dbuos
commented
5 years ago I'd like to take this one 😁
Closed rwinch closed 5 years ago
dbuos
commented
5 years ago I'd like to take this one 😁
rwinch
commented
5 years ago Thanks @Daniel69 The issue is all yours! If you need any help, please don't hesitate to reach out to me
dbuos
commented
5 years ago Thank @rwinch, I'll start by reading https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.md
dbuos
commented
5 years ago @rwinch I removed the CsrfControllerAdvice and added a dependency to org.thymeleaf.extras:thymeleaf-extras-springsecurity5:3.0.4.RELEASE because 'org.thymeleaf.extras:thymeleaf-extras-springsecurity' alone does not resolve, but two tests fail once I remove the Controller Advice (loginWhenInvalidUsernameThenError and loginAndLogout). When I run the example alone after these changes and attempt to login, the only message that I can see is : 'CSRF Token has been associated to this client', no matter I use 'user' or 'invalid' as username.
rwinch
commented
5 years ago @Daniel69 Sorry for the delay getting back to you. The problem is that we aren't using Spring Boot 2.1.0.RELEASE yet. I created #6082 which will resolve this. Once it is updated to Boot 2.1.0.RELEASE you should be able to remove the version from org.thymeleaf.extras:thymeleaf-extras-springsecurity5 too
rwinch
commented
5 years ago Thanks again for your patience. Now that #6082 has been resolved, you should be able to rebase off of master and remove the version from thymeleaf-extras-springsecurity5.
If you need any help with this, please let me know.
Summary
Thymeleaf provides automatic integration with Spring Security's CSRF support. We should update the webflux-form sample to demonstrate it.
../../../gradlew check