bugfix

- update ftl path
- delete duplicate security settings

src/main/java/com/rest/api/config/security/CustomAccessDeniedHandler.java

@@ -5,8 +5,6 @@ import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.stereotype.Component;
 
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
@@ -16,9 +14,7 @@ import java.io.IOException;
 public class CustomAccessDeniedHandler implements AccessDeniedHandler {
 
     @Override
-    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException exception) throws IOException,
-            ServletException {
-        RequestDispatcher dispatcher = request.getRequestDispatcher("/exception/accessdenied");
-        dispatcher.forward(request, response);
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException exception) throws IOException {
+        response.sendRedirect("/exception/accessdenied");
     }
 }

src/main/java/com/rest/api/config/security/CustomAuthenticationEntryPoint.java

@@ -18,7 +18,6 @@ public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint
     @Override
     public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException ex) throws IOException,
             ServletException {
-        RequestDispatcher dispatcher = request.getRequestDispatcher("/exception/entrypoint");
-        dispatcher.forward(request, response);
+        response.sendRedirect("/exception/entrypoint");
     }
 }

src/main/java/com/rest/api/config/security/SecurityConfiguration.java

@@ -32,7 +32,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
             .and()
                 .authorizeRequests() // 다음 리퀘스트에 대한 사용권한 체크
                     .antMatchers("/*/signin", "/*/signin/**", "/*/signup", "/*/signup/**", "/social/**").permitAll() // 가입 및 인증 주소는 누구나 접근가능
-                    .antMatchers(HttpMethod.GET, "/helloworld/**","/actuator/health").permitAll() // hellowworld로 시작하는 GET요청 리소스는 누구나 접근가능
+                    .antMatchers(HttpMethod.GET, "/exception/**","/helloworld/**", "/actuator/health").permitAll() // 등록된 GET요청 리소스는 누구나 접근가능
                     .anyRequest().hasRole("USER") // 그외 나머지 요청은 모두 인증된 회원만 접근 가능
             .and()
                 .exceptionHandling().accessDeniedHandler(new CustomAccessDeniedHandler())

src/main/java/com/rest/api/controller/HelloController.java

@@ -5,14 +5,13 @@ import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
 
 @Slf4j
 @Controller
 public class HelloController {
 
-    private static final String HELLO = "helloworld";
+    private static final String HELLO = "helloworld-nice to meet you";
 
     @Setter
     @Getter
@@ -38,7 +37,7 @@ public class HelloController {
 
     @GetMapping(value = "/helloworld/page")
     public String helloworld() {
-        return HELLO;
+        return "helloworld";
     }
 
     @GetMapping("/helloworld/long-process")