@Target(value={METHOD,TYPE}) @Retention(value=RUNTIME) @Documented @Inherited public @interface CsrfProtected
A controller annotation to validate a CSRF token value received
in a request whenever the property Csrf.CSRF_PROTECTION
is set to Csrf.CsrfOptions.EXPLICIT. If the
property Csrf.CSRF_PROTECTION is set to
Csrf.CsrfOptions.IMPLICIT, then the use of this
annotation is redundant. MVC implementations are only REQUIRED to enforce CSRF
for POST controllers that consume payloads of type
MediaType.APPLICATION_FORM_URLENCODED_TYPE, but
other HTTP methods and payloads may be optionally supported by the
underlying implementation. If declared at the type level, it applies
to all methods in the type.
CsrfCopyright © 2019 Ivar Grimstad. All rights reserved.