class DefaultCSRFTokenSigner extends CSRFTokenSigner
- Alphabetic
- By Inheritance
- DefaultCSRFTokenSigner
- CSRFTokenSigner
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Instance Constructors
- new DefaultCSRFTokenSigner(signer: CookieSigner, clock: Clock)
- Annotations
- @Inject()
Value Members
- def compareSignedTokens(tokenA: String, tokenB: String): Boolean
Compare two signed tokens
Compare two signed tokens
- Definition Classes
- → CSRFTokenSigner
- def extractSignedToken(token: String): Option[String]
Extract a signed token that was signed by CSRFTokenSigner.signToken.
Extract a signed token that was signed by CSRFTokenSigner.signToken.
- token
The signed token to extract.
- returns
The verified raw token, or None if the token isn't valid.
- Definition Classes
- → CSRFTokenSigner
- def generateSignedToken: String
Generate a signed token
Generate a signed token
- Definition Classes
- → CSRFTokenSigner
- def generateToken: String
Generate a cryptographically secure token
Generate a cryptographically secure token
- Definition Classes
- → CSRFTokenSigner
- def signToken(token: String): String
Sign a token.
Sign a token. This produces a new token, that has this token signed with a nonce.
This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.
- token
The token to sign
- returns
The signed token
- Definition Classes
- → CSRFTokenSigner
Deprecated Value Members
- def constantTimeEquals(a: String, b: String): Boolean
Constant time equals method.
Constant time equals method.
Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.
- Definition Classes
- → CSRFTokenSigner
- Deprecated
Please use
java.security.MessageDigest.isEqual(a.getBytes("utf-8"), b.getBytes("utf-8"))over this method.
This class is used for generating random tokens for CSRF.