Spring Security
OK
References
http://www.baeldung.com/exception-handling-for-rest-with-spring
https://auth0.com/blog/securing-spring-boot-with-jwts/
https://security.stackexchange.com/questions/91087/cors-csrf-prevention-for-an-rest-based-api
https://jaxenter.com/rest-api-spring-java-8-112289.html
https://github.com/igormukhin/spring-boot-csrf-sample
https://stackoverflow.com/questions/36261781/cannot-get-csrf-protection-in-spring-boot-enabled
https://github.com/andersonkyle/stackoverflow-q40929943
https://stackoverflow.com/questions/40929943/spring-boot-csrf
https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html
https://docs.spring.io/spring-boot/docs/2.0.0.M3/reference/htmlsingle/
https://stackoverflow.com/users/2097397/himalay-majumdar
https://auth0.com/blog/cookies-vs-tokens-definitive-guide/
http://www.svlada.com/jwt-token-authentication-with-spring-boot/
https://stackoverflow.com/questions/35291573/csrf-protection-with-json-web-tokens
https://www.toptal.com/java/rest-security-with-jwt-spring-security-and-java
https://docs.angularjs.org/api/ng/service/$http#cross-site-request-forgery-xsrf-protection
http://www.baeldung.com/learn-spring-security-course
http://www.baeldung.com/rest-with-spring-course
https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet
https://github.com/userfrosting/UserFrosting/issues/517
https://laracasts.com/discuss/channels/general-discussion/cant-use-csrf-with-android-app
https://github.com/tymondesigns/jwt-auth
https://stackoverflow.com/questions/18064010/csrf-in-mobile-applications
https://www.owasp.org/index.php/Testing_for_Cross_site_scripting
https://docs.spring.io/spring-security/site/docs/3.2.0.CI-SNAPSHOT/reference/html/csrf.html
https://en.wikipedia.org/wiki/HTTP\_Strict\_Transport\_Security