class DefaultCSRFTokenSigner extends CSRFTokenSigner
This class is used for generating random tokens for CSRF.
- Source
- CSRFTokenSigner.scala
- Alphabetic
- By Inheritance
- DefaultCSRFTokenSigner
- CSRFTokenSigner
- AnyRef
- Any
- Hide All
- Show All
- Public
- All
Instance Constructors
-
new
DefaultCSRFTokenSigner(signer: CookieSigner, clock: Clock)
- Annotations
- @Inject()
Value Members
-
final
def
!=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
##(): Int
- Definition Classes
- AnyRef → Any
-
final
def
==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
asInstanceOf[T0]: T0
- Definition Classes
- Any
-
def
clone(): AnyRef
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @native() @throws( ... )
-
def
compareSignedTokens(tokenA: String, tokenB: String): Boolean
Compare two signed tokens
Compare two signed tokens
- Definition Classes
- DefaultCSRFTokenSigner → CSRFTokenSigner
-
final
def
eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
def
equals(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
def
extractSignedToken(token: String): Option[String]
Extract a signed token that was signed by CSRFTokenSigner.signToken.
Extract a signed token that was signed by CSRFTokenSigner.signToken.
- token
The signed token to extract.
- returns
The verified raw token, or None if the token isn't valid.
- Definition Classes
- DefaultCSRFTokenSigner → CSRFTokenSigner
-
def
finalize(): Unit
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( classOf[java.lang.Throwable] )
-
def
generateSignedToken: String
Generate a signed token
Generate a signed token
- Definition Classes
- DefaultCSRFTokenSigner → CSRFTokenSigner
-
def
generateToken: String
Generate a cryptographically secure token
Generate a cryptographically secure token
- Definition Classes
- DefaultCSRFTokenSigner → CSRFTokenSigner
-
final
def
getClass(): Class[_]
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
-
def
hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
-
final
def
isInstanceOf[T0]: Boolean
- Definition Classes
- Any
-
final
def
ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
final
def
notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
-
final
def
notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
-
def
signToken(token: String): String
Sign a token.
Sign a token. This produces a new token, that has this token signed with a nonce.
This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.
- token
The token to sign
- returns
The signed token
- Definition Classes
- DefaultCSRFTokenSigner → CSRFTokenSigner
-
final
def
synchronized[T0](arg0: ⇒ T0): T0
- Definition Classes
- AnyRef
-
def
toString(): String
- Definition Classes
- AnyRef → Any
-
final
def
wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @throws( ... )
Deprecated Value Members
-
def
constantTimeEquals(a: String, b: String): Boolean
Constant time equals method.
Constant time equals method.
Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.
- Definition Classes
- DefaultCSRFTokenSigner → CSRFTokenSigner
- Deprecated
Please use
java.security.MessageDigest.isEqual(a.getBytes("utf-8"), b.getBytes("utf-8"))
over this method.