trait CSRFTokenSigner extends AnyRef
Cryptographic utilities for generating and validating CSRF tokens.
This trait should not be used as a general purpose encryption utility.
- Source
- CSRFTokenSigner.scala
- Alphabetic
- By Inheritance
- CSRFTokenSigner
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Abstract Value Members
- abstract def compareSignedTokens(tokenA: String, tokenB: String): Boolean
Compare two signed tokens
- abstract def extractSignedToken(token: String): Option[String]
Extract a signed token that was signed by
signToken(String)
.Extract a signed token that was signed by
signToken(String)
.- token
The signed token to extract.
- returns
The verified raw token, or None if the token isn't valid.
- abstract def generateSignedToken: String
Generates a signed token.
- abstract def generateToken: String
Generates a cryptographically secure token.
- abstract def signToken(token: String): String
Sign a token.
Sign a token. This produces a new token, that has this token signed with a nonce.
This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.
- token
The token to sign
- returns
The signed token
- abstract def constantTimeEquals(a: String, b: String): Boolean
Constant time equals method.
Constant time equals method.
Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.
- Annotations
- @deprecated
- Deprecated
(Since version 2.6.0) Please use java.security.MessageDigest.isEqual(a.getBytes("utf-8"), b.getBytes("utf-8")) over this method.
Concrete Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##(): Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @native()
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def equals(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef → Any
- def finalize(): Unit
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.Throwable])
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
- def hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- def toString(): String
- Definition Classes
- AnyRef → Any
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()