diff --git a/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/common/entity/SecurityUser.kt b/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/common/entity/SecurityUser.kt
deleted file mode 100644
index 459f0cd..0000000
--- a/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/common/entity/SecurityUser.kt
+++ /dev/null
@@ -1,5 +0,0 @@
-package io.beaniejoy.dongnecafe.common.entity
-
-class SecurityUser(
-
-)
\ No newline at end of file
diff --git a/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/common/security/ApiAuthenticationProvider.kt b/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/common/security/ApiAuthenticationProvider.kt
index cbef10c..1deda11 100644
--- a/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/common/security/ApiAuthenticationProvider.kt
+++ b/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/common/security/ApiAuthenticationProvider.kt
@@ -2,12 +2,17 @@ package io.beaniejoy.dongnecafe.common.security
 
 import mu.KLogging
 import org.springframework.security.authentication.AuthenticationProvider
+import org.springframework.security.authentication.BadCredentialsException
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.Authentication
 import org.springframework.security.core.userdetails.UserDetailsService
 import org.springframework.security.crypto.password.PasswordEncoder
 import org.springframework.stereotype.Component
 
+/**
+ * 실제 인증 절차 수행
+ * @property userDetailsService email로 계정 찾기
+ */
 @Component
 class ApiAuthenticationProvider(
     private val userDetailsService: UserDetailsService,
@@ -22,7 +27,12 @@ class ApiAuthenticationProvider(
         val password = authentication.credentials as String?
 
         val user = userDetailsService.loadUserByUsername(email)
-        TODO("Not yet implemented")
+        if (!passwordEncoder.matches(password, user.password)) {
+            throw BadCredentialsException("Input password does not match stored password")
+        }
+
+        // password null로 반환
+        return UsernamePasswordAuthenticationToken(email, null, user.authorities)
     }
 
     override fun supports(authentication: Class<*>): Boolean {