Packages

case class SecretConfiguration(secret: String = "changeme", provider: Option[String] = None) extends Product with Serializable

The application secret. Must be set. A value of "changeme" will cause the application to fail to start in production.

With the Play secret we want to:

1. Encourage the practice of *not* using the same secret in dev and prod. 2. Make it obvious that the secret should be changed. 3. Ensure that in dev mode, the secret stays stable across restarts. 4. Ensure that in dev mode, sessions do not interfere with other applications that may be or have been running on localhost. Eg, if I start Play app 1, and it stores a PLAY_SESSION cookie for localhost:9000, then I stop it, and start Play app 2, when it reads the PLAY_SESSION cookie for localhost:9000, it should not see the session set by Play app 1. This can be achieved by using different secrets for the two, since if they are different, they will simply ignore the session cookie set by the other.

To achieve 1 and 2, we will, in Activator templates, set the default secret to be "changeme". This should make it obvious that the secret needs to be changed and discourage using the same secret in dev and prod.

For safety, if the secret is not set, or if it's changeme, and we are in prod mode, then we will fail fatally. This will further enforce both 1 and 2.

To achieve 3, if in dev or test mode, if the secret is either changeme or not set, we will generate a secret based on the location of application.conf. This should be stable across restarts for a given application.

To achieve 4, using the location of application.conf to generate the secret should ensure this.

Play secret is checked for a minimum length in production:

1. If the key is fifteen characters or fewer, a warning will be logged. 2. If the key is eight characters or fewer, then an error is thrown and the configuration is invalid.

secret

the application secret

provider

the JCE provider to use. If null, uses the platform default

Source
HttpConfiguration.scala
Linear Supertypes
Serializable, Serializable, Product, Equals, AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. SecretConfiguration
  2. Serializable
  3. Serializable
  4. Product
  5. Equals
  6. AnyRef
  7. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Instance Constructors

  1. new SecretConfiguration(secret: String = "changeme", provider: Option[String] = None)

    secret

    the application secret

    provider

    the JCE provider to use. If null, uses the platform default

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def clone(): AnyRef
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )
  6. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  7. def finalize(): Unit
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  8. final def getClass(): Class[_]
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  9. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  10. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  11. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  12. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  13. val provider: Option[String]
  14. val secret: String
  15. final def synchronized[T0](arg0: ⇒ T0): T0
    Definition Classes
    AnyRef
  16. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  17. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  18. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )

Inherited from Serializable

Inherited from Serializable

Inherited from Product

Inherited from Equals

Inherited from AnyRef

Inherited from Any

Ungrouped