[Fix] Exclude /metrics endpoint from security logging

Author: chltmdgh522

src/main/java/boombimapi/global/config/SecurityConfig.java

@@ -43,7 +43,7 @@ public class SecurityConfig {
             "/api/oauth2/callback/**",  // 기존 콜백 방식 (테스트용)
             "/api/oauth2/logout",
             "/api/healthcheck", "/api/admin/**",
-            "/actuator/prometheus"
+            "/actuator/prometheus", "/metrics"
     );
 
     @Bean
@@ -75,7 +75,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                         .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html").permitAll()
                         .requestMatchers("/favicon.ico", "/api/region").permitAll()
                         .requestMatchers("/api/reissue").permitAll()
-                        .requestMatchers("/actuator/prometheus").permitAll()
+                        .requestMatchers("/actuator/prometheus","/metrics").permitAll()
                         .anyRequest().authenticated())
                 .sessionManagement((session) -> session
                         .sessionCreationPolicy(SessionCreationPolicy.STATELESS))

src/main/java/boombimapi/global/infra/filter/CustomSecurityLogger.java

@@ -21,10 +21,12 @@ protected void doFilterInternal(HttpServletRequest request,
         String uri = request.getRequestURI();
 
         // prometheus 요청은 제외
-        if (!uri.startsWith("/actuator/prometheus")) {
+// prometheus 요청과 metrics 요청은 제외
+        if (!uri.startsWith("/actuator/prometheus") && !uri.startsWith("/metrics")) {
             log.info("Security Request: {} {}", request.getMethod(), uri);
         }
 
+
         filterChain.doFilter(request, response);
     }
 }