From bb86bbc6bab7973fce3ee1fa2b096bdced2c0c2f Mon Sep 17 00:00:00 2001
From: David <davsotpon@alum.us.es>
Date: Wed, 24 Mar 2021 21:03:28 +0100
Subject: [PATCH 1/2] Cambio de vista del login

---
 .../configuration/SecurityConfiguration.java  |  15 +-
 .../cheapy/system/LoginController.java        |  32 ++
 .../cheapy/system/WelcomeController.java      |   2 +
 src/main/webapp/WEB-INF/jsp/login.jsp         | 300 ++++++++++++++++++
 src/main/webapp/WEB-INF/tags/menu.tag         |   5 -
 5 files changed, 342 insertions(+), 12 deletions(-)
 create mode 100644 src/main/java/org/springframework/cheapy/system/LoginController.java
 create mode 100644 src/main/webapp/WEB-INF/jsp/login.jsp

diff --git a/src/main/java/org/springframework/cheapy/configuration/SecurityConfiguration.java b/src/main/java/org/springframework/cheapy/configuration/SecurityConfiguration.java
index 2fbdc84ad..677bb736d 100644
--- a/src/main/java/org/springframework/cheapy/configuration/SecurityConfiguration.java
+++ b/src/main/java/org/springframework/cheapy/configuration/SecurityConfiguration.java
@@ -20,9 +20,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
  * and open the template in the editor.
  */
 
-/**
- * @author japarejo
- */
+
 @Configuration
 @EnableWebSecurity
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@@ -37,19 +35,22 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 		http.authorizeRequests().antMatchers("/resources/**", "/webjars/**", "/h2-console/**").permitAll()
 		.antMatchers(HttpMethod.GET, "/", "/oups").permitAll()
 		.antMatchers("/users/new").permitAll()
+		.antMatchers("/login/**").anonymous()
 		.antMatchers("/usuarios/new").permitAll()
 		.antMatchers("/admin/**").hasAnyAuthority("admin")
 		.antMatchers("/owners/**").hasAnyAuthority("owner", "admin")
-		.antMatchers("/vets/**").authenticated().anyRequest().denyAll()
+		.antMatchers("/vets/**").authenticated().anyRequest().anonymous()
 		.and().formLogin()
-			/* .loginPage("/login") */
-			.failureUrl("/login-error").and().logout().logoutSuccessUrl("/");
+			.loginPage("/login")
+			.successForwardUrl("/")
+		    .failureUrl("/login?error")
+		    .and().logout().logoutUrl("/login?logout");
 
 		// Configuración para que funcione la consola de administración
 		// de la BD H2 (deshabilitar las cabeceras de protección contra
 		// ataques de tipo csrf y habilitar los framesets si su contenido
 		// se sirve desde esta misma página.
-		http.csrf().ignoringAntMatchers("/h2-console/**");
+		//http.csrf().ignoringAntMatchers("/h2-console/**");
 		http.headers().frameOptions().sameOrigin();
 	}
 
diff --git a/src/main/java/org/springframework/cheapy/system/LoginController.java b/src/main/java/org/springframework/cheapy/system/LoginController.java
new file mode 100644
index 000000000..e0e0fa7a9
--- /dev/null
+++ b/src/main/java/org/springframework/cheapy/system/LoginController.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2012-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.cheapy.system;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+
+@Controller
+class LoginController {
+
+	@GetMapping("/login")
+	public String login() {
+		return "login";
+	}
+
+	
+	
+}
diff --git a/src/main/java/org/springframework/cheapy/system/WelcomeController.java b/src/main/java/org/springframework/cheapy/system/WelcomeController.java
index 85782e967..1f3b04637 100644
--- a/src/main/java/org/springframework/cheapy/system/WelcomeController.java
+++ b/src/main/java/org/springframework/cheapy/system/WelcomeController.java
@@ -27,4 +27,6 @@ class WelcomeController {
 		return "welcome";
 	}
 
