Package com.vaadin.flow.spring.security

Class RequestUtil

java.lang.Object

com.vaadin.flow.spring.security.RequestUtil

@Component
public class RequestUtil
extends Object

Contains utility methods related to request handling.

Constructor Summary

Constructors

Constructor	Description
RequestUtil()

Method Summary

Modifier and Type	Method	Description
static org.springframework.security.web.util.matcher.RequestMatcher[]	antMatchers(String... patterns)	Deprecated, for removal: This API element is subject to removal in a future version. AntPathRequestMatcher is deprecated and marked for removal.
String	applyUrlMapping(String path)	Prepends to the given path with the configured url mapping.
String	getUrlMapping()	Gets the url mapping for the Vaadin servlet.
boolean	isAllowedHillaView(jakarta.servlet.http.HttpServletRequest request)	Checks if the request targets a Hilla view that is allowed according to its configuration and the current user.
boolean	isAnonymousEndpoint(jakarta.servlet.http.HttpServletRequest request)	Checks whether the request targets an endpoint that is public, i.e.
boolean	isAnonymousRoute(jakarta.servlet.http.HttpServletRequest request)	Checks whether the request targets a Flow route that is public, i.e.
boolean	isCustomWebIcon(jakarta.servlet.http.HttpServletRequest request)	Checks whether the request targets a custom PWA icon or Favicon path.
boolean	isEndpointRequest(jakarta.servlet.http.HttpServletRequest request)	Checks whether the request targets an endpoint.
boolean	isFrameworkInternalRequest(jakarta.servlet.http.HttpServletRequest request)	Checks whether the request is an internal request.
boolean	isSecuredFlowRoute(jakarta.servlet.http.HttpServletRequest request)	Checks whether the request targets a Flow route secured with navigation access control.
static org.springframework.security.web.util.matcher.RequestMatcher	principalAwareRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher matcher)	Wraps a given RequestMatcher to ensure requests are processed with the principal awareness provided by RequestUtil.PrincipalAwareRequestWrapper.
static org.springframework.security.web.util.matcher.RequestMatcher[]	routeMatchers(String... patterns)	Deprecated, for removal: This API element is subject to removal in a future version. AntPathRequestMatcher is deprecated and marked for removal.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

RequestUtil

public RequestUtil()

Method Details

isFrameworkInternalRequest

public boolean isFrameworkInternalRequest(jakarta.servlet.http.HttpServletRequest request)

Checks whether the request is an internal request. An internal request is one that is needed for all Vaadin applications to function, e.g. UIDL or init requests. Note that bootstrap requests for any route or static resource requests are not internal, neither are resource requests for the JS bundle.

Parameters:

request - the servlet request

Returns:

true if the request is Vaadin internal, false otherwise

isEndpointRequest

public boolean isEndpointRequest(jakarta.servlet.http.HttpServletRequest request)

Checks whether the request targets an endpoint.

Parameters:

request - the servlet request

Returns:

true if the request is targeting an enpoint, false otherwise

isAnonymousEndpoint

public boolean isAnonymousEndpoint(jakarta.servlet.http.HttpServletRequest request)

Checks whether the request targets an endpoint that is public, i.e. marked as @AnonymousAllowed.

Parameters:

request - the servlet request

Returns:

true if the request is targeting an anonymous endpoint, false otherwise

isAllowedHillaView

public boolean isAllowedHillaView(jakarta.servlet.http.HttpServletRequest request)

Checks if the request targets a Hilla view that is allowed according to its configuration and the current user.

Parameters:

request - the HTTP request to check

Returns:

true if the request corresponds to an accessible Hilla view, false otherwise

isAnonymousRoute

public boolean isAnonymousRoute(jakarta.servlet.http.HttpServletRequest request)

Checks whether the request targets a Flow route that is public, i.e. marked as @AnonymousAllowed.

Parameters:

request - the servlet request

Returns:

true if the request is targeting an anonymous route, false otherwise

isSecuredFlowRoute

public boolean isSecuredFlowRoute(jakarta.servlet.http.HttpServletRequest request)

Checks whether the request targets a Flow route secured with navigation access control.

Parameters:

request - the servlet request

Returns:

true if the request is targeting a Flow route secured with navigation access control, false otherwise

isCustomWebIcon

public boolean isCustomWebIcon(jakarta.servlet.http.HttpServletRequest request)

Checks whether the request targets a custom PWA icon or Favicon path.

Parameters:

request - the servlet request

Returns:

true if the request is targeting a custom PWA icon or a custom favicon path, false otherwise

antMatchers

@Deprecated(since="24.8",
            forRemoval=true)
public static org.springframework.security.web.util.matcher.RequestMatcher[] antMatchers(String... patterns)

Deprecated, for removal: This API element is subject to removal in a future version.

AntPathRequestMatcher is deprecated and marked for removal. This method is deprecated without direct replacement; use PathPatternRequestMatcher instead.

Utility to create RequestMatchers from ant patterns.

Since org.springframework.security.web.util.matcher.AntPathRequestMatcher is deprecated and will be removed, callers of this method should be updated to use PathPatternRequestMatcher instead.

 
  var matcherBuilder = PathPatternRequestMatcher.withDefaults():
  var requestMatcher = matcherBuilder.match(path);
 
 

Parameters:

patterns - and patterns

Returns:

an array or RequestMatcher instances for the given patterns.

routeMatchers

@Deprecated(since="24.8",
            forRemoval=true)
public static org.springframework.security.web.util.matcher.RequestMatcher[] routeMatchers(String... patterns)

Deprecated, for removal: This API element is subject to removal in a future version.

AntPathRequestMatcher is deprecated and marked for removal. This method is deprecated without direct replacement; use PathPatternRequestMatcher instead.

Utility to create RequestMatchers for a Vaadin routes, using ant patterns and HTTP get method.

Since org.springframework.security.web.util.matcher.AntPathRequestMatcher is deprecated and will be removed, callers of this method should be updated to use PathPatternRequestMatcher instead.

 
  var matcherBuilder = PathPatternRequestMatcher.withDefaults():
  var requestMatcher = matcherBuilder.match(HttpMethod.GET, path);
 
 

Parameters:

patterns - ANT patterns

Returns:

an array or RequestMatcher instances for the given patterns.

principalAwareRequestMatcher

public static org.springframework.security.web.util.matcher.RequestMatcher principalAwareRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher matcher)

Wraps a given RequestMatcher to ensure requests are processed with the principal awareness provided by RequestUtil.PrincipalAwareRequestWrapper.

Parameters:

matcher - the RequestMatcher to be wrapped

Returns:

a RequestMatcher that processes requests using a RequestUtil.PrincipalAwareRequestWrapper for principal awareness

getUrlMapping

public String getUrlMapping()

Gets the url mapping for the Vaadin servlet.

Returns:

the url mapping

See Also:

• VaadinConfigurationProperties.getUrlMapping()

applyUrlMapping

public String applyUrlMapping(String path)

Prepends to the given path with the configured url mapping. A null path is treated as empty string; the same applies for url mapping.

Parameters:

path - the path to prepend the url mapping to

Returns:

the path with prepended url mapping.

See Also:

• VaadinConfigurationProperties.getUrlMapping()