This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch docs/struts-720-content-audit
in repository https://gitbox.apache.org/repos/asf/struts-site.git

commit c4667571e03f8c03608e3a2bc043009f80b189be
Author: Lukasz Lenart <[email protected]>
AuthorDate: Sun Jun 14 19:51:15 2026 +0200

    docs: note AuthorizationAwareContentTypeHandler in REST plugin (WW-5626)
    
    Co-Authored-By: Claude Opus 4.8 <[email protected]>
---
 source/plugins/rest/index.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/source/plugins/rest/index.md b/source/plugins/rest/index.md
index 9528404fb..004d21c34 100644
--- a/source/plugins/rest/index.md
+++ b/source/plugins/rest/index.md
@@ -313,6 +313,13 @@ look like this:
 <constant name="struts.rest.handlerOverride.xml" value="myXml"/>
 ```
 
+As of Struts 7.2.0 the built-in content type handlers enforce the
+[`@StrutsParameter`](../../core-developers/struts-parameter-annotation.html)
+annotation per property during deserialization. Custom handlers that need the
+same property-level authorization should implement
+`AuthorizationAwareContentTypeHandler` (which extends `ContentTypeHandler` with
+authorization callbacks) instead of `ContentTypeHandler` directly.
+
 ### Settings
 
 The following settings can be customized. See the [developer 
guide](/core-developers/configuration-files).

Reply via email to