diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/token/TokensStore.java b/backend/src/main/java/ru/micord/ervu/security/esia/token/TokensStore.java
index 9804b80..f202cb3 100644
--- a/backend/src/main/java/ru/micord/ervu/security/esia/token/TokensStore.java
+++ b/backend/src/main/java/ru/micord/ervu/security/esia/token/TokensStore.java
@@ -3,6 +3,8 @@ package ru.micord.ervu.security.esia.token;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
+import org.springframework.security.authentication.CredentialsExpiredException;
+
 /**
  * @author Eduard Tihomirov
  */
@@ -18,7 +20,14 @@ public class TokensStore {
   }
 
   public static String getAccessToken(String prnOid) {
-    return accessTokensMap.get(prnOid).getAccessToken();
+    ExpiringToken token = accessTokensMap.get(prnOid);
+    if (token == null) {
+      throw new CredentialsExpiredException("No access token for prnOid: " + prnOid);
+    }
+    else if (token.isExpired()) {
+      throw new CredentialsExpiredException("Access token expired for prnOid: " + prnOid);
+    }
+    return token.getAccessToken();
   }
 
   public static void removeExpiredAccessToken() {
diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/filter/JwtAuthenticationFilter.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/filter/JwtAuthenticationFilter.java
index c4f60f7..eedbebe 100644
--- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/filter/JwtAuthenticationFilter.java
+++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/filter/JwtAuthenticationFilter.java
@@ -16,6 +16,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.util.matcher.RequestMatcher;
+import ru.micord.ervu.security.esia.token.TokensStore;
 import ru.micord.ervu.security.webbpm.jwt.JwtAuthentication;
 import ru.micord.ervu.security.webbpm.jwt.helper.SecurityHelper;
 import ru.micord.ervu.security.webbpm.jwt.model.Token;
@@ -64,6 +65,7 @@ public class JwtAuthenticationFilter extends AbstractAuthenticationProcessingFil
         if (ids.length != 2) {
           throw new CredentialsExpiredException("Invalid token. User has no ervuId");
         }
+        TokensStore.getAccessToken(token.getUserAccountId());
       }
     }
     catch (CredentialsExpiredException e) {
diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java
index 5478da2..8b8c5d9 100644
--- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java
+++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java
@@ -34,9 +34,6 @@ public class JwtTokenService {
           ResourceMetadataUtils.PROJECT_GROUP_ID + "." + ResourceMetadataUtils.PROJECT_ARTIFACT_ID;
   private final SecretKey SIGNING_KEY;
 
-  @Autowired
-  private HttpServletRequest request;
-
   @Autowired
   public JwtTokenService(@Value("${webbpm.security.token.secret.key:ZjE5ZjMxNmYtODViZC00ZTQ5LWIxZmYtOGEzYzE3Yjc1MDVk}")
                              String secretKey) {
@@ -79,11 +76,6 @@ public class JwtTokenService {
     return new Token(claims.getSubject(), claims.getIssuer(), claims.getExpiration(), token);
   }
 
-  public String getErvuId() {
-    String extractAuthToken = extractAuthToken(request);
-    return getToken(extractAuthToken).getUserAccountId().split(":")[1];
-  }
-
   public String getAccessToken(HttpServletRequest request) {
     return TokensStore.getAccessToken(getUserAccountId(request));
   }