Hi, My Spring Rest application uses shiro-spring. It configured using Sping Java Config.
I defined an authentication filter and configure only this one filter using ShiroFilterFactoryBean.setFilters() and ShiroFilterFactoryBean.setFilterChainDefinitionMap() using specific url pattern (not using wild pattern match). my application works well. Then I defined another filter for logout by deriving from LogoutFilter, and call "subject.logout()" from the overrided preHandle(). But I found that even if I only add it to ShiroFilterFactoryBean's filters property, it is invoked when I call a API annotated by @RequiresAuthentication and @RequiresRoles and caused my application failed to work. I cannot figure out why this logout filter is invoked. I think a filter is only invoked when the request url matches the url configured for the filter by filterChainDefinitionMap property. Your help is appreciated. Thanks, Guofeng
