diff --git a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/csrf/CsrfCookieEnabledIntegrationTest.java b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/csrf/CsrfCookieEnabledIntegrationTest.java
new file mode 100644
index 000000000000..73f83f9b0c94
--- /dev/null
+++ b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/csrf/CsrfCookieEnabledIntegrationTest.java
@@ -0,0 +1,41 @@
+package com.baeldung.security.csrf;
+
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import com.baeldung.security.spring.SecurityWithCsrfCookieConfig;
+import com.baeldung.spring.MvcConfig;
+import org.junit.Test;
+import org.springframework.http.MediaType;
+import org.springframework.test.context.ContextConfiguration;
+
+@ContextConfiguration(classes = { SecurityWithCsrfCookieConfig.class, MvcConfig.class })
+public class CsrfCookieEnabledIntegrationTest extends CsrfAbstractIntegrationTest {
+
+    @Test
+    public void givenNoCsrf_whenAddFoo_thenForbidden() throws Exception {
+        // @formatter:off
+        mvc
+        .perform(post("/auth/foos")
+        .contentType(MediaType.APPLICATION_JSON)
+        .content(createFoo())
+        .with(testUser()))
+        .andExpect(status().isForbidden());
+        // @formatter:on
+    }
+
+    @Test
+    public void givenCsrf_whenAddFoo_thenCreated() throws Exception {
+        // @formatter:off
+        mvc
+        .perform(post("/auth/foos")
+        .contentType(MediaType.APPLICATION_JSON)
+        .content(createFoo())
+        .with(testUser())
+        .with(csrf()))
+        .andExpect(status().isCreated());
+        // @formatter:on
+    }
+
+}
diff --git a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/csrf/CsrfDisabledIntegrationTest.java b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/csrf/CsrfDisabledIntegrationTest.java
index a1c8be9daf1f..6dc01ab2bdbe 100644
--- a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/csrf/CsrfDisabledIntegrationTest.java
+++ b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/csrf/CsrfDisabledIntegrationTest.java
@@ -14,12 +14,25 @@ public class CsrfDisabledIntegrationTest extends CsrfAbstractIntegrationTest {
 
     @Test
     public void givenNotAuth_whenAddFoo_thenUnauthorized() throws Exception {
-        mvc.perform(post("/auth/foos").contentType(MediaType.APPLICATION_JSON).content(createFoo())).andExpect(status().isUnauthorized());
+        // @formatter:off
+        mvc
+        .perform(post("/auth/foos")
+        .contentType(MediaType.APPLICATION_JSON)
+        .content(createFoo()))
+        .andExpect(status().isUnauthorized());
+        // @formatter:on
     }
 
     @Test
     public void givenAuth_whenAddFoo_thenCreated() throws Exception {
-        mvc.perform(post("/auth/foos").contentType(MediaType.APPLICATION_JSON).content(createFoo()).with(testUser())).andExpect(status().isCreated());
+        // @formatter:off
+        mvc
+        .perform(post("/auth/foos")
+        .contentType(MediaType.APPLICATION_JSON)
+        .content(createFoo())
+        .with(testUser()))
+        .andExpect(status().isCreated());
+        // @formatter:on
     }
 
 }
diff --git a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/csrf/CsrfEnabledIntegrationTest.java b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/csrf/CsrfEnabledIntegrationTest.java
index 87e5005e1772..50af9bba6fe0 100644
--- a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/csrf/CsrfEnabledIntegrationTest.java
+++ b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/csrf/CsrfEnabledIntegrationTest.java
@@ -15,12 +15,27 @@ public class CsrfEnabledIntegrationTest extends CsrfAbstractIntegrationTest {
 
     @Test
     public void givenNoCsrf_whenAddFoo_thenForbidden() throws Exception {
-        mvc.perform(post("/auth/foos").contentType(MediaType.APPLICATION_JSON).content(createFoo()).with(testUser())).andExpect(status().isForbidden());
+        // @formatter:off
+        mvc
+        .perform(post("/auth/foos")
+        .contentType(MediaType.APPLICATION_JSON)
+        .content(createFoo())
+        .with(testUser()))
+        .andExpect(status().isForbidden());
+        // @formatter:on
     }
 
