DefaultCSRFTokenSigner (Play 2.6.0-RC1)

java.lang.Object
- play.libs.crypto.DefaultCSRFTokenSigner

All Implemented Interfaces:

CSRFTokenSigner
```
@Singleton
public class DefaultCSRFTokenSigner
extends java.lang.Object
implements CSRFTokenSigner
```
Cryptographic utilities for generating and validating CSRF tokens.
This trait should not be used as a general purpose encryption utility.

Constructor Summary

Constructors
Constructor and Description

DefaultCSRFTokenSigner(play.api.libs.crypto.CSRFTokenSigner csrfTokenSigner)

Constructors
Constructor and Description
`DefaultCSRFTokenSigner(play.api.libs.crypto.CSRFTokenSigner csrfTokenSigner)`

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`play.api.libs.crypto.CSRFTokenSigner`	`asScala()` Utility method needed for CSRFCheck.
`boolean`	`compareSignedTokens(java.lang.String tokenA, java.lang.String tokenB)` Compare two signed tokens.
`boolean`	`constantTimeEquals(java.lang.String a, java.lang.String b)` Deprecated.
`java.lang.String`	`extractSignedToken(java.lang.String token)` Extract a signed token that was signed by `CSRFTokenSigner.signToken(String)`.
`java.lang.String`	`generateSignedToken()` Generates a signed token by calling generateToken / signToken.
`java.lang.String`	`generateToken()` Generates a cryptographically secure token.
`java.lang.String`	`signToken(java.lang.String token)` Sign a token.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - DefaultCSRFTokenSigner
```
@Inject
public DefaultCSRFTokenSigner(play.api.libs.crypto.CSRFTokenSigner csrfTokenSigner)
```
- Method Detail
  - signToken
```
public java.lang.String signToken(java.lang.String token)
```
    Description copied from interface: CSRFTokenSigner
    
    Sign a token. This produces a new token, that has this token signed with a nonce.
    This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.
    
    Specified by:
    
    signToken in interface CSRFTokenSigner
    
    Parameters:
    
    token - The token to sign
    
    Returns:
    
    The signed token
  - extractSignedToken
```
public java.lang.String extractSignedToken(java.lang.String token)
```
    Description copied from interface: CSRFTokenSigner
    
    Extract a signed token that was signed by CSRFTokenSigner.signToken(String).
    
    Specified by:
    
    extractSignedToken in interface CSRFTokenSigner
    
    Parameters:
    
    token - The signed token to extract.
    
    Returns:
    
    The verified raw token, or null if the token isn't valid.
  - generateToken
```
public java.lang.String generateToken()
```
    Description copied from interface: CSRFTokenSigner
    
    Generates a cryptographically secure token.
    
    Specified by:
    
    generateToken in interface CSRFTokenSigner
    
    Returns:
    
    a newly generated token.
  - generateSignedToken
```
public java.lang.String generateSignedToken()
```
    Description copied from interface: CSRFTokenSigner
    
    Generates a signed token by calling generateToken / signToken.
    
    Specified by:
    
    generateSignedToken in interface CSRFTokenSigner
    
    Returns:
    
    a newly generated token that has been signed.
  - compareSignedTokens
```
public boolean compareSignedTokens(java.lang.String tokenA,
                                   java.lang.String tokenB)
```
    Description copied from interface: CSRFTokenSigner
    
    Compare two signed tokens.
    
    Specified by:
    
    compareSignedTokens in interface CSRFTokenSigner
    
    Parameters:
    
    tokenA - the first token
    
    tokenB - another token
    
    Returns:
    
    true if the tokens match and are signed, false otherwise.
  - constantTimeEquals
```
@Deprecated
public boolean constantTimeEquals(java.lang.String a,
                                              java.lang.String b)
```
    Deprecated.
    
    Description copied from interface: CSRFTokenSigner
    
    Constant time equals method.
    Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.
    
    Specified by:
    
    constantTimeEquals in interface CSRFTokenSigner
    
    Parameters:
    
    a - a string.
    
    b - another string.
    
    Returns:
    
    true if the strings match, false otherwise.
  - asScala
```
public play.api.libs.crypto.CSRFTokenSigner asScala()
```
    Description copied from interface: CSRFTokenSigner
    
    Utility method needed for CSRFCheck. Should not need to be used or extended by user level code.
    
    Specified by:
    
    asScala in interface CSRFTokenSigner
    
    Returns:
    
    the Scala API CSRFTokenSigner component.

Class DefaultCSRFTokenSigner

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

DefaultCSRFTokenSigner

Method Detail

signToken

extractSignedToken

generateToken

generateSignedToken

compareSignedTokens

constantTimeEquals

asScala