Package play.libs.crypto

Interface CSRFTokenSigner

All Known Implementing Classes:
DefaultCSRFTokenSigner
public interface CSRFTokenSigner
Cryptographic utilities for generating and validating CSRF tokens.

This trait should not be used as a general purpose encryption utility.

  • Method Details

    • generateToken

      String generateToken()
      Generates a cryptographically secure token.
      Returns:
      a newly generated token.

    • generateSignedToken

      String generateSignedToken()
      Generates a signed token by calling generateToken / signToken.
      Returns:
      a newly generated token that has been signed.

    • signToken

      String signToken(String token)
      Sign a token. This produces a new token, that has this token signed with a nonce.

      This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.

      Parameters:
      token - The token to sign
      Returns:
      The signed token

    • extractSignedToken

      String extractSignedToken(String token)
      Extract a signed token that was signed by signToken(String).
      Parameters:
      token - The signed token to extract.
      Returns:
      The verified raw token, or null if the token isn't valid.

    • compareSignedTokens

      boolean compareSignedTokens(String tokenA, String tokenB)
      Compare two signed tokens.
      Parameters:
      tokenA - the first token
      tokenB - another token
      Returns:
      true if the tokens match and are signed, false otherwise.

    • asScala

      play.api.libs.crypto.CSRFTokenSigner asScala()
      Utility method needed for CSRFCheck. Should not need to be used or extended by user level code.
      Returns:
      the Scala API CSRFTokenSigner component.