Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring security custom filter called multiple times

I have a custom logout filter called six times. Twice as soon I try to access the application, twice when I enter username/password and click on 'Login' and then twice again when I click on 'logout'.

What am I doing wrong?

Configuration:

<http auto-config="true" use-expressions="true">
    <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN_FUNCTIONS')" />      
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />

    <form-login login-page="/login"
        authentication-success-handler-ref="customAuthenticationSuccessHandlerBean"
        authentication-failure-handler-ref="customAuthenticationFailureHandlerBean" />
    <logout invalidate-session="true" success-handler-ref="logoutHandlerBean" />
    <session-management session-fixation-protection="migrateSession">
        <concurrency-control max-sessions="1"
            expired-url="/login_sessionexpired" />
    </session-management>

    <custom-filter before="LOGOUT_FILTER" ref="customLogoutFilter" />
</http>

<beans:bean id="customLogoutFilter" class="com.hurontg.libms.security.CustomLogoutFilter" />

The filter:

public class CustomLogoutFilter extends OncePerRequestFilter {
/**
 * 
 */
private XLogger logger = XLoggerFactory
        .getXLogger(CustomLogoutFilter.class.getName());

@Override
protected void doFilterInternal(HttpServletRequest req,
        HttpServletResponse res, FilterChain chain)
        throws ServletException, IOException {

    logger.error("========================================================================================");
    logger.error("$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Custom Logout Filter $$$$$$$$$$$$$$$$$$$$$$$$$$$$$");
    logger.error("========================================================================================");

    chain.doFilter(req, res);
}

}

Spring version: 4.1.1 Spring security: 3.2.5

like image 756
kmansoor Avatar asked Mar 26 '15 17:03

kmansoor


1 Answers

It is likely being called for other URLs that are being requested. For example, if you have any css, javascript, images that are loaded on the page it will be called for each of those. Try adding a logging statement that displays the current request information to find out if that is the case. For example,

logger.error("URL = " + req.getRequestURL());
like image 195
Rob Winch Avatar answered Oct 02 '22 15:10

Rob Winch