JECT-Study · fivedragon5 · Jan 4, 2026 · Jan 4, 2026 · Jan 4, 2026
diff --git a/src/main/java/org/ject/support/common/security/jwt/JwtAuthenticationFilter.java b/src/main/java/org/ject/support/common/security/jwt/JwtAuthenticationFilter.java
@@ -9,8 +9,6 @@
 import org.ject.support.common.exception.GlobalErrorCode;
 import org.ject.support.common.exception.GlobalException;
 import org.ject.support.common.security.CustomUserDetails;
-import org.ject.support.domain.auth.exception.AuthErrorCode;
-import org.ject.support.domain.auth.exception.AuthException;
 import org.ject.support.domain.member.Role;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -64,9 +62,14 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
                     jwtTokenProvider.resolveVerificationToken(request);
 
             if (verificationToken != null) {
-                if (!jwtTokenProvider.validateToken(verificationToken)) {
-                    // verification token은 실패 시 에러가 맞음
-                    throw new AuthException(AuthErrorCode.INVALID_TOKEN);
+                if (jwtTokenProvider.validateToken(verificationToken)) {
+                    // 토큰이 유효한 경우, 인증 정보를 SecurityContext에 설정
+                    Authentication auth = jwtTokenProvider.getAuthenticationByToken(accessToken);
+                    SecurityContextHolder.getContext().setAuthentication(auth);
+                } else {
+                    clearAuthCookie(response, "Authentication auth = jwtTokenProvider.getAuthenticationByToken(accessToken);\n" +
+                            "                    SecurityContextHolder.getContext().setAuthentication(auth);");
+                    SecurityContextHolder.clearContext();
                 }
 
                 String email = jwtTokenProvider.extractEmailFromVerificationToken(verificationToken);

diff --git a/src/main/java/org/ject/support/common/security/jwt/JwtTokenProvider.java b/src/main/java/org/ject/support/common/security/jwt/JwtTokenProvider.java
@@ -10,6 +10,7 @@
 import jakarta.annotation.PostConstruct;
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import org.ject.support.common.exception.GlobalException;
@@ -205,7 +206,19 @@ public String createVerificationToken(String email) {
                 .signWith(secretKey)
                 .compact();
     }
-
+
+    /**
+     * 인증번호 검증 쿠키 삭제
+     */
+    public void deleteVerificationCookie(HttpServletResponse response) {
+        Cookie cookie = new Cookie("verificationToken", null);
+        cookie.setPath("/");
+        cookie.setHttpOnly(true);
+        cookie.setSecure(true);
+        cookie.setMaxAge(0);
+        response.addCookie(cookie);
+    }
+
     /**
      * 인증번호 검증 토큰에서 이메일 추출
      */

diff --git a/src/main/java/org/ject/support/domain/member/controller/MemberController.java b/src/main/java/org/ject/support/domain/member/controller/MemberController.java
@@ -50,6 +50,9 @@ public boolean registerTempMember(HttpServletRequest request, HttpServletRespons
         Authentication authentication = memberService.registerTempMember(registerRequest, email);
         customSuccessHandler.onAuthenticationSuccess(request, response, authentication);
 
+        // verification 토큰은 더 이상 필요 없으므로 삭제
+        jwtTokenProvider.deleteVerificationCookie(response);
+
         return true;
     }