchers(HttpMethod.POST).hasAnyRole(USER.name(), ADMIN.name())
 					.requestMatchers(HttpMethod.PUT).hasAnyRole(USER.name(), ADMIN.name())
 					.requestMatchers(HttpMethod.DELETE).hasAnyRole(USER.name(), ADMIN.name())
+					.requestMatchers(getUserRoleEndpoints()).hasRole(USER.name())
+					.requestMatchers(getBothEndpoints()).permitAll()
+					.requestMatchers(getPublicEndpoints()).permitAll()
 					.anyRequest().authenticated()
 			)