com.vaadin.flow.server.connect.auth.VaadinConnectAccessChecker API 16.0.5 | Vaadin

You're viewing an older version of Vaadin JavaDoc. Please see version 24.7.0 for the latest.

com.vaadin.flow.server.connect.auth.

java.lang.Object
- com.vaadin.flow.server.connect.auth.VaadinConnectAccessChecker

```
public class VaadinConnectAccessChecker
extends Object
```
Component used for checking role-based ACL in Vaadin Endpoints.
For each request that is trying to access the method in the corresponding Vaadin Connect Endpoint, the permission check is carried on.
It looks for AnonymousAllowed PermitAll, DenyAll and RolesAllowed annotations in endpoint methods and classes containing these methods (no super classes' annotations are taken into account).
Method-level annotation override Class-level ones.
In the next example, since the class is denied to all, method1 is not accessible to anyone, method2 can be executed by any authorized used, method3 is only allowed to the accounts having the ROLE_USER authority and method4 is available for every user, including anonymous ones that don't provide any token in their requests.
```
 @Endpoint
 @DenyAll
 public class DemoEndpoint {

     public void method1() {
     }

     @PermitAll
     public void method2() {
     }

     @RolesAllowed("ROLE_USER")
     public void method3() {
     }

     @AnonymousAllowed
     public void method4() {
     }
 }
 
```

Constructor Summary

Constructors
Constructor and Description

VaadinConnectAccessChecker()

Method Summary

All Methods
Modifier and Type	Method and Description
`String`	`check(Method method, HttpServletRequest request)` Check that the endpoint is accessible for the current user.
`void`	`enableCsrf(boolean xsrfProtectionEnabled)` Enable or disable XSRF token checking in endpoints.
`AnnotatedElement`	`getSecurityTarget(Method method)` Gets the entity to check for Vaadin Connect security restrictions.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - VaadinConnectAccessChecker
```
public VaadinConnectAccessChecker()
```
- Method Detail
  - check
```
public String check(Method method,
                    HttpServletRequest request)
```
    Check that the endpoint is accessible for the current user.
    
    Parameters:
    
    method - the Vaadin endpoint method to check ACL
    
    request - the request that triggers the method invocation
    
    Returns:
    
    an error String with an issue description, if any validation issues occur, null otherwise
  - getSecurityTarget
```
public AnnotatedElement getSecurityTarget(Method method)
```
    Gets the entity to check for Vaadin Connect security restrictions.
    
    Parameters:
    
    method - the method to analyze, not null
    
    Returns:
    
    the entity that is responsible for security settings for the method passed
    
    Throws:
    
    IllegalArgumentException - if the method is not public
  - enableCsrf
```
public void enableCsrf(boolean xsrfProtectionEnabled)
```
    Enable or disable XSRF token checking in endpoints.
    
    Parameters:
    
    xsrfProtectionEnabled - enable or disable protection.