Context

Due to the sample aad-resource-server-by-filter disabling the CSRF protection, the github-code-scanning suggests enabling this protection in this PR, and It's good advice.

The sample can not work when upgraded to SCA 6.0.0-beta.3, because the CSRF protection of Spring Security has been enhanced after the 6.0.0-M7, the Angular JS(1.2.25) has a high priority to always set a header with a CSRF token saved in a cookie for each HTTP request, but a new CSRF token value should be taken from the attribute of the request object, which is handled by the CsrfFilter, so we should re-consider the CSRF protection for all the Azure AD samples, and I am not sure the default configurer of SCA also should enable the CSRF protection by default.

Goal

• Update the CSRF protection switch for the Azure AD default configurer(4.x and 6.x) if needed.
• Update the CSRF protection switch for all the samples(4.x and 6.x) which are based on Spring Security Web if needed.