Spring security adapter

I am using Keycloak 7.0.1 and configured it with Kerberos. My application uses spring-security adapter. I have the following configuration

  protected void configure(HttpSecurity http) throws Exception {
    .antMatchers("/js/**", "/css/**", "/vendors/**", "/images/**").permitAll()

In my application I handled the mapping of the login/logout success url in a @Controller class

public class ApplicationController {

  private static final String LOGOUT = "LOGOUT";
  private SecurityService securityService;
  public void showView(HttpServletRequest req, HttpServletResponse resp) throws Exception {
    String currentUserName = securityService.getCurrentUserName();
    System.out.println("userName= " + currentUserName);
    req.getSession().setAttribute("currentUserName", currentUserName);
  public String logout() {
    return LOGOUT;

I am asking whether this is the best practice or is there a way to handle this in the adapter configuration?