Play Framework 2.1 CSRF Filter Java Example
I have been searching for CSRF filter examples for Play framework 2.1 (Java) but couldn't find any
so I tried myself. Got it working so sharing the code.
----------------------------------------------
app/controllers/Application.java
----------------------------------------------
package controllers;
import static play.data.Form.form;
import java.util.HashMap;
import java.util.Map;
import play.data.Form;
import play.mvc.Controller;
import play.mvc.Result;
import views.html.testform;
public class Application extends Controller {
public static Result index() {
Form<User> userForm = form(User.class);
Map<String, String> anyData = new HashMap();
anyData.put("email", "bob@gmail.com");
anyData.put("password", "secret");
User user = userForm.bind(anyData).get();
return ok(testform.render(userForm.fill(user)));
}
public static Result formAction() {
return ok("Headers:"+ctx().request().headers()+" Query String:"+ctx().request().queryString());
}
}
----------------------------------------------
app/Global.java
----------------------------------------------
import play.*;
import play.api.mvc.EssentialFilter;
import play.filters.csrf.CSRFFilter;
public class Global extends GlobalSettings {
@Override
public void onStart(Application app) {
Logger.info("********************Application has started");
}
@Override
public void onStop(Application app) {
Logger.info("********************Application shutdown...");
}
@SuppressWarnings({ "rawtypes", "unchecked" })
@Override
public <T extends EssentialFilter> Class<T>[] filters() {
Class[] filters = {CSRFFilter.class};
return filters;
}
}
----------------------------------------------
app/views/testform.scala.html
----------------------------------------------
@(signupForm: Form[User])
@import helper._
@main("FORM Example") {
@helper.form(action = helper.CSRF(routes.Application.formAction)) {
<fieldset>
<legend>Account informations</legend>
@inputText(
signupForm("email"), '_label -> "Email",
'_help -> "Enter a valid email address."
)
@inputText(
signupForm("password"),
'_label -> "Password",
'_help -> "Please specify password.",
'_error -> signupForm.globalError
)
</fieldset>
<div class="actions">
<input type="submit" class="btn primary" value="Sign Up">
</div>
}
}
----------------------------------------------
project/Build.scala
----------------------------------------------
import sbt._
import Keys._
import play.Project._
object ApplicationBuild extends Build {
val appName = "cxrf"
val appVersion = "1.0-SNAPSHOT"
val appDependencies = Seq(
// Add your project dependencies here,
javaCore,
javaJdbc,
javaEbean,
filters
)
val main = play.Project(appName, appVersion, appDependencies).settings(
// Add your own project settings here
)
}
----------------------------------------------
For legacy project PLAY 2.1.3, I have implemented CSRF token, but csrf token not updating (For a user login, CSRF token remains same for post requests, is it expected)?
ReplyDelete