Package com.vaadin.flow.server.auth

Class AccessAnnotationChecker

java.lang.Object
com.vaadin.flow.server.auth.AccessAnnotationChecker
All Implemented Interfaces:
Serializable
public class AccessAnnotationChecker extends Object implements Serializable
Checks if a given user has access to a given method.

Check is performed as follows when called for a method:

  1. A security annotation (see below) is searched for on that particular method.
  2. If a security annotation was not found on the method, checks the class the method is declared in.
  3. If no security annotation was found, deny access by default

The security annotations checked and their meaning are:

  • AnonymousAllowed - allows access to any logged on or not logged in user. Public access.
  • PermitAll - allows access to any logged in user but denies access to anonymous users.
  • RolesAllowed - allows access there is a logged in user that has any of the roles mentioned in the annotation
  • DenyAll - denies access.
See Also:

  • Constructor Summary

    Constructors
    Constructor
    Description
    AccessAnnotationChecker()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    AnnotatedElement
    getSecurityTarget(Class<?> cls)
    Gets the class to check for security restrictions.
    AnnotatedElement
    getSecurityTarget(Method method)
    Gets the method or class to check for security restrictions.
    boolean
    hasAccess(Class<?> cls)
    Checks if the user defined by the current active servlet request (using HttpServletRequest.getUserPrincipal() and HttpServletRequest.isUserInRole(String) has access to the given class.
    boolean
    hasAccess(Class<?> cls, jakarta.servlet.http.HttpServletRequest request)
    Checks if the user defined by the request (using HttpServletRequest.getUserPrincipal() and HttpServletRequest.isUserInRole(String) has access to the given class.
    boolean
    hasAccess(Class<?> cls, Principal principal, Function<String,Boolean> roleChecker)
    Checks if the user defined by the given Principal and role checker has access to the given class.
    boolean
    hasAccess(Method method)
    Checks if the user defined by the current active servlet request (using HttpServletRequest.getUserPrincipal() and HttpServletRequest.isUserInRole(String) has access to the given method.
    boolean
    hasAccess(Method method, jakarta.servlet.http.HttpServletRequest request)
    Checks if the user defined by the request (using HttpServletRequest.getUserPrincipal() and HttpServletRequest.isUserInRole(String) has access to the given method.
    boolean
    hasAccess(Method method, Principal principal, Function<String,Boolean> roleChecker)
    Checks if the user defined by the given Principal and role checker has access to the given method.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • AccessAnnotationChecker

      public AccessAnnotationChecker()

  • Method Details

    • hasAccess

      public boolean hasAccess(Method method)
      Checks if the user defined by the current active servlet request (using HttpServletRequest.getUserPrincipal() and HttpServletRequest.isUserInRole(String) has access to the given method.
      Parameters:
      method - the method to check access to
      Returns:
      true if the user has access to the given method, false otherwise

    • hasAccess

      public boolean hasAccess(Class<?> cls)
      Checks if the user defined by the current active servlet request (using HttpServletRequest.getUserPrincipal() and HttpServletRequest.isUserInRole(String) has access to the given class.
      Parameters:
      cls - the class to check access to
      Returns:
      true if the user has access to the given method, false otherwise

    • hasAccess

      public boolean hasAccess(Method method, jakarta.servlet.http.HttpServletRequest request)
      Checks if the user defined by the request (using HttpServletRequest.getUserPrincipal() and HttpServletRequest.isUserInRole(String) has access to the given method.
      Parameters:
      method - the method to check access to
      request - the http request to use for user information
      Returns:
      true if the user has access to the given method, false otherwise

    • hasAccess

      public boolean hasAccess(Class<?> cls, jakarta.servlet.http.HttpServletRequest request)
      Checks if the user defined by the request (using HttpServletRequest.getUserPrincipal() and HttpServletRequest.isUserInRole(String) has access to the given class.
      Parameters:
      cls - the class to check access to
      request - the http request to use for user information
      Returns:
      true if the user has access to the given method, false otherwise

    • hasAccess

      public boolean hasAccess(Method method, Principal principal, Function<String,Boolean> roleChecker)
      Checks if the user defined by the given Principal and role checker has access to the given method.
      Parameters:
      method - the method to check access to
      principal - the principal of the user
      roleChecker - a function that can answer if a user has a given role
      Returns:
      true if the user has access to the given method, false otherwise

    • hasAccess

      public boolean hasAccess(Class<?> cls, Principal principal, Function<String,Boolean> roleChecker)
      Checks if the user defined by the given Principal and role checker has access to the given class.
      Parameters:
      cls - the class to check access to
      principal - the principal of the user
      roleChecker - a function that can answer if a user has a given role
      Returns:
      true if the user has access to the given method, false otherwise

    • getSecurityTarget

      public AnnotatedElement getSecurityTarget(Method method)
      Gets the method or class to check for security restrictions.
      Parameters:
      method - the method to look up
      Returns:
      the entity that is responsible for security settings for the method passed
      Throws:
      IllegalArgumentException - if the method is not public

    • getSecurityTarget

      public AnnotatedElement getSecurityTarget(Class<?> cls)
      Gets the class to check for security restrictions.
      Parameters:
      cls - the class to check
      Returns:
      the first annotated class in cls's hierarchy that annotated with one of the access annotations, starting from the input cls class itself, going up in the hierarchy. Note: interfaces in the cls's hierarchy are ignored.

      If no class in the hierarchy was annotated with any of the access annotations, the cls input parameter itself would be returned.

      Access annotations that being checked are:

      • @AnonymousAllowed
      • @PermitAll
      • @RolesAllowed
      • @DenyAll
      Throws:
      NullPointerException - if the input cls is null