+	
+	
 }
diff --git a/src/main/webapp/WEB-INF/jsp/login.jsp b/src/main/webapp/WEB-INF/jsp/login.jsp
new file mode 100644
index 000000000..bf718d6e4
--- /dev/null
+++ b/src/main/webapp/WEB-INF/jsp/login.jsp
@@ -0,0 +1,300 @@
+<%@ page session="false" trimDirectiveWhitespaces="true" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
+<%@ taglib prefix="cheapy" tagdir="/WEB-INF/tags" %>
+<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
+<link href='https://fonts.googleapis.com/css?family=Lobster' rel='stylesheet'>
+
+<script src="//maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js"></script>
+<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
+<!-- %@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %-->  
+
+<style>
+	
+	
+	body {
+	  font-family: "montserratregular", sans-serif;
+	  height: 100%;
+	}
+	
+	a {
+	  color: #92badd;
+	  display:inline-block;
+	  text-decoration: none;
+	  font-weight: 400;
+	}
+	
+	h2 {
+	  text-align: center;
+	  font-size: 16px;
+	  font-weight: 600;
+	  text-transform: uppercase;
+	  display:inline-block;
+	  margin: 40px 8px 10px 8px; 
+	  color: #cccccc;
+	}
+	
+	
+	
+	/* STRUCTURE */
+	
+	.wrapper {
+	  display: flex;
+	  align-items: center;
+	  flex-direction: column; 
+	  justify-content: center;
+	  width: 100%;
+	  min-height: 100%;
+	  padding: 20px;
+	}
+	
+	#formContent {
+	  -webkit-border-radius: 10px 10px 10px 10px;
+	  border-radius: 10px 10px 10px 10px;
+	  background: #fff;
+	  padding: 30px;
+	  width: 90%;
+	  max-width: 450px;
+	  position: relative;
+	  padding: 0px;
+	  -webkit-box-shadow: 0 30px 60px 0 rgba(0,0,0,0.3);
+	  box-shadow: 0 30px 60px 0 rgba(0,0,0,0.3);
+	  text-align: center;
+	}
+	
+	#formFooter {
+	  background-color: #f6f6f6;
+	  border-top: 1px solid #dce8f1;
+	  padding: 25px;
+	  text-align: center;
+	  -webkit-border-radius: 0 0 10px 10px;
+	  border-radius: 0 0 10px 10px;
+	}
+	
+	
+	
+	/* TABS */
+	
+	h2.inactive {
+	  color: #cccccc;
+	}
+	
+	h2.active {
+	  color: #0d0d0d;
+	  border-bottom: 2px solid #5fbae9;
+	}
+	
+	
+	
+	/* FORM TYPOGRAPHY*/
+	
+	input[type=button], input[type=submit], input[type=reset]  {
+	  background-color: #56baed;
+	  border: none;
+	  color: white;
+	  padding: 15px 80px;
+	  text-align: center;
+	  text-decoration: none;
+	  display: inline-block;
+	  text-transform: uppercase;
+	  font-size: 13px;
+	  -webkit-box-shadow: 0 10px 30px 0 rgba(95,186,233,0.4);
+	  box-shadow: 0 10px 30px 0 rgba(95,186,233,0.4);
+	  -webkit-border-radius: 5px 5px 5px 5px;
+	  border-radius: 5px 5px 5px 5px;
+	  margin: 5px 20px 40px 20px;
+	  -webkit-transition: all 0.3s ease-in-out;
+	  -moz-transition: all 0.3s ease-in-out;
+	  -ms-transition: all 0.3s ease-in-out;
+	  -o-transition: all 0.3s ease-in-out;
+	  transition: all 0.3s ease-in-out;
+	}
+	
+	input[type=button]:hover, input[type=submit]:hover, input[type=reset]:hover  {
+	  background-color: #39ace7;
+	}
+	
+	input[type=button]:active, input[type=submit]:active, input[type=reset]:active  {
+	  -moz-transform: scale(0.95);
+	  -webkit-transform: scale(0.95);
+	  -o-transform: scale(0.95);
+	  -ms-transform: scale(0.95);
+	  transform: scale(0.95);
+	}
+	
+	input[type=text], input[type=password] {
+	  background-color: #f6f6f6;
+	  border: none;
+	  color: #0d0d0d;
+	  padding: 15px 32px;
+	  text-align: center;
+	  text-decoration: none;
+	  display: inline-block;
+	  font-size: 16px;
+	  margin: 5px;
+	  width: 85%;
+	  border: 2px solid #f6f6f6;
+	  -webkit-transition: all 0.5s ease-in-out;
+	  -moz-transition: all 0.5s ease-in-out;
+	  -ms-transition: all 0.5s ease-in-out;
+	  -o-transition: all 0.5s ease-in-out;
+	  transition: all 0.5s ease-in-out;
