Ttatta-org · Jinho622 · Dec 19, 2025 · Dec 19, 2025 · gemini-code-assist · Dec 19, 2025
diff --git a/src/main/java/TtattaBackend/ttatta/config/security/JwtAuthenticationFilter.java b/src/main/java/TtattaBackend/ttatta/config/security/JwtAuthenticationFilter.java
@@ -111,7 +111,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
             // 타임리프 페이지 인가 처리
             String accessToken = resolveToken(request);
             jwtUtils.validateToken(accessToken); // 토큰 검증
-            jwtUtils.isTokenBlacklisted(authHeader); // 🚨 블랙리스트 확인
+            jwtUtils.isTokenBlacklisted(accessToken); // 🚨 블랙리스트 확인
         } catch (Exception e) {
             Gson gson = new Gson();
             String json = "";
@@ -163,9 +163,11 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
     private String resolveToken(HttpServletRequest request) {
         // 1) Authorization 헤더: Bearer
         String authHeader = request.getHeader(jwtHeader);
-        if (authHeader != null && authHeader.startsWith("Bearer ")) {
-            checkAuthorizationHeader(authHeader);   // header 가 올바른 형식인지 체크
-            return JwtUtils.getTokenFromHeader(authHeader);
+        if (authHeader != null) {
+            if (authHeader.startsWith("Bearer ")){
+                checkAuthorizationHeader(authHeader);   // header 가 올바른 형식인지 체크
+                return JwtUtils.getTokenFromHeader(authHeader);
+            }
         }
         // 2) 쿠키: ACCESS_TOKEN
         if (request.getCookies() != null) {

diff --git a/src/main/java/TtattaBackend/ttatta/service/UserService/UserCommandServiceImpl.java b/src/main/java/TtattaBackend/ttatta/service/UserService/UserCommandServiceImpl.java
@@ -258,6 +258,7 @@ public IsAvailable verifyUsernameOverlap(String username) {
 
     @Override
     public void logout(String accessToken) {
+        String accessTokenWithoutBearer = accessToken.split(" ")[1];
-        String accessTokenWithoutBearer = accessToken.split(" ")[1];
+        if (accessToken == null || !accessToken.startsWith("Bearer ")) {
+            throw new TtattaBackend.ttatta.jwt.exception.CustomJwtException("올바르지 않은 토큰 형식입니다.");
+        }
+        String accessTokenWithoutBearer = accessToken.substring("Bearer ".length());
-        String accessTokenWithoutBearer = accessToken.split(" ")[1];
+        if (accessToken == null || !accessToken.startsWith("Bearer ")) {
+            throw new TtattaBackend.ttatta.jwt.exception.CustomJwtException("올바르지 않은 토큰 형식입니다.");
+        }
+        String accessTokenWithoutBearer = accessToken.substring("Bearer ".length());
         // 로그아웃시킬 회원의 refresh token redis에서 삭제
         Long userId = SecurityUtil.getCurrentUserId();
         String key = "users:" + userId.toString();
@@ -266,7 +267,7 @@ public void logout(String accessToken) {
         // 로그아웃시킬 회원의 access token redis의 블랙리스트로 저장
         key = "blackList:" + userId.toString();
         long tokenRemainTimeSecond = jwtUtils.tokenRemainTimeSecond(accessToken);
-        redisTemplate.opsForValue().set(key, accessToken, tokenRemainTimeSecond, TimeUnit.SECONDS);
+        redisTemplate.opsForValue().set(key, accessTokenWithoutBearer, tokenRemainTimeSecond, TimeUnit.SECONDS);
 
     }