We have just now started a new project with Spring and Hibernate. We should provide them the admin panel and REST API's. I recently implemented Spring security in the project. Since CSRF is enabled by default, when API is hit it asks for CSRF token. Incase I decide to remove the login form and CSRF from spring security, my admin panel will get affected. What do I do in this case? Also I read about cookie based authentication for REST API's but the articles were not clear. Can some one guide me through this?
Here is the code snippet I using for spring security.
"Any fool can write code that a computer can understand. Good programmers write code that humans can understand."
--- Martin Fowler
Cookie based authentication pretty much just works by storing the currently logged-in user in a signed cookie. When the browser sends such a cookie to the server, it says "Hey, I previously logged in as this user, so don't ask me for a password again". To prevent a client from forging the user name, the cookie is signed so it can be verified by the server.