I would like to present a user with terms of service after the have authenticated into our system. I have created an AuthenticationProcessingFilter and implemented a onSuccessfulAuthentication method that will redirect the user if they have not agreed to the latest terms of service. My problem is that when the user goes to the terms of service agreement page, they are already authenticated into the system and they can do anything in the site. I want them to be temporarily unauthenticated or unauthorized until the agree to the terms of service. If they don't agree, I will just log them out. Can someone help me in understanding how this can be accomplished?