Thursday, May 2, 2013

Play Framework 2.1 CSRF Filter Java Example

I have been searching for CSRF filter examples for Play framework 2.1 (Java) but couldn't find any
so I tried myself. Got it working so sharing the code.

----------------------------------------------
app/controllers/Application.java
----------------------------------------------

package controllers;

import static play.data.Form.form;

import java.util.HashMap;
import java.util.Map;

import play.data.Form;
import play.mvc.Controller;
import play.mvc.Result;
import views.html.testform;

public class Application extends Controller {

public static Result index() {
Form<User> userForm = form(User.class);
Map<String, String> anyData = new HashMap();
anyData.put("email", "bob@gmail.com");
anyData.put("password", "secret");
User user = userForm.bind(anyData).get();
return ok(testform.render(userForm.fill(user)));
}

public static Result formAction() {
return ok("Headers:"+ctx().request().headers()+" Query String:"+ctx().request().queryString());
}
}
----------------------------------------------
app/Global.java
----------------------------------------------

import play.*;
import play.api.mvc.EssentialFilter;
import play.filters.csrf.CSRFFilter;

public class Global extends GlobalSettings {
@Override
 public void onStart(Application app) {
   Logger.info("********************Application has started");
 }

 @Override
 public void onStop(Application app) {
   Logger.info("********************Application shutdown...");
 }

@SuppressWarnings({ "rawtypes", "unchecked" })
@Override
public <T extends EssentialFilter> Class<T>[] filters() {
Class[] filters = {CSRFFilter.class};
return filters;
}
}

----------------------------------------------
app/views/testform.scala.html
----------------------------------------------

@(signupForm: Form[User])
@import helper._
@main("FORM Example") {
    @helper.form(action = helper.CSRF(routes.Application.formAction)) {
        <fieldset>
            <legend>Account informations</legend>
         
         
            @inputText(
                signupForm("email"), '_label -> "Email",
                '_help -> "Enter a valid email address."
            )
         
            @inputText(
                signupForm("password"),
                '_label -> "Password",
                '_help -> "Please specify password.",
                '_error -> signupForm.globalError
            )
        </fieldset>
        <div class="actions">
            <input type="submit" class="btn primary" value="Sign Up">
        </div>
    }
 }

----------------------------------------------
project/Build.scala
----------------------------------------------

import sbt._
import Keys._
import play.Project._

object ApplicationBuild extends Build {

  val appName         = "cxrf"
  val appVersion      = "1.0-SNAPSHOT"

  val appDependencies = Seq(
    // Add your project dependencies here,
    javaCore,
    javaJdbc,
    javaEbean,
    filters
  )
  val main = play.Project(appName, appVersion, appDependencies).settings(
    // Add your own project settings here    
  )
}
----------------------------------------------