Decodeat · kjhh2605 · Sep 24, 2025 · Sep 24, 2025
diff --git a/src/main/java/com/DecodEat/domain/products/controller/ProductController.java b/src/main/java/com/DecodEat/domain/products/controller/ProductController.java
@@ -137,4 +137,10 @@ public ApiResponse<PageResponseDto<ProductSearchResponseDto.ProductPrevDto>> get
         return ApiResponse.onSuccess(productService.getMyLikedProducts(user, pageable));
     }
 
+    @DeleteMapping("/{productId}")
+    @Operation(summary = "상품 삭제", description = "해당 상품과 관련된 모든 데이터가 삭제됩니다.")
+    public ApiResponse<String> deleteProduct( @PathVariable Long productId) {
+        return ApiResponse.onSuccess(productService.deleteProduct(productId));
+    }
+
 }
diff --git a/src/main/java/com/DecodEat/domain/products/service/ProductService.java b/src/main/java/com/DecodEat/domain/products/service/ProductService.java
@@ -454,4 +454,9 @@ public ProductLikeResponseDTO addOrUpdateLike(Long userId, Long productId) {
         }
         return ProductConverter.toProductLikeDTO(productId, isLiked);
     }
+
+    public String deleteProduct(Long productId) {
+        productRepository.deleteById(productId);
+        return productId.toString()+"번 상품이 삭제되었습니다.";
+    }
 }
diff --git a/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java b/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java
@@ -58,8 +58,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 //                .anyRequest().permitAll());
                 .requestMatchers("/img/**", "/css/**", "/js/**", "/favicon.ico", "/error").permitAll()
                 .requestMatchers("/swagger-ui/**","/v3/api-docs/**").permitAll() //누구나 가능
-                .requestMatchers("/api/token", "/api/products/latest","/api/products/search/**","/api/products/recommendation/**").permitAll() //누구나 가능
+                .requestMatchers("/api/token", "/api/products/latest","/api/products/search/**","/api/products/recommendation/**","api/products/").permitAll() //누구나 가능
                 .requestMatchers(new RegexRequestMatcher("^/api/products/\\d+$", "GET")).permitAll()
+                .requestMatchers(new RegexRequestMatcher("^/api/products/\\d+$", "DELETE")).permitAll()
                 .requestMatchers("/api/users/**").hasAnyRole("USER", "ADMIN") // 유저 관련 API는 USER 또는 ADMIN 권한 필요
                 .requestMatchers("/api/admin/**").hasRole("ADMIN") // 어드민 관련 API는 ADMIN 권한만 가능
                 .anyRequest().authenticated()); // 나머지 요청은 인증 필요