in part III „We are using Groovy because we can“… LOL … :)
in Chapter „Adding Spring Security“ - the last sentence… "So all we need to do is teach the UI server to send credentials with every request.“ - is this correct? isn’t it the client that sends the credentials or do I get that wrong?
On the chapter „Sending a Custom Token from the UI“… it could also be a good idea to mention (if it won’T be anyway a part of a later tutorial…) that the easiest way to get rid of adding the header to each request is to integrate an interceptor as a central place where all requests have to go through (automatically). If you need some doc on that I can provide a part