Disallow unauthenticated access to /

[oscararias]

This security configuration:

thymeleafexamples-layouts/src/main/java/thymeleafexamples/layouts/config/SecurityConfig.java

Line 48 in 602052c

.antMatchers("/", "/favicon.ico", "/resources/**", "/signup").permitAll()

In conjunction with this configuration for DefaultServletHandler:

thymeleafexamples-layouts/src/main/java/thymeleafexamples/layouts/config/WebMvcConfig.java

Line 95 in 602052c

configurer.enable();

Causes an error when accessing http://localhost:8080/ if the user is not logged in.

Removing "/" from the list of allowed urls in the security config would be, IMHO, more consistent as it would redirect the user to the login form.