diff --git a/src/main/java/umc/spring/post/controller/PostController.java b/src/main/java/umc/spring/post/controller/PostController.java
index b5332b63af7dae65c623dd604b57e49f14b02489..6a06b5c996e9cc194aab1eaf4852b6f87b0ec448 100644
--- a/src/main/java/umc/spring/post/controller/PostController.java
+++ b/src/main/java/umc/spring/post/controller/PostController.java
@@ -74,7 +74,13 @@ public class PostController {
     @PostMapping("/post/comments")
     @ResponseStatus(HttpStatus.OK)
     public void addComment(@RequestBody CommentDto commentDto){
-        postService.addComment(commentDto);
+        try{
+            postService.addComment(commentDto);
+        }
+        catch(Exception e){
+            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "token not found");
+
+        }
     }
 
     @DeleteMapping("/post/comments")
diff --git a/src/main/java/umc/spring/post/data/dto/CommentDto.java b/src/main/java/umc/spring/post/data/dto/CommentDto.java
index 23567b60bb30a3f338bcc2b20e9a5d0d2e9658c0..3499c67839ae7e8b763d3ca06f19f10d6d3b844c 100644
--- a/src/main/java/umc/spring/post/data/dto/CommentDto.java
+++ b/src/main/java/umc/spring/post/data/dto/CommentDto.java
@@ -6,7 +6,6 @@ import lombok.Data;
 public class CommentDto {
 
     private Long postId;
-    private Long userId;
     private String author;
     private String text;
 
diff --git a/src/main/java/umc/spring/post/service/PostServiceImpl.java b/src/main/java/umc/spring/post/service/PostServiceImpl.java
index 74be361c24b8fc3c93445317f39d333db8f99943..4e8a47f4222685353e602647e1c497deac09cbfe 100644
--- a/src/main/java/umc/spring/post/service/PostServiceImpl.java
+++ b/src/main/java/umc/spring/post/service/PostServiceImpl.java
@@ -2,8 +2,9 @@ package umc.spring.post.service;
 
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Service;
-import umc.spring.post.config.security.SecurityUtil;
+import org.springframework.web.server.ResponseStatusException;
 import umc.spring.post.data.dto.CommentDto;
 import umc.spring.post.data.dto.PostDto;
 import umc.spring.post.data.dto.PostResDto;
@@ -39,9 +40,7 @@ public class PostServiceImpl implements PostService{
 
     @Override
     public void upload(PostDto postDto){
-
         UserInfoDto userInfoDto = getCurrentMemberId();
-
         Post post = new Post();
         setPost(postDto, post);
         post.setAuthor(userInfoDto.getUserName());
@@ -70,7 +69,54 @@ public class PostServiceImpl implements PostService{
         Post post = postRepository.findById(id).orElseThrow(() -> new RuntimeException("id가 존재하지 않습니다."));;
         return PostResDto.toDTO(post);
     }
+    @Override
+    public boolean deletePost(Long id) {
+        // 토큰 받은 유저의 post인지 확인하기..
+        Optional<Post> byId = postRepository.findById(id);
+        if(byId.isPresent()){
+            UserInfoDto userInfoDto;
+            try {
+                userInfoDto = getCurrentMemberId();
+            }
+            catch(Exception e){
+                throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "token not found");
+            }
+            if(Objects.equals(byId.get().getUserId(), userInfoDto.getUserId())){
+                postRepository.deleteById(id);
+                return true;
+            }
+            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Unauthorized: You do not have permission to delete this post.");
+        }
+        else return false;
+    }
 
