As LazyCsrfTokenRepository is deprecated, it can now be removed.
Note that a number of components use setAttribute(HttpServletResponse.class.getName(), response) to store the response for later use by LazyCsrfTokenRepository. This ticket should also remove those references.
Comment From: ASDasd341
in place of LazyCsrfTokenRepository you can use CookieCsrfTokenRepository, itprovides a more secure and efficient way to manage CSRF tokens in Spring Security.