Package dev.hilla.auth

Class EndpointAccessChecker

java.lang.Object

dev.hilla.auth.EndpointAccessChecker

public class EndpointAccessChecker
extends Object

Component used for checking role-based ACL in Vaadin Endpoints.

For each request that is trying to access the method in the corresponding Vaadin Endpoint, the permission check is carried on.

It looks for AnonymousAllowed PermitAll, DenyAll and RolesAllowed annotations in endpoint methods and classes containing these methods (no super classes' annotations are taken into account).

Method-level annotation override Class-level ones.

In the next example, since the class is denied to all, method1 is not accessible to anyone, method2 can be executed by any authorized used, method3 is only allowed to the accounts having the ROLE_USER authority and method4 is available for every user, including anonymous ones that don't provide any token in their requests.

 @Endpoint
 @DenyAll
 public class DemoEndpoint {

     public void method1() {
     }

     @PermitAll
     public void method2() {
     }

     @RolesAllowed("ROLE_USER")
     public void method3() {
     }

     @AnonymousAllowed
     public void method4() {
     }
 }
 

Field Summary

Fields

Modifier and Type	Field	Description
static String	ACCESS_DENIED_MSG
static String	ACCESS_DENIED_MSG_DEV_MODE

Constructor Summary

Constructors

Constructor	Description
EndpointAccessChecker(com.vaadin.flow.server.auth.AccessAnnotationChecker accessAnnotationChecker)	Creates a new instance.

Method Summary

Modifier and Type	Method	Description
String	check(Method method, Principal principal, Function<String,Boolean> rolesChecker)	Check that the endpoint is accessible for the current user.
String	check(Method method, javax.servlet.http.HttpServletRequest request)	Check that the endpoint is accessible for the current user.
com.vaadin.flow.server.auth.AccessAnnotationChecker	getAccessAnnotationChecker()	Returns the instance used for checking access based on annotations.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ACCESS_DENIED_MSG

public static final String ACCESS_DENIED_MSG

See Also:

Constant Field Values

ACCESS_DENIED_MSG_DEV_MODE

public static final String ACCESS_DENIED_MSG_DEV_MODE

See Also:

Constant Field Values

Constructor Detail

EndpointAccessChecker

public EndpointAccessChecker(com.vaadin.flow.server.auth.AccessAnnotationChecker accessAnnotationChecker)

Creates a new instance.

Parameters:

accessAnnotationChecker - the access checker to use

Method Detail

check

public String check(Method method,
                    javax.servlet.http.HttpServletRequest request)

Check that the endpoint is accessible for the current user.

Parameters:

method - the Vaadin endpoint method to check ACL

request - the request that triggers the method invocation

Returns:

an error String with an issue description, if any validation issues occur, null otherwise

check

public String check(Method method,
                    Principal principal,
                    Function<String,Boolean> rolesChecker)

Check that the endpoint is accessible for the current user.

Parameters:

method - the Vaadin endpoint method to check ACL

principal - the user principal object

rolesChecker - a function for checking if a user is in a given role

Returns:

an error String with an issue description, if any validation issues occur, null otherwise

getAccessAnnotationChecker

public com.vaadin.flow.server.auth.AccessAnnotationChecker getAccessAnnotationChecker()

Returns the instance used for checking access based on annotations.

Returns:

the instance used for checking access based on annotations