• Home
• jakarta.mvc
• jakarta.mvc-api
• 2.1.0
• source code
• CsrfProtected.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

jakarta.mvc.security.CsrfProtected Maven / Gradle / Ivy

/*
 * Copyright (c) 2014-2015 Oracle and/or its affiliates. All rights reserved.
 * Copyright (c) 2016-2018 JSR 371 expert group and contributors
 * Copyright (c) 2020 Contributors to the Eclipse Foundation
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Public License v. 2.0, which is available at
 * http://www.eclipse.org/legal/epl-2.0.
 *
 * This Source Code may also be made available under the following Secondary
 * Licenses when the conditions for such availability set forth in the
 * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
 * version 2 with the GNU Classpath Exception, which is available at
 * https://www.gnu.org/software/classpath/license.html.
 *
 * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
 */
package jakarta.mvc.security;

import java.lang.annotation.Documented;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;

import static java.lang.annotation.ElementType.METHOD;
import static java.lang.annotation.ElementType.TYPE;
import static java.lang.annotation.RetentionPolicy.RUNTIME;

/**
 * 
A controller annotation to validate a CSRF token value received
 * in a request whenever the property {@link jakarta.mvc.security.Csrf#CSRF_PROTECTION}
 * is set to {@link jakarta.mvc.security.Csrf.CsrfOptions#EXPLICIT}. If the
 * property {@link jakarta.mvc.security.Csrf#CSRF_PROTECTION} is set to
 * {@link jakarta.mvc.security.Csrf.CsrfOptions#IMPLICIT}, then the use of this
 * annotation is redundant. Jakarta MVC implementations are only REQUIRED to enforce CSRF
 * for POST controllers that consume payloads of type
 * {@link jakarta.ws.rs.core.MediaType#APPLICATION_FORM_URLENCODED_TYPE}, but
 * other HTTP methods and payloads may be optionally supported by the
 * underlying implementation. If declared at the type level, it applies 
 * to all methods in the type.
 *
 * @author Santiago Pericas-Geertsen
 * @author Ivar Grimstad
 * @see jakarta.mvc.security.Csrf
 * @since 1.0
 */
@Target({METHOD, TYPE})
@Retention(RUNTIME)
@Documented
@Inherited
public @interface CsrfProtected {
}