[CICD] securityConfig 수정

simhyunmin · simhyunmin · commit 419cdf6885f6 · 2025-11-20T14:19:46.000+09:00
diff --git a/src/main/java/fitfit/domain/token/filter/JwtAuthenticationFilter.java b/src/main/java/fitfit/domain/token/filter/JwtAuthenticationFilter.java
@@ -33,33 +33,30 @@ protected void doFilterInternal(
 
         final String authHeader = request.getHeader("Authorization");
 
-        if (authHeader == null) {
+        if (authHeader == null || !authHeader.startsWith("Bearer ")) {
             filterChain.doFilter(request, response);
             return;
         }
 
-        Long memberId = null;
         try {
-            memberId = jwtProvider.getMemberIdAndValidateToken(authHeader);
+            Long memberId = jwtProvider.getMemberIdAndValidateToken(authHeader);
+            if (SecurityContextHolder.getContext().getAuthentication() == null) {
+                UserDetails userDetails = this.userDetailsService.loadUserByUsername(memberId.toString());
+                UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(
+                        userDetails,
+                        null,
+                        userDetails.getAuthorities()
+                );
+                authToken.setDetails(
+                        new WebAuthenticationDetailsSource().buildDetails(request)
+                );
+                SecurityContextHolder.getContext().setAuthentication(authToken);
+            }
         } catch (Exception e) {
+            // Bearer 토큰이 있지만 유효하지 않은 경우, 컨텍스트를 비워서 인증되지 않은 상태로 만듭니다.
             SecurityContextHolder.clearContext();
         }
 
-        if (memberId != null && SecurityContextHolder.getContext().getAuthentication() == null) {
-            UserDetails userDetails = this.userDetailsService.loadUserByUsername(memberId.toString());
-
-            UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(
-                    userDetails,
-                    null,
-                    userDetails.getAuthorities()
-            );
-            authToken.setDetails(
-                    new WebAuthenticationDetailsSource().buildDetails(request)
-            );
-
-            SecurityContextHolder.getContext().setAuthentication(authToken);
-        }
-
         filterChain.doFilter(request, response);
     }
 }