+	  -webkit-border-radius: 5px 5px 5px 5px;
+	  border-radius: 5px 5px 5px 5px;
+	}
+	
+	input[type=text]:focus {
+	  background-color: #fff;
+	  border-bottom: 2px solid #5fbae9;
+	}
+	
+	input[type=text]:placeholder {
+	  color: #cccccc;
+	}
+	
+	
+	
+	/* ANIMATIONS */
+	
+	/* Simple CSS3 Fade-in-down Animation */
+	.fadeInDown {
+	  -webkit-animation-name: fadeInDown;
+	  animation-name: fadeInDown;
+	  -webkit-animation-duration: 1s;
+	  animation-duration: 1s;
+	  -webkit-animation-fill-mode: both;
+	  animation-fill-mode: both;
+	}
+	
+	@-webkit-keyframes fadeInDown {
+	  0% {
+	    opacity: 0;
+	    -webkit-transform: translate3d(0, -100%, 0);
+	    transform: translate3d(0, -100%, 0);
+	  }
+	  100% {
+	    opacity: 1;
+	    -webkit-transform: none;
+	    transform: none;
+	  }
+	}
+	
+	@keyframes fadeInDown {
+	  0% {
+	    opacity: 0;
+	    -webkit-transform: translate3d(0, -100%, 0);
+	    transform: translate3d(0, -100%, 0);
+	  }
+	  100% {
+	    opacity: 1;
+	    -webkit-transform: none;
+	    transform: none;
+	  }
+	}
+	
+	/* Simple CSS3 Fade-in Animation */
+	@-webkit-keyframes fadeIn { from { opacity:0; } to { opacity:1; } }
+	@-moz-keyframes fadeIn { from { opacity:0; } to { opacity:1; } }
+	@keyframes fadeIn { from { opacity:0; } to { opacity:1; } }
+	
+	.fadeIn {
+	  opacity:0;
+	  -webkit-animation:fadeIn ease-in 1;
+	  -moz-animation:fadeIn ease-in 1;
+	  animation:fadeIn ease-in 1;
+	
+	  -webkit-animation-fill-mode:forwards;
+	  -moz-animation-fill-mode:forwards;
+	  animation-fill-mode:forwards;
+	
+	  -webkit-animation-duration:1s;
+	  -moz-animation-duration:1s;
+	  animation-duration:1s;
+	}
+	
+	.fadeIn.first {
+	  -webkit-animation-delay: 0.4s;
+	  -moz-animation-delay: 0.4s;
+	  animation-delay: 0.4s;
+	}
+	
+	.fadeIn.second {
+	  -webkit-animation-delay: 0.6s;
+	  -moz-animation-delay: 0.6s;
+	  animation-delay: 0.6s;
+	}
+	
+	.fadeIn.third {
+	  -webkit-animation-delay: 0.8s;
+	  -moz-animation-delay: 0.8s;
+	  animation-delay: 0.8s;
+	}
+	
+	.fadeIn.fourth {
+	  -webkit-animation-delay: 1s;
+	  -moz-animation-delay: 1s;
+	  animation-delay: 1s;
+	}
+	
+	/* Simple CSS3 Fade-in Animation */
+	.underlineHover:after {
+	  display: block;
+	  left: 0;
+	  bottom: -10px;
+	  width: 0;
+	  height: 2px;
+	  background-color: #56baed;
+	  content: "";
+	  transition: width 0.2s;
+	}
+	
+	.underlineHover:hover {
+	  color: #0d0d0d;
+	}
+	
+	.underlineHover:hover:after{
+	  width: 100%;
+	}
+	
+	
+	
+	/* OTHERS */
+	
+	*:focus {
+	    outline: none;
+	} 
+	
+	#icon {
+	  width:60%;
+	}
+
+</style>
+
+<cheapy:layout pageName="login">
+  
+	<div class="wrapper fadeInDown">
+	  <div id="formContent">
+	    <!-- Tabs Titles -->
+	
+	    <!-- Icon -->
+	    <div class="fadeIn first">
+	      <img src="/resources/images/Logo Cheapy.png" id="icon" />
+	    </div>
+	
+	    <!-- Login Form -->
+	    <form class='form-signin' action="/login" method='POST'>
+	      <input type="text" id="login" class="fadeIn second" name="login" placeholder="login">
+	      <input type="password" id="password" class="fadeIn third" name="login" placeholder="password">
+	      <sec:csrfInput />  
+		  <input type="submit" class="fadeIn fourth" value="Log In">
+	    </form>
+	
+	    <!-- Remind Passowrd -->
+	    <div id="formFooter">
+	      <a class="underlineHover" href="#">Forgot Password?</a>
+	    </div>
+	
+	  </div>
+	</div>    
+
+</cheapy:layout>
diff --git a/src/main/webapp/WEB-INF/tags/menu.tag b/src/main/webapp/WEB-INF/tags/menu.tag
index 144904a60..d398ef39b 100644
--- a/src/main/webapp/WEB-INF/tags/menu.tag
+++ b/src/main/webapp/WEB-INF/tags/menu.tag
@@ -41,11 +41,6 @@
 				</cheapy:menuItem>
 
