From 06d8a3f25ddc6b27618e679d052d1051aa71d177 Mon Sep 17 00:00:00 2001
From: Mirco Nasuti <mirco.nasuti@chuv.ch>
Date: Mon, 23 May 2016 16:18:27 +0200
Subject: [PATCH] bugfix - same as last commit but this time should work

---
 src/main/java/org/hbp/mip/MIPApplication.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/hbp/mip/MIPApplication.java b/src/main/java/org/hbp/mip/MIPApplication.java
index 25c00d025..5a00a3a7d 100644
--- a/src/main/java/org/hbp/mip/MIPApplication.java
+++ b/src/main/java/org/hbp/mip/MIPApplication.java
@@ -225,8 +225,8 @@ public class MIPApplication extends WebSecurityConfigurerAdapter {
                 .anyRequest().authenticated()
                 .and().exceptionHandling().authenticationEntryPoint(new CustomLoginUrlAuthenticationEntryPoint("/login/hbp"))
                 .and().logout().logoutSuccessUrl("/login/hbp").permitAll()
-                .and().logout().permitAll()
-                .and().csrf().csrfTokenRepository(csrfTokenRepository())
+                .and().logout().logoutUrl("/logout").permitAll()
+                .and().csrf().ignoringAntMatchers("/logout").csrfTokenRepository(csrfTokenRepository())
                 .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
                 .addFilterBefore(hbpFilter, BasicAuthenticationFilter.class);
     }
-- 
GitLab