Class

play.api.libs.crypto

DefaultCSRFTokenSigner

Related Doc: package crypto

Permalink

class DefaultCSRFTokenSigner extends CSRFTokenSigner

This class is used for generating random tokens for CSRF.

Source
CSRFTokenSigner.scala
Linear Supertypes
CSRFTokenSigner, AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. DefaultCSRFTokenSigner
  2. CSRFTokenSigner
  3. AnyRef
  4. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Instance Constructors

  1. new DefaultCSRFTokenSigner(signer: CookieSigner, clock: Clock)

    Permalink
    Annotations
    @Inject()

Value Members

  1. final def !=(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int

    Permalink
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0

    Permalink
    Definition Classes
    Any
  5. def clone(): AnyRef

    Permalink
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  6. def compareSignedTokens(tokenA: String, tokenB: String): Boolean

    Permalink

    Compare two signed tokens

    Compare two signed tokens

    Definition Classes
    DefaultCSRFTokenSignerCSRFTokenSigner
  7. final def eq(arg0: AnyRef): Boolean

    Permalink
    Definition Classes
    AnyRef
  8. def equals(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any
  9. def extractSignedToken(token: String): Option[String]

    Permalink

    Extract a signed token that was signed by CSRFTokenSigner.signToken.

    Extract a signed token that was signed by CSRFTokenSigner.signToken.

    token

    The signed token to extract.

    returns

    The verified raw token, or None if the token isn't valid.

    Definition Classes
    DefaultCSRFTokenSignerCSRFTokenSigner
  10. def finalize(): Unit

    Permalink
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  11. def generateSignedToken: String

    Permalink

    Generate a signed token

    Generate a signed token

    Definition Classes
    DefaultCSRFTokenSignerCSRFTokenSigner
  12. def generateToken: String

    Permalink

    Generate a cryptographically secure token

    Generate a cryptographically secure token

    Definition Classes
    DefaultCSRFTokenSignerCSRFTokenSigner
  13. final def getClass(): Class[_]

    Permalink
    Definition Classes
    AnyRef → Any
  14. def hashCode(): Int

    Permalink
    Definition Classes
    AnyRef → Any
  15. final def isInstanceOf[T0]: Boolean

    Permalink
    Definition Classes
    Any
  16. final def ne(arg0: AnyRef): Boolean

    Permalink
    Definition Classes
    AnyRef
  17. final def notify(): Unit

    Permalink
    Definition Classes
    AnyRef
  18. final def notifyAll(): Unit

    Permalink
    Definition Classes
    AnyRef
  19. def signToken(token: String): String

    Permalink

    Sign a token.

    Sign a token. This produces a new token, that has this token signed with a nonce.

    This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.

    token

    The token to sign

    returns

    The signed token

    Definition Classes
    DefaultCSRFTokenSignerCSRFTokenSigner
  20. final def synchronized[T0](arg0: ⇒ T0): T0

    Permalink
    Definition Classes
    AnyRef
  21. def toString(): String

    Permalink
    Definition Classes
    AnyRef → Any
  22. final def wait(): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  23. final def wait(arg0: Long, arg1: Int): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  24. final def wait(arg0: Long): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

Deprecated Value Members

  1. def constantTimeEquals(a: String, b: String): Boolean

    Permalink

    Constant time equals method.

    Constant time equals method.

    Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.

    Definition Classes
    DefaultCSRFTokenSignerCSRFTokenSigner
    Deprecated

    Please use java.security.MessageDigest.isEqual(a.getBytes("utf-8"), b.getBytes("utf-8")) over this method.

Inherited from CSRFTokenSigner

Inherited from AnyRef

Inherited from Any

Ungrouped