It would be helpful to have logging to show what logical path CsrfTokenRequestHandler implementations are taking to read from and write tokens to the request.

For example, in resolveCsrfTokenValue it would likely be helpful to know where it found the csrf token (header or parameter). In handle it would be helpful to know the name of the request attribute used to write the token to the request.

Following this pattern, it would additionally be helpful in XorCsrfTokenRequestAttributeHandler to log when the method fails to find a token value and thus returns null. For example if decoding fails:

try {
	actualBytes = Base64.getUrlDecoder().decode(actualToken);
}
catch (Exception ex) {
	return null;
}

It would be nice to log that we are returning null since decoding failed:

try {
	actualBytes = Base64.getUrlDecoder().decode(actualToken);
}
catch (Exception ex) {
+	this.logger.trace("Failed to find CSRF token since Base64 decoding failed", ex);
	return null;
}