> Can we inject supertokens as a middleware in our java services instead of having a dedicated service? No. The superotkens core needs to run as a dedicated http service. If your backend is in Java, we only have a Javalin SDK at the moment. > How does the solution take care of CSRF? https://supertokens.io/docs/session/common-customizations/sessions/anti-csrf