+    @Override
+    public boolean editPost(PostDto postDto, Long id) {
+        // 토큰 받은 유저의 post인지
+        Optional<Post> byId = postRepository.findById(id);
+
+        if(byId.isPresent()){
+            UserInfoDto userInfoDto;
+            try {
+                userInfoDto = getCurrentMemberId();
+            }
+            catch(Exception e){
+                throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "token not found");
+            }
+            Post post = byId.get();
+            if(Objects.equals(post.getUserId(), userInfoDto.getUserId())){
+                post.setTitle(postDto.getTitle() != null ? postDto.getTitle() : post.getTitle());
+                post.setBody(postDto.getBody() != null ? postDto.getBody() : post.getBody());
+                post.setImage(postDto.getImage() != null ? postDto.getImage() : post.getImage());
+                post.setModifiedTime(new Date());
+                postRepository.save(post);
+                return true;
+            }
+            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Unauthorized: You do not have permission to edit this post.");
+        }
+        else return false;
+
+    }
     @Override
     public void likeCrew(Long id) {
         UserInfoDto userInfoDto = getCurrentMemberId();
@@ -91,28 +137,7 @@ public class PostServiceImpl implements PostService{
         }
     }
 
-    @Override
-    public boolean deletePost(Long id) {
-        if(postRepository.findById(id).isPresent()){
-            postRepository.deleteById(id);
-            return true;
-        }
-        else return false;
-    }
-    
-    @Override
-    public boolean editPost(PostDto postDto, Long id) {
-        Post post = postRepository.findById(id).orElseThrow(() -> new RuntimeException("id가 존재하지 않습니다."));;
-        if(post!=null){
-            post.setTitle(postDto.getTitle() != null ? postDto.getTitle() : post.getTitle());
-            post.setBody(postDto.getBody() != null ? postDto.getBody() : post.getBody());
-            post.setImage(postDto.getImage() != null ? postDto.getImage() : post.getImage());
-            post.setModifiedTime(new Date());
-            postRepository.save(post);
-            return true;
-        }
-        else return false;
-    }
+
 
     @Override
     public List<PostResDto> search(String title) {
@@ -129,7 +154,11 @@ public class PostServiceImpl implements PostService{
 
     @Override
     public void addComment(CommentDto commentDto){
+        // 토큰 받은 유저가 우리 회원인지
+
+        UserInfoDto userInfoDto = getCurrentMemberId();
         Comment comment = setComment(commentDto);
+        comment.setUserId(userInfoDto.getUserId());
         commentRepository.save(comment);
     }
 
@@ -137,34 +166,41 @@ public class PostServiceImpl implements PostService{
     public boolean deleteComment(Long id) {
         Optional<Comment> option = commentRepository.findById(id);
         if(option.isPresent()){
+            UserInfoDto userInfoDto;
+            try {
+                 userInfoDto = getCurrentMemberId();
+            }
+            catch(Exception e){
+                throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "token not found");
+            }
             Comment comment = option.get();
-            Post post = comment.getPost();
-            if(post!=null){
-                post.getComments().removeIf(data ->
-                        data.getId().equals(id)
-                );
-                postRepository.save(post);
+            if(Objects.equals(userInfoDto.getUserId(), comment.getUserId())){
+                Post post = comment.getPost();
+                if(post!=null){
+                    post.getComments().removeIf(data ->
+                            data.getId().equals(id)
+                    );
+                    postRepository.save(post);
+                }
+                return true;
             }
-            return true;
+            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Unauthorized: You do not have permission to delete this comment.");
         }
         else return false;
     }
 
 
     private Comment setComment(CommentDto commentDto) {
+
         Comment comment = new Comment();
         Post post = postRepository.findById(commentDto.getPostId()).orElseThrow(() -> new RuntimeException("id가 존재하지 않습니다."));
-
         post.getComments().add(comment);
-        comment.setPost(post);
-        post.setAuthor(userInfoDto.getUserName());
-
-        comment.setUserId(commentDto.getUserId());
-        comment.setTimestamp(new Date());
-        comment.setText(commentDto.getText());
-        comment.setAuthor(commentDto.getAuthor());
         comment.setPostId(commentDto.getPostId());
+        comment.setAuthor(commentDto.getAuthor());
+        comment.setText(commentDto.getText());
+        comment.setTimestamp(new Date());
         return comment;
+
     }
 
     private static void setPost(PostDto postDto, Post post) {