 				
-				<cheapy:menuItem active="${name eq 'login'}" url="/login"
-					title="login">
-					<span class="glyphicon glyphicon-th-list" aria-hidden="true"></span>
-					<span>Login</span>
-				</cheapy:menuItem>
 
 			</ul>
 

From fbd5813f863f8b879603c4aabb1bc245b05efbd0 Mon Sep 17 00:00:00 2001
From: David <davsotpon@alum.us.es>
Date: Thu, 25 Mar 2021 20:15:34 +0100
Subject: [PATCH 2/2] Vista de login

---
 pom.xml                                              |  3 +++
 .../cheapy/configuration/SecurityConfiguration.java  |  8 ++++----
 .../cheapy/system/LoginController.java               |  9 ++++++++-
 src/main/webapp/WEB-INF/jsp/login.jsp                | 12 +++++++-----
 .../WEB-INF/jsp/owners/createOrUpdateOwnerForm.jsp   |  3 +--
 src/main/webapp/WEB-INF/jsp/owners/findOwners.jsp    |  3 +--
 src/main/webapp/WEB-INF/jsp/owners/ownerDetails.jsp  |  3 +--
 src/main/webapp/WEB-INF/jsp/owners/ownersList.jsp    |  3 +--
 .../webapp/WEB-INF/jsp/users/createOwnerForm.jsp     |  3 +--
 src/main/webapp/WEB-INF/tags/menu.tag                |  8 ++++----
 src/main/webapp/WEB-INF/tags/menuItem.tag            |  3 +--
 11 files changed, 32 insertions(+), 26 deletions(-)

diff --git a/pom.xml b/pom.xml
index 60be53522..38e0cd40b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -135,7 +135,10 @@
       <artifactId>spring-boot-devtools</artifactId>
       <optional>true</optional>
     </dependency>
+        
   </dependencies>
+  
+  
 
   <build>
     <plugins>
diff --git a/src/main/java/org/springframework/cheapy/configuration/SecurityConfiguration.java b/src/main/java/org/springframework/cheapy/configuration/SecurityConfiguration.java
index 677bb736d..673ad7a35 100644
--- a/src/main/java/org/springframework/cheapy/configuration/SecurityConfiguration.java
+++ b/src/main/java/org/springframework/cheapy/configuration/SecurityConfiguration.java
@@ -36,15 +36,15 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 		.antMatchers(HttpMethod.GET, "/", "/oups").permitAll()
 		.antMatchers("/users/new").permitAll()
 		.antMatchers("/login/**").anonymous()
+		.antMatchers("/logout").permitAll()
 		.antMatchers("/usuarios/new").permitAll()
 		.antMatchers("/admin/**").hasAnyAuthority("admin")
 		.antMatchers("/owners/**").hasAnyAuthority("owner", "admin")
 		.antMatchers("/vets/**").authenticated().anyRequest().anonymous()
 		.and().formLogin()
-			.loginPage("/login")
-			.successForwardUrl("/")
-		    .failureUrl("/login?error")
-		    .and().logout().logoutUrl("/login?logout");
+			.loginPage("/login").permitAll()
+			.failureUrl("/login?error")
+		    .and().logout().logoutSuccessUrl("/login");
 
