From 8576de0268bb8faabdc09568fee6d738abc79ef1 Mon Sep 17 00:00:00 2001
From: ohhamma <judyham10634@naver.com>
Date: Fri, 11 Oct 2024 16:18:08 +0900
Subject: [PATCH] KL-184/fix: change authorize endpoint sequence

---
 .../taco/klkl/global/config/security/SecurityConfig.java    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/taco/klkl/global/config/security/SecurityConfig.java b/src/main/java/taco/klkl/global/config/security/SecurityConfig.java
index 0ec225c8..2b5eddb3 100644
--- a/src/main/java/taco/klkl/global/config/security/SecurityConfig.java
+++ b/src/main/java/taco/klkl/global/config/security/SecurityConfig.java
@@ -79,12 +79,12 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
 			// request authentication & authorization
 			.authorizeHttpRequests(authorizeRequests ->
 				authorizeRequests
-					.requestMatchers(getPublicEndpoints()).permitAll()
-					.requestMatchers(getBothEndpoints()).permitAll()
-					.requestMatchers(getUserRoleEndpoints()).hasRole(USER.name())
 					.requestMatchers(HttpMethod.POST).hasAnyRole(USER.name(), ADMIN.name())
 					.requestMatchers(HttpMethod.PUT).hasAnyRole(USER.name(), ADMIN.name())
 					.requestMatchers(HttpMethod.DELETE).hasAnyRole(USER.name(), ADMIN.name())
+					.requestMatchers(getUserRoleEndpoints()).hasRole(USER.name())
+					.requestMatchers(getBothEndpoints()).permitAll()
+					.requestMatchers(getPublicEndpoints()).permitAll()
 					.anyRequest().authenticated()
 			)