Module jakarta.mvc

Annotation Type CsrfProtected


  • @Target({METHOD,TYPE})
    @Retention(RUNTIME)
    @Documented
    @Inherited
    public @interface CsrfProtected

    A controller annotation to validate a CSRF token value received in a request whenever the property Csrf.CSRF_PROTECTION is set to Csrf.CsrfOptions.EXPLICIT. If the property Csrf.CSRF_PROTECTION is set to Csrf.CsrfOptions.IMPLICIT, then the use of this annotation is redundant. Jakarta MVC implementations are only REQUIRED to enforce CSRF for POST controllers that consume payloads of type MediaType.APPLICATION_FORM_URLENCODED_TYPE, but other HTTP methods and payloads may be optionally supported by the underlying implementation. If declared at the type level, it applies to all methods in the type.

    Since:
    1.0
    Author:
    Santiago Pericas-Geertsen, Ivar Grimstad
    See Also:
    Csrf