[#42] Feat: /admin/** 으로 들어오는 요청은 ADMIN 만 접근 가능하도록 설정

src/main/java/ssu/eatssu/domain/auth/infrastructure/SecurityConfig.java

@@ -27,6 +27,10 @@ public class SecurityConfig {
             "/inquiries/list"
     };
 
+    private static final String[] ADMIN_PAGE_LIST = {
+            "/admin/**"
+    };
+
     private final JwtTokenProvider jwtTokenProvider;
     private final JwtAccessDeniedHandler jwtAccessDeniedHandler;
     private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
@@ -44,6 +48,7 @@ protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .authorizeHttpRequests(authorize -> authorize
                         .shouldFilterAllDispatcherTypes(false)
                         .requestMatchers(AUTH_WHITELIST).permitAll()
+                        .requestMatchers(ADMIN_PAGE_LIST).hasRole("ADMIN")
                         .anyRequest().authenticated()
                         .and().addFilterBefore(new JwtAuthenticationFilter(jwtTokenProvider),
                                 UsernamePasswordAuthenticationFilter.class))