There are many ways to do this. I will tell you two that I would consider.
1) Create your own filter that does what I need. The key point here is that if you create a filter, you must also tell Spring Security to put it in the "filter chain", the filter chain your requests go through to make auth * stuff. Check this documentation to find out how to insert filters in the right place in more detail, but it will look something like
<http> <custom-filter before="LOGOUT_FILTER" ref="cleanupFilter" /> </http> <beans:bean id="cleanupFilter" class="com.CleanupFilter"/>
Remember that with LogoutFilter, you still create a custom filter, just like everyone else.
2) If my user logic can be executed not strictly before the user logs out, but a little later, consider using the SecurityContextLogoutHandler (check the docs in section B.1.13), which will give you an intercept point to execute the user logic when users will log out successfully.
<http> <logout success-handler-ref="myLogoutSuccessHandler"/> </http>