I have a custom exit filter called six times. Twice as soon as I try to access the application, twice when I enter the username / password and click "Login", and then twice when I click "Logout".
What am I doing wrong?
Configuration:
<http auto-config="true" use-expressions="true"> <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN_FUNCTIONS')" /> <intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> <form-login login-page="/login" authentication-success-handler-ref="customAuthenticationSuccessHandlerBean" authentication-failure-handler-ref="customAuthenticationFailureHandlerBean" /> <logout invalidate-session="true" success-handler-ref="logoutHandlerBean" /> <session-management session-fixation-protection="migrateSession"> <concurrency-control max-sessions="1" expired-url="/login_sessionexpired" /> </session-management> <custom-filter before="LOGOUT_FILTER" ref="customLogoutFilter" /> </http> <beans:bean id="customLogoutFilter" class="com.hurontg.libms.security.CustomLogoutFilter" />
Filter:
public class CustomLogoutFilter extends OncePerRequestFilter { private XLogger logger = XLoggerFactory .getXLogger(CustomLogoutFilter.class.getName()); @Override protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws ServletException, IOException { logger.error("========================================================================================"); logger.error("$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Custom Logout Filter $$$$$$$$$$$$$$$$$$$$$$$$$$$$$"); logger.error("========================================================================================"); chain.doFilter(req, res); }
}
Spring version: 4.1.1 Spring security: 3.2.5
source share