These are chat archives for spring-cloud/spring-cloud

Jan 2016
Jan 23 2016 12:01
@dsyer : Hello Dave. I'm getting through the Spring Security and AngularJS tutorial ( And facing a problem in Part 5 (SSO with OAuth2): if I use separate SecurityConfiguration in the UI (like in vanilla or spring-session parts,, then the custom csrfHeaderFilter doesn't get applied (at least I suspect so), the default version of OncePerRequestFilter is applied instead, which seems to be using X-CSRF-TOKEN, rather than X-XSRF-TOKEN. As a result I get following message when logout:
DEBUG 8634 --- [nio-8080-exec-2] Invalid CSRF token found for http://localhost:8080/logout. If I do all configuration in the UiApplication (like here, then I don't get the invalid token message. The question is what is the difference and why this happens? What to do if I want my configuration in a separate class?
Another question wrt part5 is when I logout (the case above without csrf problem) I'm forwarded to '#/', which looks like logged out screen (no logout button, no greeting), but as soon as I refresh the page, I see the screen as I logged in (without logging in). Is it because I'm still logged in on AuthorizationServer or there is something wrong in my code?
Thank you.