public interface CSRFTokenSigner
This trait should not be used as a general purpose encryption utility.
Modifier and Type | Method and Description |
---|---|
play.api.libs.crypto.CSRFTokenSigner |
asScala()
Utility method needed for CSRFCheck.
|
boolean |
compareSignedTokens(String tokenA,
String tokenB)
Compare two signed tokens.
|
String |
extractSignedToken(String token)
Extract a signed token that was signed by
signToken(String) . |
String |
generateSignedToken()
Generates a signed token by calling generateToken / signToken.
|
String |
generateToken()
Generates a cryptographically secure token.
|
String |
signToken(String token)
Sign a token.
|
String generateToken()
String generateSignedToken()
String signToken(String token)
This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.
token
- The token to signString extractSignedToken(String token)
signToken(String)
.token
- The signed token to extract.boolean compareSignedTokens(String tokenA, String tokenB)
tokenA
- the first tokentokenB
- another tokenplay.api.libs.crypto.CSRFTokenSigner asScala()