Package com.vaadin.flow.server.auth

Class DefaultAccessCheckDecisionResolver

java.lang.Object

com.vaadin.flow.server.auth.DefaultAccessCheckDecisionResolver

All Implemented Interfaces:

AccessCheckDecisionResolver, Serializable

public class DefaultAccessCheckDecisionResolver
extends Object
implements AccessCheckDecisionResolver

Default implementation of AccessCheckDecisionResolver that allow access only if input results are all ALLOW, or a combination of ALLOW and NEUTRAL. In any other case the access is DENIED.

 | Results         | Decision |
 | --------------- | -------- |
 | All ALLOW       | ALLOW    |
 | ALLOW + NEUTRAL | ALLOW    |
 | All DENY        | DENY     |
 | DENY + NEUTRAL  | DENY     |
 | ALL NEUTRAL     | DENY     |
 | ALLOW + DENY    | REJECT   |
 

Almost the same rule applies also if the evaluation happens during error handling phase (NavigationContext.isErrorHandling() is true), with a single exception: in this case, if all the results are NEUTRAL the access is granted because the target of the navigation is supposed to be an error handler component and not a view with sensible information.

It should be noted that the above situation never occurs if the AnnotatedViewAccessChecker is enabled because it computes only ALLOW or DENY results.

See Also:

• Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
static final org.slf4j.Logger	LOGGER

Constructor Summary

Constructors

Constructor	Description
DefaultAccessCheckDecisionResolver()

Method Summary

Modifier and Type	Method	Description
AccessCheckResult	resolve(List<AccessCheckResult> results, NavigationContext context)	Determines if access is granted for a specific navigation context, based on the decisions provided by NavigationAccessCheckers.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

LOGGER

public static final org.slf4j.Logger LOGGER

Constructor Details

DefaultAccessCheckDecisionResolver

public DefaultAccessCheckDecisionResolver()

Method Details

resolve

public AccessCheckResult resolve(List<AccessCheckResult> results,
 NavigationContext context)

Description copied from interface: AccessCheckDecisionResolver

Determines if access is granted for a specific navigation context, based on the decisions provided by NavigationAccessCheckers.

The decision resolver should grant access or deny it by returning an appropriate AccessCheckResult object.

The expected result of the method should be AccessCheckDecision.ALLOW or AccessCheckDecision.DENY, or AccessCheckDecision.REJECT.

A AccessCheckDecision.NEUTRAL result does not make because it does not provide meaningful information to NavigationAccessControl to complete the access check process. For this reason, a neutral result will produce the same effect as AccessCheckDecision.REJECT, preventing the navigation and failing with an exception in development mode.

 AccessCheckResult resolve(List<Result> results,
         NavigationContext context) {

     Map<Decision, Long> votes = results.stream()
             .collect(groupingBy(Result::decision, counting()));

     int allow = votes.getOrDefault(Decision.ALLOW, 0L).intValue();
     int deny = votes.getOrDefault(Decision.ALLOW, 0L).intValue();
     int diff = allow - deny;

     if (allow == 0 && deny == 0) {
         return AccessCheckResult.neutral();
     } else if (diff > 0) {
         return AccessCheckResult.allow();
     } else if (diff < 0) {
         return AccessCheckResult.deny(String
                 .format("Allow %d - Deny %d. Deny wins!", allow, deny));
     }
     return AccessCheckResult
             .reject("To allow, or not to allow, that is the question.");
 }
 

Result object can also be created using NavigationContext helpers NavigationContext.allow(), NavigationContext.deny(String), NavigationContext.reject(String) and NavigationContext.neutral().

Specified by:

resolve in interface AccessCheckDecisionResolver

Parameters:

results - the decisions from access checkers.

context - the current navigation context

Returns:

a result indicating weather the access to target view should be granted or not, never null.