 		// Configuración para que funcione la consola de administración
 		// de la BD H2 (deshabilitar las cabeceras de protección contra
diff --git a/src/main/java/org/springframework/cheapy/system/LoginController.java b/src/main/java/org/springframework/cheapy/system/LoginController.java
index e0e0fa7a9..e26025570 100644
--- a/src/main/java/org/springframework/cheapy/system/LoginController.java
+++ b/src/main/java/org/springframework/cheapy/system/LoginController.java
@@ -16,6 +16,9 @@
 
 package org.springframework.cheapy.system;
 
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
 
@@ -24,7 +27,11 @@ class LoginController {
 
 	@GetMapping("/login")
 	public String login() {
-		return "login";
+		Authentication authentication= SecurityContextHolder.getContext().getAuthentication();
+		if(authentication==null || authentication instanceof AnonymousAuthenticationToken) {
+			return "login";
+		}
+		return "redirect:/";
 	}
 
 	
diff --git a/src/main/webapp/WEB-INF/jsp/login.jsp b/src/main/webapp/WEB-INF/jsp/login.jsp
index bf718d6e4..796cdceeb 100644
--- a/src/main/webapp/WEB-INF/jsp/login.jsp
+++ b/src/main/webapp/WEB-INF/jsp/login.jsp
@@ -4,9 +4,9 @@
 <%@ taglib prefix="cheapy" tagdir="/WEB-INF/tags" %>
 <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
 <link href='https://fonts.googleapis.com/css?family=Lobster' rel='stylesheet'>
-
 <script src="//maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js"></script>
 <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
+
 <!-- %@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %-->  
 
 <style>
@@ -280,13 +280,15 @@
 	    <div class="fadeIn first">
 	      <img src="/resources/images/Logo Cheapy.png" id="icon" />
 	    </div>
-	
+		<div th:if="${param.error}">
+			<p class="text-danger"> Invalid username or password</p>
+		</div>
 	    <!-- Login Form -->
 	    <form class='form-signin' action="/login" method='POST'>
-	      <input type="text" id="login" class="fadeIn second" name="login" placeholder="login">
-	      <input type="password" id="password" class="fadeIn third" name="login" placeholder="password">
+	      <input type="text" id="username" class="fadeIn second" name="username" placeholder="username" required autofocus>
+	      <input type="password" id="password" class="fadeIn third" name="password" placeholder="password" required>
 	      <sec:csrfInput />  
-		  <input type="submit" class="fadeIn fourth" value="Log In">
+		  <input type="submit" class="fadeIn fourth" value="Login">
 	    </form>
 	
 	    <!-- Remind Passowrd -->
diff --git a/src/main/webapp/WEB-INF/jsp/owners/createOrUpdateOwnerForm.jsp b/src/main/webapp/WEB-INF/jsp/owners/createOrUpdateOwnerForm.jsp
index c88a4c589..970f56781 100644
--- a/src/main/webapp/WEB-INF/jsp/owners/createOrUpdateOwnerForm.jsp
+++ b/src/main/webapp/WEB-INF/jsp/owners/createOrUpdateOwnerForm.jsp
@@ -2,10 +2,9 @@
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
 <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
 <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 <%@ taglib prefix="cheapy" tagdir="/WEB-INF/tags" %>
-
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
 <cheapy:layout pageName="owners">
     <h2>
         <c:if test="${owner['new']}">New </c:if> Owner
diff --git a/src/main/webapp/WEB-INF/jsp/owners/findOwners.jsp b/src/main/webapp/WEB-INF/jsp/owners/findOwners.jsp
index fd57e3541..c68c500ab 100644
--- a/src/main/webapp/WEB-INF/jsp/owners/findOwners.jsp
+++ b/src/main/webapp/WEB-INF/jsp/owners/findOwners.jsp
@@ -2,12 +2,11 @@
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
 <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
 <%@ taglib prefix="cheapy" tagdir="/WEB-INF/tags" %>
 <%@ taglib prefix="sec"
 	uri="http://www.springframework.org/security/tags"%>
 <!--  >%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%-->
-
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
 <cheapy:layout pageName="owners">
 
