This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch docs/struts-720-content-audit in repository https://gitbox.apache.org/repos/asf/struts-site.git
commit c4667571e03f8c03608e3a2bc043009f80b189be Author: Lukasz Lenart <[email protected]> AuthorDate: Sun Jun 14 19:51:15 2026 +0200 docs: note AuthorizationAwareContentTypeHandler in REST plugin (WW-5626) Co-Authored-By: Claude Opus 4.8 <[email protected]> --- source/plugins/rest/index.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/source/plugins/rest/index.md b/source/plugins/rest/index.md index 9528404fb..004d21c34 100644 --- a/source/plugins/rest/index.md +++ b/source/plugins/rest/index.md @@ -313,6 +313,13 @@ look like this: <constant name="struts.rest.handlerOverride.xml" value="myXml"/> ``` +As of Struts 7.2.0 the built-in content type handlers enforce the +[`@StrutsParameter`](../../core-developers/struts-parameter-annotation.html) +annotation per property during deserialization. Custom handlers that need the +same property-level authorization should implement +`AuthorizationAwareContentTypeHandler` (which extends `ContentTypeHandler` with +authorization callbacks) instead of `ContentTypeHandler` directly. + ### Settings The following settings can be customized. See the [developer guide](/core-developers/configuration-files).
