onSuccess(..) -> onLogin(..), sessionDestroyed(..) 수정

src/main/java/cokr/xit/base/security/authentication/service/AuthenticationService.java

@@ -23,7 +23,7 @@ public interface AuthenticationService extends UserDetailsService {
 	/**인증 성공 시 실행되는 핸들러 메소드
 	 * @param authentication 인증 정보
 	 */
-	void onSuccess(Authentication authentication);
+	void onLogin(Authentication authentication);
 
 	/**인증 실패 시 실행되는 핸들러 메소드
 	 * @param params 인증 시 사용한 파라미터

src/main/java/cokr/xit/base/security/authentication/service/bean/AuthenticationServiceBean.java

@@ -177,7 +177,7 @@ public class AuthenticationServiceBean extends DaoAuthenticationProvider impleme
 	}
 
 	@Override
-	public void onSuccess(Authentication authentication) {
+	public void onLogin(Authentication authentication) {
 		log().debug("{} authenticated.", authentication.getPrincipal());
 		authenticationBean.onSuccess(authentication);
 	}

src/main/java/cokr/xit/base/security/authentication/web/AuthenticationSuccess.java

@@ -72,7 +72,7 @@ public class AuthenticationSuccess extends SavedRequestAwareAuthenticationSucces
 			user.setInfo("loggedInAt", new Date());
 			remember(user, hreq, hresp);
 		}
-		authenticationService.onSuccess(authentication);
+		authenticationService.onLogin(authentication);
 
 		return new DataObject().set("authenticated", true);
 	}

src/main/java/cokr/xit/base/security/authentication/web/LogoutSuccess.java

@@ -72,11 +72,6 @@ public class LogoutSuccess extends SimpleUrlLogoutSuccessHandler implements Appl
 
 	@Override
 	public void onLogoutSuccess(HttpServletRequest hreq, HttpServletResponse hresp, Authentication authentication) throws IOException, ServletException {
-		authenticationService.onLogout(authentication);
-		HttpSession session = hreq.getSession(false);
-		if (session != null)
-			session.invalidate();
-
 		new Kookie()
 			.set(hreq)
 			.set(hresp)
@@ -88,32 +83,6 @@ public class LogoutSuccess extends SimpleUrlLogoutSuccessHandler implements Appl
 		hresp.sendRedirect(getSuccessUrl(hreq.getContextPath()));
 	}
 
-	/* 쿠키에 저장된 값들을 삭제한다.
-	 * @param hreq 서블릿 요청
-	 * @param hresp 서블릿 응답
-	protected void removeCookies(HttpServletRequest hreq, HttpServletResponse hresp) {
-		Cookie[] cookies = hreq.getCookies();
-		if (cookies == null || cookies.length < 1) return;
-
-		for (Cookie cookie: cookies) {
-			removeCookie(hresp, cookie, "JSESSIONID", "userAccount");
-		}
-	}*/
-
-	/* 지정하는 이름의 쿠키값을 삭제한다.
-	 * @param hresp 서블릿 응답
-	 * @param cookie 쿠키
-	 * @param cookieNames 쿠키값의 이름
-	protected void removeCookie(HttpServletResponse hresp, Cookie cookie, String... cookieNames) {
-		for (String name: cookieNames) {
-			if (!name.equals(cookie.getName())) continue;
-
-			cookie.setMaxAge(0);
-			cookie.setValue("");
-			hresp.addCookie(cookie);
-		}
-	}*/
-
 	@Override
 	public void setApplicationContext(ApplicationContext actx) throws BeansException {
 		if (!(actx instanceof WebApplicationContext)) return;
@@ -128,11 +97,23 @@ public class LogoutSuccess extends SimpleUrlLogoutSuccessHandler implements Appl
 	@Override
 	public void sessionDestroyed(HttpSessionEvent evt) {
 		HttpSession session = evt.getSession();
+		if (isHandled(session)) return;
+
 		SecurityContext sctx = (SecurityContext)session.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
 		if (sctx == null) return;
 
 		Authentication authentication = sctx.getAuthentication();
-		log().debug("Session expired for {}", authentication.getPrincipal());
 		authenticationService.onLogout(authentication);
+		log().debug("Session expired for {}", authentication.getPrincipal());
+	}
+
+	private boolean isHandled(HttpSession session) {
+		Boolean handled = (Boolean)session.getAttribute("evtHandled");
+		if (Boolean.TRUE.equals(handled)) {
+			session.removeAttribute("evtHandled");
+			return true;
+		}
+		session.setAttribute("evtHandled", true);
+		return false;
 	}
 }