|
Play Framework/Scala example source code file (AddCSRFTokenAction.java)
The AddCSRFTokenAction.java Play Framework example source code/* * Copyright (C) 2009-2013 Typesafe Inc. <http://www.typesafe.com> */ package play.filters.csrf; import play.api.mvc.RequestHeader; import play.api.mvc.Session; import play.libs.F; import play.mvc.Action; import play.mvc.Http; import play.mvc.Result; import scala.Option; import scala.Tuple2; public class AddCSRFTokenAction extends Action<AddCSRFToken> { private final String tokenName = CSRFConf$.MODULE$.TokenName(); private final Option<String> cookieName = CSRFConf$.MODULE$.CookieName(); private final boolean secureCookie = CSRFConf$.MODULE$.SecureCookie(); private final String requestTag = CSRF.Token$.MODULE$.RequestTag(); private final CSRFAction$ CSRFAction = CSRFAction$.MODULE$; private final CSRF.TokenProvider tokenProvider = CSRFConf$.MODULE$.defaultTokenProvider(); @Override public F.Promise<Result> call(Http.Context ctx) throws Throwable { RequestHeader request = ctx._requestHeader(); if (CSRFAction.getTokenFromHeader(request, tokenName, cookieName).isEmpty()) { // No token in header and we have to create one if not found, so create a new token String newToken = tokenProvider.generateToken(); // Place this token into the context ctx.args.put(requestTag, newToken); // Create a new Scala RequestHeader with the token RequestHeader newRequest = request.copy(request.id(), request.tags().$plus(new Tuple2<String, String>(requestTag, newToken)), request.uri(), request.path(), request.method(), request.version(), request.queryString(), request.headers(), request.remoteAddress(), request.secure()); // Create a new context that will have the new RequestHeader. This ensures that the CSRF.getToken call // used in templates will find the token. Http.Context newCtx = new Http.Context(ctx.id(), newRequest, ctx.request(), ctx.session(), ctx.flash(), ctx.args); Http.Context.current.set(newCtx); // Also add it to the response if (cookieName.isDefined()) { Option<String> domain = Session.domain(); ctx.response().setCookie(cookieName.get(), newToken, null, Session.path(), domain.isDefined() ? domain.get() : null, secureCookie, false); } else { ctx.session().put(tokenName, newToken); } return delegate.call(newCtx); } else { return delegate.call(ctx); } } } Other Play Framework source code examplesHere is a short list of links related to this Play Framework AddCSRFTokenAction.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.