Package jakarta.mvc.security
Annotation Type CsrfProtected
-
@Target({METHOD,TYPE}) @Retention(RUNTIME) @Documented @Inherited public @interface CsrfProtected
A controller annotation to validate a CSRF token value received in a request whenever the property
Csrf.CSRF_PROTECTIONis set toCsrf.CsrfOptions.EXPLICIT. If the propertyCsrf.CSRF_PROTECTIONis set toCsrf.CsrfOptions.IMPLICIT, then the use of this annotation is redundant. Jakarta MVC implementations are only REQUIRED to enforce CSRF for POST controllers that consume payloads of typeMediaType.APPLICATION_FORM_URLENCODED_TYPE, but other HTTP methods and payloads may be optionally supported by the underlying implementation. If declared at the type level, it applies to all methods in the type.- Since:
- 1.0
- Author:
- Santiago Pericas-Geertsen, Ivar Grimstad
- See Also:
Csrf