Extbase PHP attributes reference 

This page is a quick-reference for all PHP attributes defined and handled by the Extbase framework itself. It covers ORM attributes (used on model properties), validation attributes (used on model properties and action parameters), and controller-level attributes (used on action methods).

It does not cover attributes defined by TYPO3 Core outside of Extbase, or PHP built-in attributes.

On this page

ORM (Object Relational Mapping) attributes (persistence) 

ORM (Object-Relational Mapping) is the mechanism that lets you work with PHP objects instead of raw database rows. Therefor Extbase maps database fields to Object Model properties and back. The attributes described below are used to control this process.

The attributes are declared in the \TYPO3\CMS\Extbase\Attribute\ORM namespace and are placed on model properties.

#[Lazy] 

Target

Model property

Fully qualified namespace

\TYPO3\CMS\Extbase\Attribute\ORM\Lazy

Parameters

none

By default, relations are resolved and processed by loading all related objects together with the parent, which can harm performance and trigger N+1 queries, for example in list views. #[Lazy] tells Extbase to load the related object only when it is actively accessed — by calling its methods or reading its properties.

When applied to a 1:1 relation, the property type must include LazyLoadingProxy so Extbase knows to install the proxy. A typed getter needs an instanceof check only so PHPStan and your IDE can narrow the return type to ?Location:

EXT:my_extension/Classes/Domain/Model/Conference.php 
use TYPO3\CMS\Extbase\Attribute\ORM\Lazy;
use TYPO3\CMS\Extbase\Persistence\Generic\LazyLoadingProxy;

class Conference extends AbstractEntity
{
    #[Lazy]
    protected Location|LazyLoadingProxy|null $location = null;

    public function getLocation(): ?Location
    {
        // the check is only needed to keep phpstan happy. Remove it if not needed.
        if ($this->location instanceof LazyLoadingProxy) {
            $this->location = $this->location->_loadRealInstance();
        }
        return $this->location;
    }
}
Copied!

If you do not need a narrowly typed getter, the check is unnecessary — accessing the proxy in any way triggers resolution automatically.

#[Cascade] 

Target

Model property

Fully qualified namespace

\TYPO3\CMS\Extbase\Attribute\ORM\Cascade

Parameters

string|null $value = null

Controls what happens to related objects when the parent object is deleted. Currently only 'remove' is supported:

EXT:my_extension/Classes/Domain/Model/Conference.php 
use TYPO3\CMS\Extbase\Attribute\ORM\Cascade;
use TYPO3\CMS\Extbase\Attribute\ORM\Lazy;

class Conference extends AbstractEntity
{
    #[Lazy]
    #[Cascade('remove')]
    protected ObjectStorage $comments;
}
Copied!

Without #[Cascade('remove')], deleting the parent object leaves related records in the database as orphans. With it, Extbase deletes the related objects automatically via the repository.

#[Transient] 

Target

Model property

Fully qualified namespace

\TYPO3\CMS\Extbase\Attribute\ORM\Transient

Parameters

none

Excludes a property from persistence entirely. Extbase never reads or writes the corresponding column. Use for computed values or temporary state:

EXT:my_extension/Classes/Domain/Model/Conference.php 
use TYPO3\CMS\Extbase\Attribute\ORM\Transient;

class Conference extends AbstractEntity
{
    #[Transient]
    protected ?string $displayLabel = null;
}
Copied!

Validation attributes 

These attributes are declared in the \TYPO3\CMS\Extbase\Attribute namespace and control validation behaviour on model properties and controller action parameters.

#[Validate] 

Target

Model property, action method parameter

Fully qualified namespace

\TYPO3\CMS\Extbase\Attribute\Validate

Repeatable

yes — apply multiple #[Validate] to one target

Parameters
 
string $validator
The validator class name or short name (for example 'NotEmpty', 'StringLength'). Short names resolve against the built-in validators in \TYPO3\CMS\Extbase\Validation\Validator.
array $options = []
Options passed to the validator constructor. The available options depend on the validator.
EXT:my_extension/Classes/Domain/Model/Conference.php 
use TYPO3\CMS\Extbase\Attribute\Validate;

class Conference extends AbstractEntity
{
    #[Validate(validator: 'NotEmpty')]
    #[Validate(validator: 'StringLength', options: ['minimum' => 3, 'maximum' => 50])]
    protected string $title = '';
}
Copied!

#[IgnoreValidation] 

Target

Action method parameter

Fully qualified namespace

\TYPO3\CMS\Extbase\Attribute\IgnoreValidation

Parameters

none (place directly on the parameter)

Suppresses validation for one action parameter. Useful in multi-step forms where partial state is forwarded between actions:

EXT:my_extension/Classes/Controller/ConferenceController.php 
use TYPO3\CMS\Extbase\Attribute\IgnoreValidation;

class Conference extends AbstractEntity
{
    public function previewAction(
        #[IgnoreValidation]
        Conference $event
    ): ResponseInterface {
        // validation skipped for $event
    }
}
Copied!

Changed in version 14.0

#[IgnoreValidation] must be placed on the parameter, not on the method with an argumentName property. The method-level form was deprecated in TYPO3 v14 (Deprecation #108227).

Controller attributes 

These attributes are declared in the \TYPO3\CMS\Extbase\Attribute namespace and are applied to controller action methods to control access and rate limiting.

#[Authorize] 

Target

Controller action method

Fully qualified namespace

\TYPO3\CMS\Extbase\Attribute\Authorize

New in version 14.0

Declares access requirements for an action method. Extbase checks the requirements before calling the action and redirects or throws an exception if they are not met.

#[RateLimit] 

Target

Controller action method

Fully qualified namespace

\TYPO3\CMS\Extbase\Attribute\RateLimit

New in version 14.0

Limits how often an action may be called within a time window, per visitor. Useful for protecting form submission endpoints against brute-force and spam.