To improve handling of CsrfToken instances generated by a CsrfTokenRepository, consider adding a generic type similar to SessionRepository in spring-session.
For example:
public interface CsrfTokenRepository<T extends CsrfToken> {
T generateToken(HttpServletRequest request);
...
}
Related gh-4001