diff --git a/src/main/java/kr/co/mcmp/config/WebSecurityConfigurer.java b/src/main/java/kr/co/mcmp/config/WebSecurityConfigurer.java
index 2ccd8b2..2a24e19 100644
--- a/src/main/java/kr/co/mcmp/config/WebSecurityConfigurer.java
+++ b/src/main/java/kr/co/mcmp/config/WebSecurityConfigurer.java
@@ -1,27 +1,39 @@
 package kr.co.mcmp.config;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 
 
 @Configuration
 @EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = true)
-public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
+// @EnableGlobalMethodSecurity(prePostEnabled = true)
+public class WebSecurityConfigurer  {
 
 
-	@Override
-    public void configure(WebSecurity webSecurity) throws Exception {
-		webSecurity.ignoring().antMatchers("/resources/**", "/h2-console/**");
-    }
+	// @Override
+    // public void configure(WebSecurity webSecurity) throws Exception {
+	// 	webSecurity.ignoring().antMatchers("/resources/**", "/h2-console/**");
+    // }
 
-	@Override
-	public void configure(HttpSecurity https) throws Exception {
-		https.authorizeRequests().antMatchers("/**").permitAll();
-		https.csrf().disable();
-	}	
+	// @Override
+	// public void configure(HttpSecurity https) throws Exception {
+	// 	https.authorizeRequests().antMatchers("/**").permitAll();
+	// 	https.csrf().disable();
+	// }	
+	@Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+            .headers(headers -> headers
+                .frameOptions().disable()  // X-Frame-Options 비활성화
+            )
+            .cors().and()
+            .csrf().disable()
+            .authorizeHttpRequests(authz -> authz
+                .anyRequest().permitAll()
+            );
+        return http.build();
+    }
 }