     @Test
     public void givenCsrf_whenAddFoo_thenCreated() throws Exception {
-        mvc.perform(post("/auth/foos").contentType(MediaType.APPLICATION_JSON).content(createFoo()).with(testUser()).with(csrf())).andExpect(status().isCreated());
+        // @formatter:off
+        mvc
+        .perform(post("/auth/foos")
+        .contentType(MediaType.APPLICATION_JSON)
+        .content(createFoo())
+        .with(testUser())
+        .with(csrf()))
+        .andExpect(status().isCreated());
+        // @formatter:on
     }
 
 }
diff --git a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfConfig.java b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfConfig.java
index 9b3ac5054672..4ec7a50abc9b 100644
--- a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfConfig.java
+++ b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfConfig.java
@@ -27,7 +27,17 @@ public AuthenticationManager authenticationManagerBean() throws Exception {
 
     @Override
     protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication().withUser("user1").password("user1Pass").authorities("ROLE_USER").and().withUser("admin").password("adminPass").authorities("ROLE_ADMIN");
+        // @formatter:off
+        auth
+        .inMemoryAuthentication()
+        .withUser("user1")
+        .password("user1Pass")
+        .authorities("ROLE_USER")
+        .and()
+        .withUser("admin")
+        .password("adminPass")
+        .authorities("ROLE_ADMIN");
+        // @formatter:on
     }
 
     @Override
@@ -45,8 +55,7 @@ protected void configure(final HttpSecurity http) throws Exception {
         .and()
         .httpBasic()
         .and()
-        .headers().cacheControl().disable()
-        ;
+        .headers().cacheControl().disable();
         // @formatter:on
     }
 
diff --git a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfCookieConfig.java b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfCookieConfig.java
new file mode 100644
index 000000000000..5b5834962941
--- /dev/null
+++ b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfCookieConfig.java
@@ -0,0 +1,67 @@
+package com.baeldung.security.spring;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class SecurityWithCsrfCookieConfig extends WebSecurityConfigurerAdapter {
+
+    public SecurityWithCsrfCookieConfig() {
+        super();
+    }
+
+    @Bean("authenticationManager")
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+            return super.authenticationManagerBean();
+    }
+
+    @Override
+    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+        // @formatter:off
+        auth
+        .inMemoryAuthentication()
+        .withUser("user1")
+        .password("user1Pass")
+        .authorities("ROLE_USER")
+        .and()
+        .withUser("admin")
+        .password("adminPass")
+        .authorities("ROLE_ADMIN");
+        // @formatter:on
+    }
+
+    @Override
+    public void configure(final WebSecurity web) throws Exception {
+        web.ignoring().antMatchers("/resources/**");
+    }
+
+    @Override
+    protected void configure(final HttpSecurity http) throws Exception {
+        // @formatter:off
+        http
+        .authorizeRequests()
+        .antMatchers("/auth/admin/*").hasAnyRole("ROLE_ADMIN")
+        .anyRequest().authenticated()
+        .and()
+        .httpBasic()
+        .and()
+        .headers().cacheControl().disable()
+        // Stateless API CSRF configuration
+        .and()
+        .csrf()
+        .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
+        // @formatter:on
+    }
+
+}
diff --git a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithoutCsrfConfig.java b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithoutCsrfConfig.java
index 4a1263b498f5..bd9ca67ad534 100644
--- a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithoutCsrfConfig.java
+++ b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithoutCsrfConfig.java
@@ -27,7 +27,17 @@ public AuthenticationManager authenticationManagerBean() throws Exception {
 
     @Override
     protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication().withUser("user1").password("user1Pass").authorities("ROLE_USER").and().withUser("admin").password("adminPass").authorities("ROLE_ADMIN");
+        // @formatter:off
+        auth
+        .inMemoryAuthentication()
+        .withUser("user1")
+        .password("user1Pass")
+        .authorities("ROLE_USER")
+        .and()
+        .withUser("admin")
+        .password("adminPass")
+        .authorities("ROLE_ADMIN");
+        // @formatter:on
     }
 
     @Override
@@ -47,8 +57,7 @@ protected void configure(final HttpSecurity http) throws Exception {
         .and()
         .headers().cacheControl().disable()
         .and()
-        .csrf().disable()
-        ;
+        .csrf().disable();
         // @formatter:on
     }