class DefaultCSRFTokenSigner extends CSRFTokenSigner
This class is used for generating random tokens for CSRF.
- Source
- CSRFTokenSigner.scala
- Alphabetic
- By Inheritance
- DefaultCSRFTokenSigner
- CSRFTokenSigner
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Instance Constructors
- new DefaultCSRFTokenSigner(signer: CookieSigner, clock: Clock)
- Annotations
- @Inject()
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @native()
- def compareSignedTokens(tokenA: String, tokenB: String): Boolean
Compare two signed tokens
Compare two signed tokens
- Definition Classes
- DefaultCSRFTokenSigner → CSRFTokenSigner
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def equals(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef → Any
- def extractSignedToken(token: String): Option[String]
Extract a signed token that was signed by CSRFTokenSigner.signToken.
Extract a signed token that was signed by CSRFTokenSigner.signToken.
- token
The signed token to extract.
- returns
The verified raw token, or None if the token isn't valid.
- Definition Classes
- DefaultCSRFTokenSigner → CSRFTokenSigner
- def finalize(): Unit
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.Throwable])
- def generateSignedToken: String
Generate a signed token
Generate a signed token
- Definition Classes
- DefaultCSRFTokenSigner → CSRFTokenSigner
- def generateToken: String
Generate a cryptographically secure token
Generate a cryptographically secure token
- Definition Classes
- DefaultCSRFTokenSigner → CSRFTokenSigner
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
- def hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
- def signToken(token: String): String
Sign a token.
Sign a token. This produces a new token, that has this token signed with a nonce.
This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.
- token
The token to sign
- returns
The signed token
- Definition Classes
- DefaultCSRFTokenSigner → CSRFTokenSigner
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- def toString(): String
- Definition Classes
- AnyRef → Any
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
Deprecated Value Members
- def constantTimeEquals(a: String, b: String): Boolean
Constant time equals method.
Constant time equals method.
Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.
- Definition Classes
- DefaultCSRFTokenSigner → CSRFTokenSigner
- Deprecated
Please use
java.security.MessageDigest.isEqual(a.getBytes("utf-8"), b.getBytes("utf-8"))
over this method.