@Target(value={METHOD,TYPE}) @Retention(value=RUNTIME) @Documented @Inherited public @interface CsrfProtected
A controller annotation to validate a CSRF token value received
in a request whenever the property Csrf.CSRF_PROTECTION
is set to Csrf.CsrfOptions.EXPLICIT. If the
property Csrf.CSRF_PROTECTION is set to
Csrf.CsrfOptions.IMPLICIT, then the use of this
annotation is redundant. Jakarta MVC implementations are only REQUIRED to enforce CSRF
for POST controllers that consume payloads of type
MediaType.APPLICATION_FORM_URLENCODED_TYPE, but
other HTTP methods and payloads may be optionally supported by the
underlying implementation. If declared at the type level, it applies
to all methods in the type.
CsrfCopyright © 2017–2020 Eclipse Foundation. All rights reserved.