@NameBinding @Target(value={METHOD,TYPE}) @Retention(value=RUNTIME) @Documented @Inherited public @interface CsrfValid
A controller annotation to validate a CSRF token value received
in a request whenever the property Csrf.CSRF_PROTECTION
is set to Csrf.CsrfOptions.EXPLICIT. If the
property Csrf.CSRF_PROTECTION is set to
Csrf.CsrfOptions.IMPLICIT, then the use of this
annotation is redundant. MVC implementations are only REQUIRED to enforce CSRF
for POST controllers that consume payloads of type
MediaType.APPLICATION_FORM_URLENCODED_TYPE, but
other HTTP methods and payloads may be optionally supported by the
underlying implementation.
Even though this annotation is also targeted to TYPE, it can only be used
to decorate individual controller methods.
CsrfCopyright © 2017 Ivar Grimstad. All rights reserved.