From 289da771c9fd6e24ae2ae7ccd7a60b4cf35b6883 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nbaars@xebia.com>
Date: Sun, 10 Apr 2016 14:56:27 +0200
Subject: [PATCH] Login and logout works together with context root

---
 .../src/main/java/org/owasp/webgoat/WebSecurityConfig.java    | 3 ++-
 webgoat-container/src/main/resources/templates/main_new.html  | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java b/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java
index 8ec0fbe01..eab88881c 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java
@@ -24,13 +24,14 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
         security.and()
                 .formLogin()
                 .loginPage("/login")
-                .defaultSuccessUrl("/welcome.mvc")
+                .defaultSuccessUrl("/welcome.mvc", true)
                 .usernameParameter("username")
                 .passwordParameter("password")
                 .permitAll();
         security.and()
                 .logout()
                 .permitAll();
+
     }
 
     @Autowired
diff --git a/webgoat-container/src/main/resources/templates/main_new.html b/webgoat-container/src/main/resources/templates/main_new.html
index ea5b6eadf..ad9585803 100644
--- a/webgoat-container/src/main/resources/templates/main_new.html
+++ b/webgoat-container/src/main/resources/templates/main_new.html
@@ -42,7 +42,7 @@
     <header id="header">
         <!--logo start-->
         <div class="brand">
-            <a href="${pageContext.request.contextPath}/welcome.mvc" class="logo"><span>Web</span>Goat</a>
+            <a th:href="@{/welcome.mvc}" class="logo"><span>Web</span>Goat</a>
         </div>
         <!--logo end-->
         <div class="toggle-navigation toggle-left">
@@ -60,7 +60,7 @@
                     <i class="fa fa-user"></i> <span class="caret"></span>
                 </button>
                 <ul class="dropdown-menu dropdown-menu-left">
-                    <li role="presentation"><a role="menuitem" tabindex="-1" href="/login?logout">Logout</a></li>
+                    <li role="presentation"><a role="menuitem" tabindex="-1" th:href="@{/login(logout)}">Logout</a></li>
                     <li role="presentation" class="divider"></li>
                     <li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">User: <span
                             th:text="${#authentication.name}"></span></a>