- Turned on CSRF validation by default.
- Application params are now readed before config is defined to be able to use values from params when configuring.
- Added access control for login and logout.