Allow CsrfProtected on classes

chkal · chkal · commit 3aca552638bd · 2018-09-02T11:22:32.000+02:00
diff --git a/core/src/main/java/org/mvcspec/ozark/security/CsrfValidateInterceptor.java b/core/src/main/java/org/mvcspec/ozark/security/CsrfValidateInterceptor.java
@@ -179,7 +179,8 @@ private boolean needsValidation(Method controller) {
             case IMPLICIT:
                 return true;
             case EXPLICIT:
-                return hasAnnotation(controller, CsrfProtected.class);
+                return hasAnnotation(controller, CsrfProtected.class)
+                        || hasAnnotation(controller.getDeclaringClass(), CsrfProtected.class);
         }
         return false;
     }

Original file line number	Diff line number	Diff line change
`@@ -179,7 +179,8 @@ private boolean needsValidation(Method controller) {`
`179`	`179`	`case IMPLICIT:`
`180`	`180`	`return true;`
`181`	`181`	`case EXPLICIT:`
`182`		`- return hasAnnotation(controller, CsrfProtected.class);`
	`182`	`+ return hasAnnotation(controller, CsrfProtected.class)`
	`183`	`+ \|\| hasAnnotation(controller.getDeclaringClass(), CsrfProtected.class);`
`183`	`184`	`}`
`184`	`185`	`return false;`
`185`	`186`	`}`