Fix(security): permitAll 경로에서도 토큰이 있으면 인증 세팅되도록 수정

src/main/java/inu/codin/codin/common/security/filter/JwtAuthenticationFilter.java

@@ -9,6 +9,7 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.util.AntPathMatcher;
+import org.springframework.util.StringUtils;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import java.io.IOException;
@@ -36,10 +37,8 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 
         String requestURI = request.getRequestURI();
 
-        if (permitAllProperties.getUrls().stream().anyMatch(url -> pathMatcher.match(url, requestURI))) {
-            filterChain.doFilter(request, response);
-            return;
-        }
+        final boolean isPermitAll = permitAllProperties.getUrls().stream()
+                .anyMatch(url -> pathMatcher.match(url, requestURI));
 
         String token = null;
         if (Arrays.stream(SWAGGER_AUTH_PATHS).anyMatch(url -> pathMatcher.match(url, requestURI))) {
@@ -49,10 +48,15 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
         }
 
         // Access Token이 있는 경우
-        if (token != null) {
+         if (StringUtils.hasText(token)) {
             jwtService.getUserDetailsAndSetAuthentication(token);
         } else {
             SecurityContextHolder.clearContext();
+
+             if (isPermitAll) {
+                 filterChain.doFilter(request, response);
+                 return;
+             }
         }
 
         filterChain.doFilter(request, response);

src/main/java/inu/codin/codin/common/security/service/JwtService.java

@@ -16,10 +16,10 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.http.server.ServletServerHttpRequest;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Service;
+import org.springframework.util.StringUtils;
 
 /**
  * JWT 토큰 관련 비즈니스 로직을 처리하는 서비스
@@ -192,6 +192,11 @@ public void getUserDetailsAndSetAuthentication(String token) {
 
     public String getAccessToken(HttpServletRequest request) {
         String accessToken = jwtUtils.getAccessToken(request);
+
+        if (!StringUtils.hasText(accessToken)) {
+            return null;
+        }
+
         if (!jwtTokenProvider.validType(accessToken, "access")) {
             log.error("[getAccessToken] Access Token이 아닙니다.");
             throw new JwtException(SecurityErrorCode.INVALID_TYPE, "Access Token이 아닙니다.");

src/main/java/inu/codin/codin/domain/post/domain/hits/entity/HitsEntity.java

@@ -14,13 +14,11 @@
 @NoArgsConstructor(access = AccessLevel.PROTECTED)
 public class HitsEntity {
 
-    @Id @NotBlank
+    @Id
     private ObjectId _id;
 
-    @NotBlank
     private ObjectId userId;
 
-    @NotBlank
     private ObjectId postId;
 
     @Builder

src/main/java/inu/codin/codin/domain/post/service/PostInteractionService.java

@@ -47,8 +47,9 @@ public void deletePostImageInternal(PostEntity post, String imageUrl) {
     }
 
     // [HitsService] - 조회수 증가 처리
+    // 비로그인(null) → 무조건 증가, 로그인 → 중복 아닐 때만 증가
     public void increaseHits(PostEntity post, ObjectId userId) {
-        if (!hitsService.validateHits(post.get_id(), userId)) {
+        if (userId==null || !hitsService.validateHits(post.get_id(), userId)) {
             hitsService.addHits(post.get_id(), userId);
             log.info("조회수 업데이트. PostId: {}, UserId: {}", post.get_id(), userId);
         }