Package com.vaadin.flow.server.auth

Interface NavigationAccessChecker

All Superinterfaces:
Serializable
All Known Implementing Classes:
AnnotatedViewAccessChecker, RoutePathAccessChecker
Functional Interface:
This is a functional interface and can therefore be used as the assignment target for a lambda expression or method reference.
@FunctionalInterface public interface NavigationAccessChecker extends Serializable
Checks if a user is allowed to navigate to a specific view.

Implementors of this interface are responsible to analyze a navigation request and decide if the associate user (or anonymous) is granted to access the target view.

The NavigationContext object provide information about the ongoing navigation and the current user and its assigned roles.

Based on the context information the navigation access checker must take a decision about the current navigation, that can be one of:

  • Allow: the navigation is permitted
  • Deny: the navigation is denied
  • Reject: the navigation is denied because of a configuration or development mistake
  • Neutral: no opinions about the current navigation
NavigationContext provides the methods to create the above AccessCheckResults.

  • Method Summary

    Modifier and Type
    Method
    Description
    AccessCheckResult
    check(NavigationContext context)
    Checks if the current user is allowed to access a target view.

  • Method Details

    • check

      AccessCheckResult check(NavigationContext context)
      Checks if the current user is allowed to access a target view.

      Details about the navigation target and user are provided by the NavigationContext object.

      The path is relative to the Vaadin application and does not contain container specific details such as context path or servlet path.

      The checker may grant access, deny it, or abstain from taking a decision, by returning an appropriate AccessCheckResult object. 

      
 public AccessCheckResult check(NavigationContext context) {
     if (canHandleNavigationRequest(context)) {
         if (hasAccess(context)) {
             return AccessCheckResult.allow();
         } else {
             return AccessCheckResult.deny("Access denied");
         }
     }
     return AccessCheckResult.neutral();
 }
      A special case of deny is rejection; a AccessCheckDecision.REJECT result should be returned if there are misconfiguration in security setup or critical unexpected runtime that prevent the NavigationAccessChecker from taking the access decision. 
      
 public AccessCheckResult check(NavigationContext context) {
     try {
         if (hasAccess(context)) {
             return AccessCheckResult.allow();
         } else {
             return AccessCheckResult.deny("Access denied");
         }
     } catch (Exception ex) {
         return AccessCheckResult
                 .reject("Cannot determine if access can be granted: "
                         + ex.getMessage());
     }
 }
      Result object can also be created using NavigationContext helpers NavigationContext.allow(), NavigationContext.deny(String), NavigationContext.reject(String) and NavigationContext.neutral().

      The check is performed for both regular navigation and during error handling rerouting. The current phase can be checked with the NavigationContext.isErrorHandling() flag. The checker implementation can decide to ignore the error handling phase, by returning a NavigationContext.neutral() result.

      Method implementation is not supposed to throw any kind of exception.
      Parameters:
      context - the current navigation context
      Returns:
      a result indicating weather the access to target view should be granted or not, never null.