     <h2>Find Owners</h2>
diff --git a/src/main/webapp/WEB-INF/jsp/owners/ownerDetails.jsp b/src/main/webapp/WEB-INF/jsp/owners/ownerDetails.jsp
index 98011c4d2..26c556611 100644
--- a/src/main/webapp/WEB-INF/jsp/owners/ownerDetails.jsp
+++ b/src/main/webapp/WEB-INF/jsp/owners/ownerDetails.jsp
@@ -1,9 +1,8 @@
 <%@ page session="false" trimDirectiveWhitespaces="true" %>
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
-<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 <%@ taglib prefix="cheapy" tagdir="/WEB-INF/tags" %>
-
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
 <cheapy:layout pageName="owners">
 
     <h2>Owner Information</h2>
diff --git a/src/main/webapp/WEB-INF/jsp/owners/ownersList.jsp b/src/main/webapp/WEB-INF/jsp/owners/ownersList.jsp
index f4ef33da5..78817241e 100644
--- a/src/main/webapp/WEB-INF/jsp/owners/ownersList.jsp
+++ b/src/main/webapp/WEB-INF/jsp/owners/ownersList.jsp
@@ -2,9 +2,8 @@
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
 <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
 <%@ taglib prefix="cheapy" tagdir="/WEB-INF/tags" %>
-
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
 <cheapy:layout pageName="owners">
     <h2>Owners</h2>
 
diff --git a/src/main/webapp/WEB-INF/jsp/users/createOwnerForm.jsp b/src/main/webapp/WEB-INF/jsp/users/createOwnerForm.jsp
index f811bda81..e01e1c527 100644
--- a/src/main/webapp/WEB-INF/jsp/users/createOwnerForm.jsp
+++ b/src/main/webapp/WEB-INF/jsp/users/createOwnerForm.jsp
@@ -2,10 +2,9 @@
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
 <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
 <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 <%@ taglib prefix="cheapy" tagdir="/WEB-INF/tags" %>
-
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
 <cheapy:layout pageName="owners">
     <h2>
         <c:if test="${owner['new']}">New </c:if> Owner
diff --git a/src/main/webapp/WEB-INF/tags/menu.tag b/src/main/webapp/WEB-INF/tags/menu.tag
index d398ef39b..531c5707d 100644
--- a/src/main/webapp/WEB-INF/tags/menu.tag
+++ b/src/main/webapp/WEB-INF/tags/menu.tag
@@ -69,10 +69,10 @@
 											<p class="text-left">
 												<strong><sec:authentication property="name" /></strong>
 											</p>
-											<p class="text-left">
-												<a href="<c:url value="/logout" />"
-													class="btn btn-primary btn-block btn-sm">Logout</a>
-											</p>
+											<form action="/logout" method=post>
+												<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
+												<input type="submit" value="logout">
+											</form>
 										</div>
 									</div>
 								</div>
diff --git a/src/main/webapp/WEB-INF/tags/menuItem.tag b/src/main/webapp/WEB-INF/tags/menuItem.tag
index 8c14dbbc5..8b60498f5 100644
--- a/src/main/webapp/WEB-INF/tags/menuItem.tag
+++ b/src/main/webapp/WEB-INF/tags/menuItem.tag
@@ -1,9 +1,8 @@
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
-<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
-
 <%@ attribute name="active" required="true" rtexprvalue="true" %>
 <%@ attribute name="url" required="true" rtexprvalue="true" %>
 <%@ attribute name="title" required="false" rtexprvalue="true" %>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
 
 <li class="${active ? 'active' : ''}">
     <a href="<spring:url value="${url}" htmlEscape="true" />"