trait CSRFTokenSigner extends AnyRef
Cryptographic utilities for generating and validating CSRF tokens.
This trait should not be used as a general purpose encryption utility.
- Source
- CSRFTokenSigner.scala
- Alphabetic
- By Inheritance
- CSRFTokenSigner
- AnyRef
- Any
- Hide All
- Show All
- Public
- All
Abstract Value Members
-
abstract
def
compareSignedTokens(tokenA: String, tokenB: String): Boolean
Compare two signed tokens
-
abstract
def
extractSignedToken(token: String): Option[String]
Extract a signed token that was signed by
signToken(String)
.Extract a signed token that was signed by
signToken(String)
.- token
The signed token to extract.
- returns
The verified raw token, or None if the token isn't valid.
-
abstract
def
generateSignedToken: String
Generates a signed token.
-
abstract
def
generateToken: String
Generates a cryptographically secure token.
-
abstract
def
signToken(token: String): String
Sign a token.
Sign a token. This produces a new token, that has this token signed with a nonce.
This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.
- token
The token to sign
- returns
The signed token
-
abstract
def
constantTimeEquals(a: String, b: String): Boolean
Constant time equals method.
Constant time equals method.
Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.
- Annotations
- @deprecated
- Deprecated
(Since version 2.6.0) Please use java.security.MessageDigest.isEqual(a.getBytes("utf-8"), b.getBytes("utf-8")) over this method.
Concrete Value Members
-
final
def
!=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
##(): Int
- Definition Classes
- AnyRef → Any
-
final
def
==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
asInstanceOf[T0]: T0
- Definition Classes
- Any
-
def
clone(): AnyRef
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @native() @throws( ... )
-
final
def
eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
def
equals(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
def
finalize(): Unit
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( classOf[java.lang.Throwable] )
-
final
def
getClass(): Class[_]
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
-
def
hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
-
final
def
isInstanceOf[T0]: Boolean
- Definition Classes
- Any
-
final
def
ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
final
def
notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
-
final
def
notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
-
final
def
synchronized[T0](arg0: ⇒ T0): T0
- Definition Classes
- AnyRef
-
def
toString(): String
- Definition Classes
- AnyRef → Any
-
final
def
wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @throws( ... )