Package com.vaadin.flow.server.auth
Class AccessAnnotationChecker
java.lang.Object
com.vaadin.flow.server.auth.AccessAnnotationChecker
- All Implemented Interfaces:
Serializable
Checks if a given user has access to a given method.
Check is performed as follows when called for a method:
- A security annotation (see below) is searched for on that particular method.
- If a security annotation was not found on the method, checks the class the method is declared in.
- If no security annotation was found, deny access by default
The security annotations checked and their meaning are:
AnonymousAllowed
- allows access to any logged on or not logged in user. Public access.PermitAll
- allows access to any logged in user but denies access to anonymous users.RolesAllowed
- allows access there is a logged in user that has any of the roles mentioned in the annotationDenyAll
- denies access.
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptiongetSecurityTarget
(Class<?> cls) Gets the class to check for security restrictions.getSecurityTarget
(Method method) Gets the method or class to check for security restrictions.boolean
Checks if the user defined by the current active servlet request (usingHttpServletRequest.getUserPrincipal()
andHttpServletRequest.isUserInRole(String)
has access to the given class.boolean
Checks if the user defined by the request (usingHttpServletRequest.getUserPrincipal()
andHttpServletRequest.isUserInRole(String)
has access to the given class.boolean
Checks if the user defined by the givenPrincipal
and role checker has access to the given class.boolean
Checks if the user defined by the current active servlet request (usingHttpServletRequest.getUserPrincipal()
andHttpServletRequest.isUserInRole(String)
has access to the given method.boolean
Checks if the user defined by the request (usingHttpServletRequest.getUserPrincipal()
andHttpServletRequest.isUserInRole(String)
has access to the given method.boolean
Checks if the user defined by the givenPrincipal
and role checker has access to the given method.
-
Constructor Details
-
AccessAnnotationChecker
public AccessAnnotationChecker()
-
-
Method Details
-
hasAccess
Checks if the user defined by the current active servlet request (usingHttpServletRequest.getUserPrincipal()
andHttpServletRequest.isUserInRole(String)
has access to the given method.- Parameters:
method
- the method to check access to- Returns:
true
if the user has access to the given method,false
otherwise
-
hasAccess
Checks if the user defined by the current active servlet request (usingHttpServletRequest.getUserPrincipal()
andHttpServletRequest.isUserInRole(String)
has access to the given class.- Parameters:
cls
- the class to check access to- Returns:
true
if the user has access to the given method,false
otherwise
-
hasAccess
Checks if the user defined by the request (usingHttpServletRequest.getUserPrincipal()
andHttpServletRequest.isUserInRole(String)
has access to the given method.- Parameters:
method
- the method to check access torequest
- the http request to use for user information- Returns:
true
if the user has access to the given method,false
otherwise
-
hasAccess
Checks if the user defined by the request (usingHttpServletRequest.getUserPrincipal()
andHttpServletRequest.isUserInRole(String)
has access to the given class.- Parameters:
cls
- the class to check access torequest
- the http request to use for user information- Returns:
true
if the user has access to the given method,false
otherwise
-
hasAccess
Checks if the user defined by the givenPrincipal
and role checker has access to the given method.- Parameters:
method
- the method to check access toprincipal
- the principal of the userroleChecker
- a function that can answer if a user has a given role- Returns:
true
if the user has access to the given method,false
otherwise
-
hasAccess
Checks if the user defined by the givenPrincipal
and role checker has access to the given class.- Parameters:
cls
- the class to check access toprincipal
- the principal of the userroleChecker
- a function that can answer if a user has a given role- Returns:
true
if the user has access to the given method,false
otherwise
-
getSecurityTarget
Gets the method or class to check for security restrictions.- Parameters:
method
- the method to look up- Returns:
- the entity that is responsible for security settings for the method passed
- Throws:
IllegalArgumentException
- if the method is not public
-
getSecurityTarget
Gets the class to check for security restrictions.- Parameters:
cls
- the class to check- Returns:
- the first annotated class in
cls
's hierarchy that annotated with one of the access annotations, starting from the inputcls
class itself, going up in the hierarchy. Note: interfaces in thecls
's hierarchy are ignored.If no class in the hierarchy was annotated with any of the access annotations, the
cls
input parameter itself would be returned.Access annotations that being checked are:
@AnonymousAllowed
@PermitAll
@RolesAllowed
@DenyAll
- Throws:
NullPointerException
- if the inputcls
is null
-