diff --git a/src/main/java/com/xit/core/oauth2/oauth/AuthInterceptor.java b/src/main/java/com/xit/core/oauth2/oauth/AuthInterceptor.java
index 25016dd..2764ed4 100644
--- a/src/main/java/com/xit/core/oauth2/oauth/AuthInterceptor.java
+++ b/src/main/java/com/xit/core/oauth2/oauth/AuthInterceptor.java
@@ -6,6 +6,7 @@ import com.xit.core.constant.ErrorCode;
 import com.xit.core.constant.XitConstants;
 import com.xit.core.exception.CustomBaseException;
 import com.xit.core.exception.TokenAuthException;
+import com.xit.core.oauth2.utils.HeaderUtil;
 import com.xit.core.util.Checks;
 import com.xit.core.util.SpringUtils;
 import lombok.extern.slf4j.Slf4j;
@@ -53,7 +54,7 @@ public class AuthInterceptor implements AsyncHandlerInterceptor {//AsyncHandlerI
 				if(Checks.isNotEmpty(tokenString)){
 					
 					try{
-						tokenString = tokenString.substring(XitConstants.JwtToken.GRANT_TYPE.getCode().length()+1);
+						tokenString = HeaderUtil.extractAccessToken(tokenString);
 						if(SpringUtils.getJwtTokenProvider().validateTokenExcludeExpired(tokenString, false, true)){
 							log.debug("<<==== 토큰인증성공");
 							return true;
diff --git a/src/main/java/com/xit/core/oauth2/utils/HeaderUtil.java b/src/main/java/com/xit/core/oauth2/utils/HeaderUtil.java
index 75bb3bf..6f710ac 100644
--- a/src/main/java/com/xit/core/oauth2/utils/HeaderUtil.java
+++ b/src/main/java/com/xit/core/oauth2/utils/HeaderUtil.java
@@ -3,7 +3,6 @@ package com.xit.core.oauth2.utils;
 import com.xit.core.constant.XitConstants;
 import com.xit.core.constant.ErrorCode;
 import com.xit.core.exception.TokenAuthException;
-//import com.xit.core.oauth2.oauth.token.JwtToken;
 import com.xit.core.oauth2.oauth.JwtTokenProvider;
 import com.xit.core.util.Checks;
 import com.xit.core.util.SpringUtils;
@@ -14,21 +13,26 @@ import javax.servlet.http.HttpServletRequest;
 
 public class HeaderUtil {
 
-    //private static String sAccessToken;
-
     public static String getAccessToken(){
         return getAccessToken(((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest());
     }
 
     public static String getAccessToken(HttpServletRequest request) {
-        String headerValue = request.getHeader(XitConstants.JwtToken.HEADER_NAME.getCode());
+        return extractAccessToken(request.getHeader(XitConstants.JwtToken.HEADER_NAME.getCode()));
+    }
 
-        if (headerValue == null) {
+    /**
+     * get access token
+     * @param tokenStr String
+     * @return String
+     */
+    public static String extractAccessToken(String tokenStr) {
+        if (tokenStr == null) {
             return null;
         }
 
-        if (headerValue.startsWith(XitConstants.JwtToken.GRANT_TYPE.getCode())) {
-            return headerValue.substring(XitConstants.JwtToken.GRANT_TYPE.getCode().length());
+        if (tokenStr.startsWith(XitConstants.JwtToken.GRANT_TYPE.getCode())) {
+            return tokenStr.substring(XitConstants.JwtToken.GRANT_TYPE.getCode().length() + 1);
         }
 
         return null;