Package com.vaadin.flow.server

Class HandlerHelper

    • Method Detail

      • isRequestType

        public static boolean isRequestType​(VaadinRequest request,
                                    HandlerHelper.RequestType requestType)
        Returns whether the given request is of the given type.
        Parameters:
        request - the request to check
        requestType - the type to check for
        Returns:
        true if the request is of the given type, false otherwise

      • isFrameworkInternalRequest

        public static boolean isFrameworkInternalRequest​(String servletMappingPath,
                                                 javax.servlet.http.HttpServletRequest request)
        Checks whether the request is an internal request. The requests listed in HandlerHelper.RequestType are considered internal as they are needed for applications to work.

        Requests for routes, static resources requests and similar are not considered internal requests.

        Parameters:
        servletMappingPath - the path the Vaadin servlet is mapped to, with or without and ending "/*"
        request - the servlet request
        Returns:
        true if the request is Vaadin internal, false otherwise

      • getPathIfInsideServlet

        public static Optional<String> getPathIfInsideServlet​(String servletMappingPath,
                                                      String requestedPath)
        Returns the rest of the path after the servlet mapping part, if the requested path targets a path inside the servlet.
        Parameters:
        servletMappingPath - the servlet mapping from the servlet configuration
        requestedPath - the request path relative to the context root
        Returns:
        an optional containing the path relative to the servlet if the request is inside the servlet mapping, an empty optional otherwise

      • getRequestPathInsideContext

        public static String getRequestPathInsideContext​(javax.servlet.http.HttpServletRequest request)
        Returns the requested path inside the context root.
        Parameters:
        request - the servlet request
        Returns:
        the path inside the context root, not including the slash after the context root path

      • findLocale

        public static Locale findLocale​(VaadinSession session,
                                VaadinRequest request)
        Helper to find the most most suitable Locale. These potential sources are checked in order until a Locale is found:
        1. The passed component (or UI) if not null
        2. UI.getCurrent() if defined
        3. The passed session if not null
        4. VaadinSession.getCurrent() if defined
        5. The passed request if not null
        6. VaadinService.getCurrentRequest() if defined
        7. Locale.getDefault()
        Parameters:
        session - the session that is searched for locale or null if not available
        request - the request that is searched for locale or null if not available
        Returns:
        the found locale

      • setResponseNoCacheHeaders

        public static void setResponseNoCacheHeaders​(BiConsumer<String,​String> headerSetter,
                                             BiConsumer<String,​Long> longHeaderSetter)
        Sets no cache headers to the specified response.
        Parameters:
        headerSetter - setter for string value headers
        longHeaderSetter - setter for long value headers

      • getCancelingRelativePath

        public static String getCancelingRelativePath​(String pathToCancel)
        Gets a relative path that cancels the provided path. This essentially adds one .. for each part of the path to cancel.
        Parameters:
        pathToCancel - the path that should be canceled
        Returns:
        a relative path that cancels out the provided path segment

      • isPathUnsafe

        public static boolean isPathUnsafe​(String path)
        Checks if the given URL path contains the directory change instruction (dot-dot), taking into account possible double encoding in hexadecimal format, which can be injected maliciously.
        Parameters:
        path - the URL path to be verified.
        Returns:
        true, if the given path has a directory change instruction, false otherwise.

      • getPublicResources

        public static String[] getPublicResources()
        URLs matching these patterns should be publicly available for applications to work. Can be used for defining a bypass for rules in e.g. Spring Security.

      • getPublicResourcesRequiringSecurityContext

        public static String[] getPublicResourcesRequiringSecurityContext()
        URLs matching these patterns should be publicly available for applications to work but might require a security context, i.e. authentication information.