class CsrfStateItemHandler extends SocialStateItemHandler with api.Logger with PublishableSocialStateItemHandler
Protects the application against CSRF attacks.
The handler stores a unique token in provider state and the same token in a signed client side cookie. After the provider redirects back to the application both tokens will be compared. If both tokens are the same than the application can trust the redirect source.
- Alphabetic
- By Inheritance
- CsrfStateItemHandler
- PublishableSocialStateItemHandler
- Logger
- SocialStateItemHandler
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Instance Constructors
- new CsrfStateItemHandler(settings: CsrfStateSettings, idGenerator: IDGenerator, signer: Signer)
- settings
The state settings.
- idGenerator
The ID generator used to create the state value.
- signer
The signer implementation.
- Annotations
- @Inject()
Type Members
- type Item = CsrfStateItem
The item the handler can handle.
The item the handler can handle.
- Definition Classes
- CsrfStateItemHandler → SocialStateItemHandler
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def canHandle[B](item: ItemStructure)(implicit request: ExtractableRequest[B]): Boolean
Indicates if a handler can handle the given unserialized state item.
Indicates if a handler can handle the given unserialized state item.
This method should check if the unserialize method of this handler can unserialize the given serialized state item.
- B
The type of the request body.
- item
The item to check for.
- request
The request instance to get additional data to validate against.
- returns
True if the handler can handle the given state item, false otherwise.
- Definition Classes
- CsrfStateItemHandler → SocialStateItemHandler
- def canHandle(item: SocialStateItem): Option[Item]
Indicates if a handler can handle the given SocialStateItem.
Indicates if a handler can handle the given SocialStateItem.
This method should check if the serialize method of this handler can serialize the given unserialized state item.
- item
The item to check for.
- returns
Some[Item]casted state item if the handler can handle the given state item,Noneotherwise.
- Definition Classes
- CsrfStateItemHandler → SocialStateItemHandler
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @HotSpotIntrinsicCandidate() @native()
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def equals(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef → Any
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @HotSpotIntrinsicCandidate() @native()
- def hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @HotSpotIntrinsicCandidate() @native()
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- def item(implicit ec: ExecutionContext): Future[Item]
Gets the state item the handler can handle.
Gets the state item the handler can handle.
- ec
The execution context to handle the asynchronous operations.
- returns
The state params the handler can handle.
- Definition Classes
- CsrfStateItemHandler → SocialStateItemHandler
- val logger: api.Logger
A named logger instance.
A named logger instance.
- Definition Classes
- Logger
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @HotSpotIntrinsicCandidate() @native()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @HotSpotIntrinsicCandidate() @native()
- def publish[B](item: Item, result: Result)(implicit request: ExtractableRequest[B]): Result
Publishes the CSRF token to the client.
Publishes the CSRF token to the client.
- B
The type of the request body.
- item
The item to publish.
- result
The result to send to the client.
- request
The current request.
- returns
The result to send to the client.
- Definition Classes
- CsrfStateItemHandler → PublishableSocialStateItemHandler
- def serialize(item: Item): ItemStructure
Returns a serialized value of the state item.
Returns a serialized value of the state item.
- item
The state item to serialize.
- returns
The serialized state item.
- Definition Classes
- CsrfStateItemHandler → SocialStateItemHandler
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- def toString(): String
- Definition Classes
- AnyRef → Any
- def unserialize[B](item: ItemStructure)(implicit request: ExtractableRequest[B], ec: ExecutionContext): Future[Item]
Unserializes the state item.
Unserializes the state item.
- B
The type of the request body.
- item
The state item to unserialize.
- request
The request instance to get additional data to validate against.
- ec
The execution context to handle the asynchronous operations.
- returns
The unserialized state item.
- Definition Classes
- CsrfStateItemHandler → SocialStateItemHandler
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
Deprecated Value Members
- def finalize(): Unit
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.Throwable]) @Deprecated
- Deprecated
(Since version 9)