As LazyCsrfTokenRepository is deprecated, it can now be removed.

Note that a number of components use setAttribute(HttpServletResponse.class.getName(), response) to store the response for later use by LazyCsrfTokenRepository. This ticket should also remove those references.

Comment From: ASDasd341

in place of LazyCsrfTokenRepository you can use CookieCsrfTokenRepository, itprovides a more secure and efficient way to manage CSRF tokens in Spring Security.