Well what I did so far was to test a GET and a POST request ... and it actually seemed to work because I took the token from the GET request and set it as a x-csrf-token header in the POST request --> the error message "validation of csrf failed" disappeared.
But when I test it with odata4j ... the error message is still there 