How to secure stateful rest-like backend with spring security. (WTF? Stateful REST? Just because.)
see sk.bsmk.controllers.SecurityIntegrationTest for details
Only resource that is not protected with csrf token. After successful login, csrf-token is returned in headers.
Resource accessible only with correct csrf token. After each request new csrf-token is generated and returned in headers. (see sk.bsmk.security.CsrfTokenGeneratorFilter)
Session is terminated.