Compare two signed tokens
Compare two signed tokens
Extract a signed token that was signed by CSRFTokenSigner.signToken.
Extract a signed token that was signed by CSRFTokenSigner.signToken.
The signed token to extract.
The verified raw token, or None if the token isn't valid.
Generate a signed token
Generate a signed token
Generate a cryptographically secure token
Generate a cryptographically secure token
Sign a token.
Sign a token. This produces a new token, that has this token signed with a nonce.
This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.
The token to sign
The signed token
Constant time equals method.
Constant time equals method.
Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.
Please use java.security.MessageDigest.isEqual(a.getBytes("utf-8"), b.getBytes("utf-8"))
over this method.
This class is used for generating random tokens for CSRF.