@NameBinding @Target(value={METHOD,TYPE}) @Retention(value=RUNTIME) @Documented @Inherited public @interface CsrfValid
A controller annotation to validate a CSRF token value received
in a request whenever the property Csrf.CSRF_PROTECTION
is set to Csrf.CsrfOptions.EXPLICIT
. If the
property Csrf.CSRF_PROTECTION
is set to
Csrf.CsrfOptions.IMPLICIT
, then the use of this
annotation is redundant. MVC implementations are only REQUIRED to enforce CSRF
for POST controllers that consume payloads of type
MediaType.APPLICATION_FORM_URLENCODED_TYPE
, but
other HTTP methods and payloads may be optionally supported by the
underlying implementation.
Even though this annotation is also targeted to TYPE
, it can only be used
to decorate individual controller methods.
Csrf
Copyright © 2015 Oracle Corporation. All rights reserved.