CSRFTokenSigner (Play 2.6.0-RC1)

All Known Implementing Classes:

DefaultCSRFTokenSigner
```
public interface CSRFTokenSigner
```
Cryptographic utilities for generating and validating CSRF tokens.
This trait should not be used as a general purpose encryption utility.

Method Summary

All Methods Instance Methods Abstract Methods Deprecated Methods
Modifier and Type	Method and Description
`play.api.libs.crypto.CSRFTokenSigner`	`asScala()` Utility method needed for CSRFCheck.
`boolean`	`compareSignedTokens(java.lang.String tokenA, java.lang.String tokenB)` Compare two signed tokens.
`boolean`	`constantTimeEquals(java.lang.String a, java.lang.String b)` Deprecated. since 2.6.0. Use java.security.MessageDigest.isEqual over this method.
`java.lang.String`	`extractSignedToken(java.lang.String token)` Extract a signed token that was signed by `signToken(String)`.
`java.lang.String`	`generateSignedToken()` Generates a signed token by calling generateToken / signToken.
`java.lang.String`	`generateToken()` Generates a cryptographically secure token.
`java.lang.String`	`signToken(java.lang.String token)` Sign a token.

- Method Detail
  - generateToken
```
java.lang.String generateToken()
```
    Generates a cryptographically secure token.
    
    Returns:
    
    a newly generated token.
  - generateSignedToken
```
java.lang.String generateSignedToken()
```
    Generates a signed token by calling generateToken / signToken.
    
    Returns:
    
    a newly generated token that has been signed.
  - signToken
```
java.lang.String signToken(java.lang.String token)
```
    Sign a token. This produces a new token, that has this token signed with a nonce.
    This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.
    
    Parameters:
    
    token - The token to sign
    
    Returns:
    
    The signed token
  - extractSignedToken
```
java.lang.String extractSignedToken(java.lang.String token)
```
    Extract a signed token that was signed by signToken(String).
    
    Parameters:
    
    token - The signed token to extract.
    
    Returns:
    
    The verified raw token, or null if the token isn't valid.
  - compareSignedTokens
```
boolean compareSignedTokens(java.lang.String tokenA,
                            java.lang.String tokenB)
```
    Compare two signed tokens.
    
    Parameters:
    
    tokenA - the first token
    
    tokenB - another token
    
    Returns:
    
    true if the tokens match and are signed, false otherwise.
  - constantTimeEquals
```
@Deprecated
boolean constantTimeEquals(java.lang.String a,
                                       java.lang.String b)
```
    Deprecated. since 2.6.0. Use java.security.MessageDigest.isEqual over this method.
    
    Constant time equals method.
    Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.
    
    Parameters:
    
    a - a string.
    
    b - another string.
    
    Returns:
    
    true if the strings match, false otherwise.
  - asScala
```
play.api.libs.crypto.CSRFTokenSigner asScala()
```
    Utility method needed for CSRFCheck. Should not need to be used or extended by user level code.
    
    Returns:
    
    the Scala API CSRFTokenSigner component.

Interface CSRFTokenSigner

Method Summary

Method Detail

generateToken

generateSignedToken

signToken

extractSignedToken

compareSignedTokens

constantTimeEquals

asScala