Package play.libs.crypto

Interface CSRFTokenSigner

  • All Known Implementing Classes:
    DefaultCSRFTokenSigner
    public interface CSRFTokenSigner
    Cryptographic utilities for generating and validating CSRF tokens.

    This trait should not be used as a general purpose encryption utility.

    • Method Detail

      • generateToken

        String generateToken()
        Generates a cryptographically secure token.
        Returns:
        a newly generated token.

      • generateSignedToken

        String generateSignedToken()
        Generates a signed token by calling generateToken / signToken.
        Returns:
        a newly generated token that has been signed.

      • signToken

        String signToken​(String token)
        Sign a token. This produces a new token, that has this token signed with a nonce.

        This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.

        Parameters:
        token - The token to sign
        Returns:
        The signed token

      • extractSignedToken

        String extractSignedToken​(String token)
        Extract a signed token that was signed by signToken(String).
        Parameters:
        token - The signed token to extract.
        Returns:
        The verified raw token, or null if the token isn't valid.

      • compareSignedTokens

        boolean compareSignedTokens​(String tokenA,
                            String tokenB)
        Compare two signed tokens.
        Parameters:
        tokenA - the first token
        tokenB - another token
        Returns:
        true if the tokens match and are signed, false otherwise.

      • asScala

        play.api.libs.crypto.CSRFTokenSigner asScala()
        Utility method needed for CSRFCheck. Should not need to be used or extended by user level code.
        Returns:
        the Scala API CSRFTokenSigner component.