Package com.vaadin.flow.server.auth
Class AccessAnnotationChecker
- java.lang.Object
-
- com.vaadin.flow.server.auth.AccessAnnotationChecker
-
- All Implemented Interfaces:
Serializable
public class AccessAnnotationChecker extends Object implements Serializable
Checks if a given user has access to a given method.Check is performed as follows when called for a method:
- A security annotation (see below) is searched for on that particular method.
- If a security annotation was not found on the method, checks the class the method is declared in.
- If no security annotation was found, deny access by default
The security annotations checked and their meaning are:
AnonymousAllowed
- allows access to any logged on or not logged in user. Public access.PermitAll
- allows access to any logged in user but denies access to anonymous users.RolesAllowed
- allows access there is a logged in user that has any of the roles mentioned in the annotationDenyAll
- denies access.
- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description AccessAnnotationChecker()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AnnotatedElement
getSecurityTarget(Class<?> cls)
Gets the class to check for security restrictions.AnnotatedElement
getSecurityTarget(Method method)
Gets the method or class to check for security restrictions.boolean
hasAccess(Class<?> cls)
Checks if the user defined by the current active servlet request (usingHttpServletRequest.getUserPrincipal()
andHttpServletRequest.isUserInRole(String)
has access to the given class.boolean
hasAccess(Class<?> cls, Principal principal, Function<String,Boolean> roleChecker)
Checks if the user defined by the givenPrincipal
and role checker has access to the given class.boolean
hasAccess(Class<?> cls, javax.servlet.http.HttpServletRequest request)
Checks if the user defined by the request (usingHttpServletRequest.getUserPrincipal()
andHttpServletRequest.isUserInRole(String)
has access to the given class.boolean
hasAccess(Method method)
Checks if the user defined by the current active servlet request (usingHttpServletRequest.getUserPrincipal()
andHttpServletRequest.isUserInRole(String)
has access to the given method.boolean
hasAccess(Method method, Principal principal, Function<String,Boolean> roleChecker)
Checks if the user defined by the givenPrincipal
and role checker has access to the given method.boolean
hasAccess(Method method, javax.servlet.http.HttpServletRequest request)
Checks if the user defined by the request (usingHttpServletRequest.getUserPrincipal()
andHttpServletRequest.isUserInRole(String)
has access to the given method.
-
-
-
Method Detail
-
hasAccess
public boolean hasAccess(Method method)
Checks if the user defined by the current active servlet request (usingHttpServletRequest.getUserPrincipal()
andHttpServletRequest.isUserInRole(String)
has access to the given method.- Parameters:
method
- the method to check access to- Returns:
true
if the user has access to the given method,false
otherwise
-
hasAccess
public boolean hasAccess(Class<?> cls)
Checks if the user defined by the current active servlet request (usingHttpServletRequest.getUserPrincipal()
andHttpServletRequest.isUserInRole(String)
has access to the given class.- Parameters:
cls
- the class to check access to- Returns:
true
if the user has access to the given method,false
otherwise
-
hasAccess
public boolean hasAccess(Method method, javax.servlet.http.HttpServletRequest request)
Checks if the user defined by the request (usingHttpServletRequest.getUserPrincipal()
andHttpServletRequest.isUserInRole(String)
has access to the given method.- Parameters:
method
- the method to check access torequest
- the http request to use for user information- Returns:
true
if the user has access to the given method,false
otherwise
-
hasAccess
public boolean hasAccess(Class<?> cls, javax.servlet.http.HttpServletRequest request)
Checks if the user defined by the request (usingHttpServletRequest.getUserPrincipal()
andHttpServletRequest.isUserInRole(String)
has access to the given class.- Parameters:
cls
- the class to check access torequest
- the http request to use for user information- Returns:
true
if the user has access to the given method,false
otherwise
-
hasAccess
public boolean hasAccess(Method method, Principal principal, Function<String,Boolean> roleChecker)
Checks if the user defined by the givenPrincipal
and role checker has access to the given method.- Parameters:
method
- the method to check access toprincipal
- the principal of the userroleChecker
- a function that can answer if a user has a given role- Returns:
true
if the user has access to the given method,false
otherwise
-
hasAccess
public boolean hasAccess(Class<?> cls, Principal principal, Function<String,Boolean> roleChecker)
Checks if the user defined by the givenPrincipal
and role checker has access to the given class.- Parameters:
cls
- the class to check access toprincipal
- the principal of the userroleChecker
- a function that can answer if a user has a given role- Returns:
true
if the user has access to the given method,false
otherwise
-
getSecurityTarget
public AnnotatedElement getSecurityTarget(Method method)
Gets the method or class to check for security restrictions.- Parameters:
method
- the method to look up- Returns:
- the entity that is responsible for security settings for the method passed
- Throws:
IllegalArgumentException
- if the method is not public
-
getSecurityTarget
public AnnotatedElement getSecurityTarget(Class<?> cls)
Gets the class to check for security restrictions.- Parameters:
cls
- the class to check- Returns:
- the first annotated class in
cls
's hierarchy that annotated with one of the access annotations, starting from the inputcls
class itself, going up in the hierarchy. Note: interfaces in thecls
's hierarchy are ignored.If no class in the hierarchy was annotated with any of the access annotations, the
cls
input parameter itself would be returned.Access annotations that being checked are:
@AnonymousAllowed
@PermitAll
@RolesAllowed
@DenyAll
- Throws:
NullPointerException
- if the inputcls
is null
-
-