@Override public State preResolveAuthentication(Request request, Response response, AuthenticationContext context) throws Throwable { if(!securityConfig.isAuthenticationTokenEnabled()) { return State.CONTINUE; } String token = getToken(request); if(getLogoutToken().equals(token)){ sessionManager.removeAuthentication(request); } context.setAuthenticationToken(token); return State.CONTINUE; }