play.libs.crypto

Class DefaultCSRFTokenSigner

java.lang.Object

play.libs.crypto.DefaultCSRFTokenSigner

All Implemented Interfaces:

CSRFTokenSigner

@Singleton
public class DefaultCSRFTokenSigner
extends java.lang.Object
implements CSRFTokenSigner

Cryptographic utilities for generating and validating CSRF tokens.

This trait should not be used as a general purpose encryption utility.

Constructor Summary

Constructors

Constructor and Description
DefaultCSRFTokenSigner(play.api.libs.crypto.CSRFTokenSigner csrfTokenSigner)

Method Summary

Modifier and Type	Method and Description
play.api.libs.crypto.CSRFTokenSigner	asScala() Utility method needed for CSRFCheck.
boolean	compareSignedTokens(java.lang.String tokenA, java.lang.String tokenB) Compare two signed tokens.
java.lang.String	extractSignedToken(java.lang.String token) Extract a signed token that was signed by CSRFTokenSigner.signToken(String).
java.lang.String	generateSignedToken() Generates a signed token by calling generateToken / signToken.
java.lang.String	generateToken() Generates a cryptographically secure token.
java.lang.String	signToken(java.lang.String token) Sign a token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultCSRFTokenSigner

@Inject
public DefaultCSRFTokenSigner(play.api.libs.crypto.CSRFTokenSigner csrfTokenSigner)

Method Detail

signToken

public java.lang.String signToken(java.lang.String token)

Description copied from interface: CSRFTokenSigner

Sign a token. This produces a new token, that has this token signed with a nonce.

This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.

Specified by:

signToken in interface CSRFTokenSigner

Parameters:

token - The token to sign

Returns:

The signed token

extractSignedToken

public java.lang.String extractSignedToken(java.lang.String token)

Description copied from interface: CSRFTokenSigner

Extract a signed token that was signed by CSRFTokenSigner.signToken(String).

Specified by:

extractSignedToken in interface CSRFTokenSigner

Parameters:

token - The signed token to extract.

Returns:

The verified raw token, or null if the token isn't valid.

generateToken

public java.lang.String generateToken()

Description copied from interface: CSRFTokenSigner

Generates a cryptographically secure token.

Specified by:

generateToken in interface CSRFTokenSigner

Returns:

a newly generated token.

generateSignedToken

public java.lang.String generateSignedToken()

Description copied from interface: CSRFTokenSigner

Generates a signed token by calling generateToken / signToken.

Specified by:

generateSignedToken in interface CSRFTokenSigner

Returns:

a newly generated token that has been signed.

compareSignedTokens

public boolean compareSignedTokens(java.lang.String tokenA,
                                   java.lang.String tokenB)

Description copied from interface: CSRFTokenSigner

Compare two signed tokens.

Specified by:

compareSignedTokens in interface CSRFTokenSigner

Parameters:

tokenA - the first token

tokenB - another token

Returns:

true if the tokens match and are signed, false otherwise.

asScala

public play.api.libs.crypto.CSRFTokenSigner asScala()

Description copied from interface: CSRFTokenSigner

Utility method needed for CSRFCheck. Should not need to be used or extended by user level code.

Specified by:

asScala in interface CSRFTokenSigner

Returns:

the Scala API CSRFTokenSigner component.