alvinalexander.com | career | drupal | java | mac | mysql | perl | scala | uml | unix  

Play Framework/Scala example source code file (AddCSRFTokenAction.java)

This example Play Framework source code file (AddCSRFTokenAction.java) is included in my "Source Code Warehouse" project. The intent of this project is to help you more easily find Play Framework (and Scala) source code examples by using tags.

All credit for the original source code belongs to Play Framework; I'm just trying to make examples easier to find. (For my Scala work, see my Scala examples and tutorials.)

Play Framework tags/keywords

api, cookiename, csrfaction, csrfconf, lib, library, module, mvc, option, override, play, play framework, requestheader, requesttag, securecookie, string

The AddCSRFTokenAction.java Play Framework example source code

/*
 * Copyright (C) 2009-2013 Typesafe Inc. <http://www.typesafe.com>
 */
package play.filters.csrf;

import play.api.mvc.RequestHeader;
import play.api.mvc.Session;
import play.libs.F;
import play.mvc.Action;
import play.mvc.Http;
import play.mvc.Result;
import scala.Option;
import scala.Tuple2;

public class AddCSRFTokenAction extends Action<AddCSRFToken> {

    private final String tokenName = CSRFConf$.MODULE$.TokenName();
    private final Option<String> cookieName = CSRFConf$.MODULE$.CookieName();
    private final boolean secureCookie = CSRFConf$.MODULE$.SecureCookie();
    private final String requestTag = CSRF.Token$.MODULE$.RequestTag();
    private final CSRFAction$ CSRFAction = CSRFAction$.MODULE$;
    private final CSRF.TokenProvider tokenProvider = CSRFConf$.MODULE$.defaultTokenProvider();

    @Override
    public F.Promise<Result> call(Http.Context ctx) throws Throwable {
        RequestHeader request = ctx._requestHeader();

        if (CSRFAction.getTokenFromHeader(request, tokenName, cookieName).isEmpty()) {
            // No token in header and we have to create one if not found, so create a new token
            String newToken = tokenProvider.generateToken();

            // Place this token into the context
            ctx.args.put(requestTag, newToken);

            // Create a new Scala RequestHeader with the token
            RequestHeader newRequest = request.copy(request.id(),
                    request.tags().$plus(new Tuple2<String, String>(requestTag, newToken)),
                    request.uri(), request.path(), request.method(), request.version(), request.queryString(),
                    request.headers(), request.remoteAddress(), request.secure());

            // Create a new context that will have the new RequestHeader.  This ensures that the CSRF.getToken call
            // used in templates will find the token.
            Http.Context newCtx = new Http.Context(ctx.id(), newRequest, ctx.request(), ctx.session(), ctx.flash(),
                    ctx.args);
            Http.Context.current.set(newCtx);

            // Also add it to the response
            if (cookieName.isDefined()) {
                Option<String> domain = Session.domain();
                ctx.response().setCookie(cookieName.get(), newToken, null, Session.path(),
                        domain.isDefined() ? domain.get() : null, secureCookie, false);
            } else {
                ctx.session().put(tokenName, newToken);
            }

            return delegate.call(newCtx);
        } else {
            return delegate.call(ctx);
        }

    }
}

Other Play Framework source code examples

Here is a short list of links related to this Play Framework AddCSRFTokenAction.java source code file:

... this post is sponsored by my books ...

#1 New Release!

FP Best Seller

 

new blog posts

 

Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.

A percentage of advertising revenue from
pages under the /java/jwarehouse URI on this website is
paid back to open source projects.