th-D138 · patulus · Jul 30, 2025 · Jul 30, 2025
diff --git a/src/main/java/kr/ac/kumoh/d138/JobForeigner/global/config/security/SecurityConfig.java b/src/main/java/kr/ac/kumoh/d138/JobForeigner/global/config/security/SecurityConfig.java
@@ -51,10 +51,6 @@ public SecurityFilterChain defaultSecurity(HttpSecurity http) throws Exception {
                 // @PreAuthorized, @PostAuthorized의 경우 메서드 호출 직전에 차단되어 GlobalExceptionHandler에 의해 예외가 처리됩니다.
                 .authorizeHttpRequests(req -> req
                         .requestMatchers("/api/v1/admin/**").hasAnyRole(MemberType.ADMIN.name())
-                        .requestMatchers("/api/v1/members/sign-in").permitAll()
-                        .requestMatchers("/api/v1/members/sign-up/**").permitAll()
-                        .requestMatchers("/api/v1/members/refresh").permitAll()
-                        .requestMatchers("/api/v1/email/**").permitAll()
                         .anyRequest().permitAll())
 
                 .exceptionHandling(ex -> ex

diff --git a/src/main/java/kr/ac/kumoh/d138/JobForeigner/global/exception/ExceptionType.java b/src/main/java/kr/ac/kumoh/d138/JobForeigner/global/exception/ExceptionType.java
@@ -12,7 +12,7 @@ public enum ExceptionType {
     // Common
     UNEXPECTED_SERVER_ERROR(INTERNAL_SERVER_ERROR,"C001","예상치 못한 서버 오류가 발생했습니다."),
     BINDING_ERROR(BAD_REQUEST,"C002","요청 데이터 변환 과정에서 오류가 발생했습니다."),
-    ESSENTIAL_FIELD_MISSING_ERROR(NO_CONTENT , "C003","필수 필드를 누락했습니다."),
+    ESSENTIAL_FIELD_MISSING_ERROR(BAD_REQUEST , "C003","필수 필드를 누락했습니다."),
     INVALID_ENDPOINT(NOT_FOUND, "C004", "잘못된 API URI로 요청했습니다."),
     INVALID_HTTP_METHOD(METHOD_NOT_ALLOWED, "C005","잘못된 HTTP 메서드로 요청했습니다."),
 

diff --git a/src/main/java/kr/ac/kumoh/d138/JobForeigner/global/exception/GlobalExceptionHandler.java b/src/main/java/kr/ac/kumoh/d138/JobForeigner/global/exception/GlobalExceptionHandler.java
@@ -12,6 +12,8 @@
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.web.HttpRequestMethodNotSupportedException;
 import org.springframework.web.bind.MethodArgumentNotValidException;
+import org.springframework.web.bind.MissingRequestCookieException;
+import org.springframework.web.bind.MissingRequestHeaderException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 import org.springframework.web.servlet.resource.NoResourceFoundException;
@@ -38,7 +40,7 @@ public ResponseEntity<ResponseBody<Void>> handleMethodArgumentNotValidException(
 
     @ExceptionHandler(HttpMessageNotReadableException.class)
     public ResponseEntity<ResponseBody<Void>> handleHttpMessageNotReadableException(HttpMessageNotReadableException e) {
-        log.error("HttpMessageNotReadableException : {}", e);
+        log.error("HttpMessageNotReadableException : {}", e.getMessage());
         return ResponseEntity
                 .status(ExceptionType.BINDING_ERROR.getStatus())
                 .body(ResponseUtil.createFailureResponse(ExceptionType.BINDING_ERROR));
@@ -60,7 +62,7 @@ public ResponseEntity<ResponseBody<Void>> handleNotFound(NoResourceFoundExceptio
 
     @ExceptionHandler(AccessDeniedException.class)
     public ResponseEntity<ResponseBody<Void>> handleAccessDeniedException(AccessDeniedException e) {
-        log.error("AccessDeniedException : {}", e);
+        log.error("AccessDeniedException : {}", e.getMessage());
         return ResponseEntity
                 .status(ExceptionType.ACCESS_DENIED.getStatus())
                 .body(ResponseUtil.createFailureResponse(ExceptionType.ACCESS_DENIED));
@@ -73,9 +75,23 @@ public ResponseEntity<ResponseBody<Void>> handleAuthenticationCredentialsNotFoun
                 .body(ResponseUtil.createFailureResponse(ExceptionType.NEED_AUTHORIZED));
     }
 
+    @ExceptionHandler(MissingRequestHeaderException.class)
+    public ResponseEntity<ResponseBody<Void>> handleMissingRequestHeaderException(MissingRequestHeaderException e) {
+        return ResponseEntity
+                .status(ExceptionType.ESSENTIAL_FIELD_MISSING_ERROR.getStatus())
+                .body(ResponseUtil.createFailureResponse(ExceptionType.ESSENTIAL_FIELD_MISSING_ERROR, "필수 HTTP 헤더가 존재하지 않습니다."));
+    }
+
+    @ExceptionHandler(MissingRequestCookieException.class)
+    public ResponseEntity<ResponseBody<Void>> handleMissingRequestCookieException(MissingRequestCookieException e) {
+        return ResponseEntity
+                .status(ExceptionType.ESSENTIAL_FIELD_MISSING_ERROR.getStatus())
+                .body(ResponseUtil.createFailureResponse(ExceptionType.ESSENTIAL_FIELD_MISSING_ERROR, "필수 쿠키가 존재하지 않습니다."));
+    }
+
     @ExceptionHandler(Exception.class)
     public ResponseEntity<ResponseBody<Void>> handleException(Exception e){
-        log.error("unhandle error : {}", e);
+        log.error("Unhandled exception : ", e);
         return ResponseEntity
                 .status(HttpStatus.INTERNAL_SERVER_ERROR)
                 .body(ResponseUtil.createFailureResponse(ExceptionType.UNEXPECTED_SERVER_ERROR));

diff --git a/src/main/java/kr/ac/kumoh/d138/JobForeigner/global/jwt/filter/JwtAuthenticationFilter.java b/src/main/java/kr/ac/kumoh/d138/JobForeigner/global/jwt/filter/JwtAuthenticationFilter.java
@@ -30,7 +30,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
     @Override
     protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
-        String[] excludePath = {"api/v1/members/sign-in", "api/v1/members/sign-up/**", "api/v1/members/refresh", "api/v1/email/**"};
+        String[] excludePath = {"/api/v1/members/sign-in", "/api/v1/members/sign-up/**", "/api/v1/members/refresh", "/api/v1/email/**"};
 
         String authorizationHeader = request.getHeader(HttpHeaders.AUTHORIZATION);
         return authorizationHeader == null

diff --git a/src/main/resources/properties b/src/main/resources/properties