CSRF Login and Spring Security


#1

Hello, all, it’s my first post here and i hope it’s the right cateogory for my question.

I creating my fist ionic application (ionic is awesome) but i have some issues with the login.
The backend is a spring application secured by spring security and it have login method protected by csrf, so i need to send the token during the login submit but it doesn’t work. Seems that i need to send to my backend JSESSIONID too, but when i post my login form it’s not present. I disabled on my tomcat the httpOnly params for Set-Cookies, however seems that the cookie are not saved locally. In my configuration i added

$httpProvider.defaults.withCredentials = true;

but doesn’t work. Cookie is not send and my server respond with 403 error.

I read the post about csrf on ionic blog, howewer i’m not able to making things work. Someone have used ionic application with spring? Can you help me?

Thank in advice (and apologize for my english)

Luca