@Singleton public class DefaultCSRFTokenSigner extends Object implements CSRFTokenSigner
This trait should not be used as a general purpose encryption utility.
Constructor and Description |
---|
DefaultCSRFTokenSigner(play.api.libs.crypto.CSRFTokenSigner csrfTokenSigner) |
Modifier and Type | Method and Description |
---|---|
play.api.libs.crypto.CSRFTokenSigner |
asScala()
Utility method needed for CSRFCheck.
|
boolean |
compareSignedTokens(String tokenA,
String tokenB)
Compare two signed tokens.
|
String |
extractSignedToken(String token)
Extract a signed token that was signed by
CSRFTokenSigner.signToken(String) . |
String |
generateSignedToken()
Generates a signed token by calling generateToken / signToken.
|
String |
generateToken()
Generates a cryptographically secure token.
|
String |
signToken(String token)
Sign a token.
|
@Inject public DefaultCSRFTokenSigner(play.api.libs.crypto.CSRFTokenSigner csrfTokenSigner)
public String signToken(String token)
CSRFTokenSigner
This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.
signToken
in interface CSRFTokenSigner
token
- The token to signpublic String extractSignedToken(String token)
CSRFTokenSigner
CSRFTokenSigner.signToken(String)
.extractSignedToken
in interface CSRFTokenSigner
token
- The signed token to extract.public String generateToken()
CSRFTokenSigner
generateToken
in interface CSRFTokenSigner
public String generateSignedToken()
CSRFTokenSigner
generateSignedToken
in interface CSRFTokenSigner
public boolean compareSignedTokens(String tokenA, String tokenB)
CSRFTokenSigner
compareSignedTokens
in interface CSRFTokenSigner
tokenA
- the first tokentokenB
- another tokenpublic play.api.libs.crypto.CSRFTokenSigner asScala()
CSRFTokenSigner
asScala
in interface CSRFTokenSigner