Packages

c

play.api.libs.crypto

DefaultCSRFTokenSigner

class DefaultCSRFTokenSigner extends CSRFTokenSigner

This class is used for generating random tokens for CSRF.

Source
CSRFTokenSigner.scala
Linear Supertypes
CSRFTokenSigner, AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. DefaultCSRFTokenSigner
  2. CSRFTokenSigner
  3. AnyRef
  4. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Instance Constructors

  1. new DefaultCSRFTokenSigner(signer: CookieSigner, clock: Clock)
    Annotations
    @Inject()

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( ... ) @native()
  6. def compareSignedTokens(tokenA: String, tokenB: String): Boolean

    Compare two signed tokens

    Compare two signed tokens

    Definition Classes
    DefaultCSRFTokenSignerCSRFTokenSigner
  7. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  8. def equals(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  9. def extractSignedToken(token: String): Option[String]

    Extract a signed token that was signed by CSRFTokenSigner.signToken.

    Extract a signed token that was signed by CSRFTokenSigner.signToken.

    token

    The signed token to extract.

    returns

    The verified raw token, or None if the token isn't valid.

    Definition Classes
    DefaultCSRFTokenSignerCSRFTokenSigner
  10. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  11. def generateSignedToken: String

    Generate a signed token

    Generate a signed token

    Definition Classes
    DefaultCSRFTokenSignerCSRFTokenSigner
  12. def generateToken: String

    Generate a cryptographically secure token

    Generate a cryptographically secure token

    Definition Classes
    DefaultCSRFTokenSignerCSRFTokenSigner
  13. final def getClass(): Class[_]
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  14. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  15. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  16. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  17. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  18. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  19. def signToken(token: String): String

    Sign a token.

    Sign a token. This produces a new token, that has this token signed with a nonce.

    This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.

    token

    The token to sign

    returns

    The signed token

    Definition Classes
    DefaultCSRFTokenSignerCSRFTokenSigner
  20. final def synchronized[T0](arg0: ⇒ T0): T0
    Definition Classes
    AnyRef
  21. def toString(): String
    Definition Classes
    AnyRef → Any
  22. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  23. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  24. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... ) @native()

Deprecated Value Members

  1. def constantTimeEquals(a: String, b: String): Boolean

    Constant time equals method.

    Constant time equals method.

    Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.

    Definition Classes
    DefaultCSRFTokenSignerCSRFTokenSigner
    Deprecated

    Please use java.security.MessageDigest.isEqual(a.getBytes("utf-8"), b.getBytes("utf-8")) over this method.

Inherited from CSRFTokenSigner

Inherited from AnyRef

Inherited from Any

Ungrouped