perf: optimize test speed and harden security config

.gitignore

@@ -33,15 +33,9 @@ build/
 
 # docker
 db/
-api/src/main/resources/key/private_key.pem
-api/src/main/resources/key/public_key.pem
-api/src/main/resources/application.yml
-api/*.env
 .env
 .env.*
 !.env.example
-api/src/main/resources/private_key.pem
-api/src/main/resources/public_key.pem
 
 # Claude Code
 .claude/

Dockerfile

@@ -0,0 +1,5 @@
+FROM eclipse-temurin:21-jre-alpine
+
+COPY app/build/libs/*-SNAPSHOT.jar app.jar
+
+ENTRYPOINT ["java", "-jar", "app.jar"]

app/src/main/resources/application.yml

@@ -36,8 +36,8 @@ spring:
 
   data:
     redis:
-      host: localhost
-      port: 6379
+      host: ${REDIS_HOST:localhost}
+      port: ${REDIS_PORT:6379}
       repositories:
         enabled: false
 
@@ -59,7 +59,7 @@ springdoc:
     disable-swagger-default-url: true
     use-root-path: false
     path: /spec/api
-  show-actuator: true
+  show-actuator: false
 
 logging:
   level:
@@ -122,12 +122,40 @@ app:
 
 ---
 
-# 🟡 개발 환경 (추후 필요 시 확장)
+# 🟡 개발 환경
 spring:
   config:
     activate:
       on-profile: dev
 
+  jpa:
+    show-sql: false
+    hibernate:
+      ddl-auto: create
+    properties:
+      hibernate:
+        format_sql: false
+
+  sql:
+    init:
+      mode: never
+
+logging:
+  level:
+    org.springframework.security: INFO
+    org.springframework.web.reactive.function.client: INFO
+
+server:
+  error:
+    include-stacktrace: never
+
+app:
+  jwt:
+    cookie:
+      domain: ${COOKIE_DOMAIN}
+      secure: ${COOKIE_SECURE:true}
+      same-site: ${COOKIE_SAME_SITE:Lax}
+
 ---
 
 # 🔴 운영 환경
@@ -136,14 +164,37 @@ spring:
     activate:
       on-profile: prod
 
+  jpa:
+    show-sql: false
+    hibernate:
+      ddl-auto: validate
+    properties:
+      hibernate:
+        format_sql: false
+
+  sql:
+    init:
+      mode: never
+
+server:
+  error:
+    include-message: never
+    include-binding-errors: never
+    include-stacktrace: never
+    include-exception: false
+
+logging:
+  level:
+    org.springframework.security: WARN
+    org.springframework.web.reactive.function.client: WARN
+
 app:
   jwt:
     cookie:
+      domain: ${COOKIE_DOMAIN}
       secure: true
       same-site: Strict
-      domain: ${PRODUCTION_DOMAIN}
 
 springdoc:
-  # 운영에서는 Swagger 비활성화 권장
   swagger-ui:
     enabled: false

build.gradle

@@ -43,9 +43,9 @@ subprojects {
 				excludeTags 'integration'
 			}
 		}
-		maxParallelForks = Math.max(1, Runtime.runtime.availableProcessors().intdiv(4))
+		maxParallelForks = 1  // single JVM to maximize Spring Context cache reuse
 		forkEvery = 0  // reuse JVM across tests
-		jvmArgs '-XX:+UseParallelGC'
+		jvmArgs '-XX:+UseParallelGC', '-XX:TieredStopAtLevel=1'
 	}
 
 	tasks.register('integrationTest', Test) {

common/src/main/java/com/pfplaybackend/api/common/config/security/SecurityConfig.java

@@ -42,7 +42,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         .requestMatchers("/actuator/health").permitAll()
                         .requestMatchers("/api/v1/admin/**").permitAll()  // Admin API - no auth required (temporary)
                         .requestMatchers("/api/**").authenticated()
-                        .anyRequest().permitAll()
+                        .requestMatchers("/ws/**").permitAll()
+                        .requestMatchers("/spec/**").permitAll()
+                        .anyRequest().denyAll()
                 )
                 .oauth2ResourceServer(oauth2 -> oauth2
                         .bearerTokenResolver(customBearerTokenResolver)