Add webAppRootKey
enable requests with XCRF headers and use springContext-claims-authorization beans
Copy for java8/dnet45 migration