diff --git a/src/main/java/Minari/cheongForDo/global/auth/JwtAuthenticationFilter.java b/src/main/java/Minari/cheongForDo/global/auth/JwtAuthenticationFilter.java
index f86aef4..d749c59 100644
--- a/src/main/java/Minari/cheongForDo/global/auth/JwtAuthenticationFilter.java
+++ b/src/main/java/Minari/cheongForDo/global/auth/JwtAuthenticationFilter.java
@@ -21,6 +21,12 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
     private final JwtUtils jwtUtils;
     private final ObjectMapper objectMapper;
 
+    @Override
+    protected boolean shouldNotFilter(HttpServletRequest request) {
+        String path = request.getServletPath();
+        return path.equals("/member/login") || path.equals("/member/register");
+    }
+
     @Override
     protected void doFilterInternal(@NonNull HttpServletRequest request, @NonNull HttpServletResponse response, @NonNull FilterChain filterChain) throws ServletException, IOException {
         String token = request.getHeader("Authorization");
diff --git a/src/main/java/Minari/cheongForDo/global/config/SecurityConfig.java b/src/main/java/Minari/cheongForDo/global/config/SecurityConfig.java
index 9f632a2..67348d5 100644
--- a/src/main/java/Minari/cheongForDo/global/config/SecurityConfig.java
+++ b/src/main/java/Minari/cheongForDo/global/config/SecurityConfig.java
@@ -25,37 +25,19 @@ public class SecurityConfig {
 
     private final ObjectMapper OBJECT_MAPPER;
 
-//    @Bean
-//    public SecurityFilterChain filterChain(HttpSecurity http, JwtUtils jwtUtils) throws Exception {
-//        http
-//                .cors ((cors) -> cors.configurationSource(corsConfigurationSource()))
-//                .csrf(AbstractHttpConfigurer::disable)
-//                .formLogin(AbstractHttpConfigurer::disable)
-//                .authorizeHttpRequests(auth -> auth
-//                        .requestMatchers("/member/login", "/member/register", "/news", "").permitAll()
-//                        .requestMatchers("/swagger-ui/**", "/v3/**").permitAll()
-//                        .anyRequest().authenticated()
-//                )
-//                .sessionManagement(session -> session
-//                                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-//                );
-//
-//        http.addFilterBefore(new JwtAuthenticationFilter(jwtUtils, OBJECT_MAPPER), UsernamePasswordAuthenticationFilter.class);
-//        return http.build();
-//    }
-
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http, JwtUtils jwtUtils) throws Exception {
         http
-                .cors((cors) -> cors.configurationSource(corsConfigurationSource()))
+                .cors ((cors) -> cors.configurationSource(corsConfigurationSource()))
                 .csrf(AbstractHttpConfigurer::disable)
                 .formLogin(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(auth -> auth
-                        // 모든 요청에 대해 인증 없이 접근 가능하도록 설정
-                        .anyRequest().permitAll()
+                        .requestMatchers("/member/login", "/member/register", "/news").permitAll()
+                        .requestMatchers("/swagger-ui/**", "/v3/**").permitAll()
+                        .anyRequest().authenticated()
                 )
                 .sessionManagement(session -> session
-                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                 );
 
         http.addFilterBefore(new JwtAuthenticationFilter(jwtUtils, OBJECT_MAPPER), UsernamePasswordAuthenticationFilter.class);
@@ -66,30 +48,11 @@ public SecurityFilterChain filterChain(HttpSecurity http, JwtUtils jwtUtils) thr
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
         configuration.addAllowedOriginPattern("*"); // 허용할 도메인 설정
-        configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "DELETE", "OPTIONS", "HEAD", "PATCH"));
-        configuration.setAllowedHeaders(Arrays.asList(
-                "Content-Type", "Authorization", "X-Requested-With", "Accept"
-        ));
+        configuration.setAllowedMethods(Arrays.asList("*"));
+        configuration.setAllowedHeaders(Arrays.asList("*"));
         configuration.setAllowCredentials(true);
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", configuration);
         return source;
     }
-
-//    @Bean
-//    public CorsConfigurationSource corsConfigurationSource() {
-//        CorsConfiguration configuration = new CorsConfiguration();
-//        configuration.setAllowedOrigins(Arrays.asList(
-//                "https://minari.vercel.app",
-//                "https://new-mirari-web-git-home-joshmoon827s-projects.vercel.app"
-//                "http://localhost:3000/"
-//        ));
-//        configuration.setAllowedMethods(List.of("*"));
-//        configuration.setAllowedHeaders(List.of("*"));
-//        configuration.setAllowCredentials(true); // 쿠키/세션 전송 허용
-//
-//        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-//        source.registerCorsConfiguration("/**", configuration);
-//        return source;
-//    }
 }