From 8c551bfb1f40e3b15c8f208b81b154395dfec3dd Mon Sep 17 00:00:00 2001
From: 2ghrms <aa020228@gmail.com>
Date: Thu, 25 Sep 2025 15:44:59 +0900
Subject: [PATCH] =?UTF-8?q?[FIX/#154]=20JWT=20=EB=B0=8F=20SecurityConfig?=
 =?UTF-8?q?=20=EC=A0=9C=EC=99=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../assu/server/domain/auth/security/jwt/JwtAuthFilter.java  | 5 ++++-
 .../java/com/assu/server/global/config/SecurityConfig.java   | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/assu/server/domain/auth/security/jwt/JwtAuthFilter.java b/src/main/java/com/assu/server/domain/auth/security/jwt/JwtAuthFilter.java
index 0ad4bd40..fd1f9987 100644
--- a/src/main/java/com/assu/server/domain/auth/security/jwt/JwtAuthFilter.java
+++ b/src/main/java/com/assu/server/domain/auth/security/jwt/JwtAuthFilter.java
@@ -48,14 +48,17 @@ public class JwtAuthFilter extends OncePerRequestFilter {
     private static final String[] WHITELIST = {
             "/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html",
             "/swagger-resources/**", "/webjars/**",
-            // Auth (로그아웃 제외)
+            // Auth (로그아웃/탈퇴/리프레시 제외)
             "/auth/phone-verification/send",
             "/auth/phone-verification/verify",
+            "/auth/phone-verification/check",
+            "/auth/email-verification/check",
             "/auth/students/signup",
             "/auth/partners/signup",
             "/auth/admins/signup",
             "/auth/commons/login",
             "/auth/students/login",
+            "/auth/tokens/refresh",
             "/auth/students/ssu-verify"
     };
 
diff --git a/src/main/java/com/assu/server/global/config/SecurityConfig.java b/src/main/java/com/assu/server/global/config/SecurityConfig.java
index a4fceab1..450a6677 100644
--- a/src/main/java/com/assu/server/global/config/SecurityConfig.java
+++ b/src/main/java/com/assu/server/global/config/SecurityConfig.java
@@ -33,11 +33,14 @@ public SecurityFilterChain filterChain(HttpSecurity http, JwtAuthFilter jwtAuthF
                         .requestMatchers(// Auth (로그아웃 제외)
                                 "/auth/phone-verification/send",
                                 "/auth/phone-verification/verify",
+                                "/auth/phone-verification/check",
+                                "/auth/email-verification/check",
                                 "/auth/students/signup",
                                 "/auth/partners/signup",
                                 "/auth/admins/signup",
                                 "/auth/commons/login",
                                 "/auth/students/login",
+                                "/auth/tokens/refresh",
                                 "/auth/students/ssu-verify",
                                 "/map/place"
                         ).permitAll()