I defined an afterLogoutUrl in my SecurityConfig.groovy. This url is to /logout/back; i put a back method in the LogoutController provided by acegi which redirects to the URL of another app (the other app is the "gatekeeper" app in our space). even though I have the rule
/logout/back=IS_AUTHENTICATED_ANONYMOUSLY
in my SecurityConfig, I still see
FilterChainProxy - Converted URL to lowercase, from: '/logout/back'; to: '/logout/back'
FilterChainProxy - Candidate is: '/logout/back'; pattern is /**; matched=true
in the acegi logs. This causes the user to be logged back in. Later I see
DefaultFilterInvocationDefinitionSource - Converted URL to lowercase, from: '/logout/back';
to: '/logout/back'
DefaultFilterInvocationDefinitionSource - Candidate is: '/logout/back'; pattern is /;
matched=false
DefaultFilterInvocationDefinitionSource - Candidate is: '/logout/back'; pattern is
/login/cookie; matched=false
DefaultFilterInvocationDefinitionSource - Candidate is: '/logout/back'; pattern is
/login/auth; matched=false
DefaultFilterInvocationDefinitionSource - Candidate is: '/logout/back'; pattern is
/logout/back; matched=true
AbstractSecurityInterceptor - Secure object: FilterInvocation: URL: /logout/back;
ConfigAttributes: [IS_AUTHENTICATED_ANONYMOUSLY]
so it appears that /logout/back is being hit twice, the first time matching against / and the second matching correctly.
Thanx What am I doing wrong?