The reason this happens is that a multipart/form-data request changes format depending on whether a file is included.

When a file exists, the client sends:

Content-Type: multipart/

form-data; boundary=...

Spring recognizes it as multipart → JWT filter runs normally → authentication succeeds.

When no file is included, many clients (Axios/Fetch) send:

Content-Type: text/plain

or omit the boundary. Spring no longer treats it as multipart, and your JWT authentication filter may not see the Authorization header consistently. This leads to:

401 INVALID_ACCESS_TOKEN

Fix (Frontend) :

Force the request to always stay multipart:

const formData = new

FormData();

formData.append("title",

title);

formData.append("content",

content);

if (!file) {

formData.append("file", new

Blob([]), "");

}

axios.post("/boards",

formData, {

headers: { Authorization:

`Bearer ${token}` }

});

Fix (Backend)

Allow the file part to be optional:

@RequestPart(value = "file",

required = false)

MultipartFile file

The issue isn’t your JWT — it’s that the request format changes when no file is present, causing Spring Security to skip or mis-handle authentication.