AccessAnnotationChecker (Vaadin Platform (vaadin-platform-javadoc) 20.0.0 API)

java.lang.Object
- com.vaadin.flow.server.auth.AccessAnnotationChecker

All Implemented Interfaces:

Serializable
```
public class AccessAnnotationChecker
extends Object
implements Serializable
```
Checks if a given user has access to a given method.
Check is performed as follows when called for a method:
1. A security annotation (see below) is searched for on that particular method.
2. If a security annotation was not found on the method, checks the class the method is declared in.
3. If no security annotation was found, deny access by default
The security annotations checked and their meaning are:
- AnonymousAllowed - allows access to any logged on or not logged in user. Public access.
- PermitAll - allows access to any logged in user but denies access to anonymous users.
- RolesAllowed - allows access there is a logged in user that has any of the roles mentioned in the annotation
- DenyAll - denies access.
See Also:

Serialized Form

Constructor Summary

Constructors
Constructor and Description

AccessAnnotationChecker()

Constructors
Constructor and Description
`AccessAnnotationChecker()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`AnnotatedElement`	`getSecurityTarget(Class<?> cls)` Gets the class to check for security restrictions.
`AnnotatedElement`	`getSecurityTarget(Method method)` Gets the method or class to check for security restrictions.
`boolean`	`hasAccess(Class<?> cls)` Checks if the user defined by the current active servlet request (using `HttpServletRequest.getUserPrincipal()` and `HttpServletRequest.isUserInRole(String)` has access to the given class.
`boolean`	`hasAccess(Class<?> cls, javax.servlet.http.HttpServletRequest request)` Checks if the user defined by the request (using `HttpServletRequest.getUserPrincipal()` and `HttpServletRequest.isUserInRole(String)` has access to the given class.
`boolean`	`hasAccess(Class<?> cls, Principal principal, Function<String,Boolean> roleChecker)` Checks if the user defined by the given `Principal` and role checker has access to the given class.
`boolean`	`hasAccess(Method method)` Checks if the user defined by the current active servlet request (using `HttpServletRequest.getUserPrincipal()` and `HttpServletRequest.isUserInRole(String)` has access to the given method.
`boolean`	`hasAccess(Method method, javax.servlet.http.HttpServletRequest request)` Checks if the user defined by the request (using `HttpServletRequest.getUserPrincipal()` and `HttpServletRequest.isUserInRole(String)` has access to the given method.
`boolean`	`hasAccess(Method method, Principal principal, Function<String,Boolean> roleChecker)` Checks if the user defined by the given `Principal` and role checker has access to the given method.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - AccessAnnotationChecker
```
public AccessAnnotationChecker()
```
- Method Detail
  - hasAccess
```
public boolean hasAccess(Method method)
```
    Checks if the user defined by the current active servlet request (using HttpServletRequest.getUserPrincipal() and HttpServletRequest.isUserInRole(String) has access to the given method.
    
    Parameters:
    
    method - the method to check access to
    
    Returns:
    
    true if the user has access to the given method, false otherwise
  - hasAccess
```
public boolean hasAccess(Class<?> cls)
```
    Checks if the user defined by the current active servlet request (using HttpServletRequest.getUserPrincipal() and HttpServletRequest.isUserInRole(String) has access to the given class.
    
    Parameters:
    
    cls - the class to check access to
    
    Returns:
    
    true if the user has access to the given method, false otherwise
  - hasAccess
```
public boolean hasAccess(Method method,
                         javax.servlet.http.HttpServletRequest request)
```
    Checks if the user defined by the request (using HttpServletRequest.getUserPrincipal() and HttpServletRequest.isUserInRole(String) has access to the given method.
    
    Parameters:
    
    method - the method to check access to
    
    request - the http request to use for user information
    
    Returns:
    
    true if the user has access to the given method, false otherwise
  - hasAccess
```
public boolean hasAccess(Class<?> cls,
                         javax.servlet.http.HttpServletRequest request)
```
    Checks if the user defined by the request (using HttpServletRequest.getUserPrincipal() and HttpServletRequest.isUserInRole(String) has access to the given class.
    
    Parameters:
    
    cls - the class to check access to
    
    request - the http request to use for user information
    
    Returns:
    
    true if the user has access to the given method, false otherwise
  - hasAccess
```
public boolean hasAccess(Method method,
                         Principal principal,
                         Function<String,Boolean> roleChecker)
```
    Checks if the user defined by the given Principal and role checker has access to the given method.
    
    Parameters:
    
    method - the method to check access to
    
    principal - the principal of the user
    
    roleChecker - a function that can answer if a user has a given role
    
    Returns:
    
    true if the user has access to the given method, false otherwise
  - hasAccess
```
public boolean hasAccess(Class<?> cls,
                         Principal principal,
                         Function<String,Boolean> roleChecker)
```
    Checks if the user defined by the given Principal and role checker has access to the given class.
    
    Parameters:
    
    cls - the class to check access to
    
    principal - the principal of the user
    
    roleChecker - a function that can answer if a user has a given role
    
    Returns:
    
    true if the user has access to the given method, false otherwise
  - getSecurityTarget
```
public AnnotatedElement getSecurityTarget(Method method)
```
    Gets the method or class to check for security restrictions.
    
    Parameters:
    
    method - the method to look up
    
    Returns:
    
    the entity that is responsible for security settings for the method passed
    
    Throws:
    
    IllegalArgumentException - if the method is not public
  - getSecurityTarget
```
public AnnotatedElement getSecurityTarget(Class<?> cls)
```
    Gets the class to check for security restrictions.
    
    Parameters:
    
    cls - the class to check
    
    Returns:
    
    the entity that is responsible for security settings for the method passed
    
    Throws:
    
    IllegalArgumentException - if the method is not public

Class AccessAnnotationChecker

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

AccessAnnotationChecker

Method Detail

hasAccess

hasAccess

hasAccess

hasAccess

hasAccess

hasAccess

getSecurityTarget

getSecurityTarget