spring-projects
diff --git a/‎web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRequestAttributeHandler.java
Lines changed: 0 additions & 1 deletion b/‎web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRequestAttributeHandler.java
Lines changed: 0 additions & 1 deletion
diff --git a/‎web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
Lines changed: 0 additions & 246 deletions b/‎web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
Lines changed: 0 additions & 246 deletions
diff --git a/‎web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
Lines changed: 2 additions & 1 deletion b/‎web/src/test/java/org/springframework/security/web/csrf/CsrfAuthenticationStrategyTests.java
Lines changed: 2 additions & 1 deletion
diff --git a/‎web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
Lines changed: 2 additions & 3 deletions b/‎web/src/test/java/org/springframework/security/web/csrf/CsrfFilterTests.java
Lines changed: 2 additions & 3 deletions
@@ -60,7 +60,6 @@ public void handle(HttpServletRequest request, HttpServletResponse response,
 		Assert.notNull(response, "response cannot be null");
 		Assert.notNull(deferredCsrfToken, "deferredCsrfToken cannot be null");
 
-		request.setAttribute(HttpServletResponse.class.getName(), response);
 		CsrfToken csrfToken = new SupplierCsrfToken(deferredCsrfToken);
 		request.setAttribute(CsrfToken.class.getName(), csrfToken);
 		String csrfAttrName = (this.csrfRequestAttributeName != null) ? this.csrfRequestAttributeName
 
@@ -118,9 +118,10 @@ public void logoutRemovesCsrfTokenAndLoadsNewDeferredCsrfToken() {
 	// SEC-2872
 	@Test
 	public void delaySavingCsrf() {
-		this.strategy = new CsrfAuthenticationStrategy(new LazyCsrfTokenRepository(this.csrfTokenRepository));
+		this.strategy = new CsrfAuthenticationStrategy(this.csrfTokenRepository);
 		given(this.csrfTokenRepository.loadToken(this.request)).willReturn(this.existingToken, (CsrfToken) null);
 		given(this.csrfTokenRepository.generateToken(this.request)).willReturn(this.generatedToken);
+		given(this.csrfTokenRepository.loadDeferredToken(any(), any())).willCallRealMethod();
 		this.strategy.onAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"), this.request,
 				this.response);
 		verify(this.csrfTokenRepository).saveToken(null, this.request, this.response);
 
@@ -108,9 +108,10 @@ public void constructorNullRepository() {
 	// SEC-2276
 	@Test
 	public void doFilterDoesNotSaveCsrfTokenUntilAccessed() throws ServletException, IOException {
-		this.filter = createCsrfFilter(new LazyCsrfTokenRepository(this.tokenRepository));
+		this.filter = createCsrfFilter(this.tokenRepository);
 		given(this.requestMatcher.matches(this.request)).willReturn(false);
 		given(this.tokenRepository.generateToken(this.request)).willReturn(this.token);
+		given(this.tokenRepository.loadDeferredToken(any(), any())).willCallRealMethod();
 		this.filter.doFilter(this.request, this.response, this.filterChain);
 		CsrfToken attrToken = (CsrfToken) this.request.getAttribute(this.csrfAttrName);
 		// no CsrfToken should have been saved yet
@@ -278,8 +279,6 @@ public void doFilterIsCsrfRequestGenerateToken() throws ServletException, IOExce
 		assertThatCsrfToken(this.request.getAttribute(this.csrfAttrName)).isNotNull();
 		assertThatCsrfToken(this.request.getAttribute(CsrfToken.class.getName())).isNotNull();
 		assertThat(this.request.getAttribute(DeferredCsrfToken.class.getName())).isSameAs(deferredCsrfToken);
-		// LazyCsrfTokenRepository requires the response as an attribute
-		assertThat(this.request.getAttribute(HttpServletResponse.class.getName())).isEqualTo(this.response);
 		verify(this.filterChain).doFilter(this.request, this.response);
 		verifyNoMoreInteractions(this.deniedHandler);
 	}