diff --git a/src/main/java/com/openisle/config/SecurityConfig.java b/src/main/java/com/openisle/config/SecurityConfig.java
index 18df57da8..44c44fd1b 100644
--- a/src/main/java/com/openisle/config/SecurityConfig.java
+++ b/src/main/java/com/openisle/config/SecurityConfig.java
@@ -82,8 +82,17 @@ public class SecurityConfig {
                         UserDetails userDetails = userDetailsService().loadUserByUsername(username);
                         UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                         org.springframework.security.core.context.SecurityContextHolder.getContext().setAuthentication(authToken);
-                    } catch (Exception ignored) {
+                    } catch (Exception e) {
+                        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                        response.setContentType("application/json");
+                        response.getWriter().write("{\"error\": \"Invalid or expired token\"}");
+                        return;
                     }
+                } else if (!request.getRequestURI().startsWith("/api/auth")) {
+                    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                    response.setContentType("application/json");
+                    response.getWriter().write("{\"error\": \"Missing token\"}");
+                    return;
                 }
                 filterChain.doFilter(request, response);
             }