We use cookies to serve our customers and website visitors in the best possible way. Cookies are used for the proper functioning of the website and for improving the user experience, monitoring visitor traffic and marketing purposes. By continuing to browse the site, you agree to our use of cookies. You can read more about cookies here.
com.vaadin.flow.server.
Class HandlerHelper
- java.lang.Object
-
- com.vaadin.flow.server.HandlerHelper
-
All Implemented Interfaces:
public class HandlerHelper extends Object implements SerializableContains helper methods for
VaadinServletand generally for handlingVaadinRequests.Since:
1.0
See Also:
-
-
Nested Class Summary
Nested Classes Modifier and Type Class and Description static classHandlerHelper.RequestTypeFramework internal enum for tracking the type of a request.
-
Method Summary
All Methods Modifier and Type Method and Description static LocalefindLocale(VaadinSession session, VaadinRequest request)Helper to find the most most suitable Locale.
static StringgetCancelingRelativePath(String pathToCancel)Gets a relative path that cancels the provided path.
static String[]getPublicResources()URLs matching these patterns should be publicly available for applications to work.
static String[]getPublicResourcesRequiringSecurityContext()URLs matching these patterns should be publicly available for applications to work but might require a security context, i.e.
static booleanisFrameworkInternalRequest(String servletMappingPath, javax.servlet.http.HttpServletRequest request)Checks whether the request is an internal request.
static booleanisPathUnsafe(String path)Checks if the given URL path contains the directory change instruction (dot-dot), taking into account possible double encoding in hexadecimal format, which can be injected maliciously.
static booleanisRequestType(VaadinRequest request, HandlerHelper.RequestType requestType)Returns whether the given request is of the given type.
static voidsetResponseNoCacheHeaders(BiConsumer<String,String> headerSetter, BiConsumer<String,Long> longHeaderSetter)Sets no cache headers to the specified response.
-
-
-
Method Detail
-
isRequestType
public static boolean isRequestType(VaadinRequest request, HandlerHelper.RequestType requestType)Returns whether the given request is of the given type.
Parameters:
request- the request to checkrequestType- the type to check forReturns:
trueif the request is of the given type,falseotherwise
-
isFrameworkInternalRequest
public static boolean isFrameworkInternalRequest(String servletMappingPath, javax.servlet.http.HttpServletRequest request)Checks whether the request is an internal request. The requests listed in
HandlerHelper.RequestTypeare considered internal as they are needed for applications to work.Requests for routes, static resources requests and similar are not considered internal requests.
Parameters:
servletMappingPath- the path the Vaadin servlet is mapped to, with or without and ending "/*"request- the servlet requestReturns:
trueif the request is Vaadin internal,falseotherwise
-
findLocale
public static Locale findLocale(VaadinSession session, VaadinRequest request)Helper to find the most most suitable Locale. These potential sources are checked in order until a Locale is found:
- The passed component (or UI) if not null
UI.getCurrent()if defined- The passed session if not null
VaadinSession.getCurrent()if defined- The passed request if not null
VaadinService.getCurrentRequest()if definedLocale.getDefault()
Parameters:
session- the session that is searched for locale ornullif not availablerequest- the request that is searched for locale ornullif not availableReturns:
the found locale
-
setResponseNoCacheHeaders
public static void setResponseNoCacheHeaders(BiConsumer<String,String> headerSetter, BiConsumer<String,Long> longHeaderSetter)Sets no cache headers to the specified response.
Parameters:
headerSetter- setter for string value headerslongHeaderSetter- setter for long value headers
-
getCancelingRelativePath
public static String getCancelingRelativePath(String pathToCancel)Gets a relative path that cancels the provided path. This essentially adds one .. for each part of the path to cancel.
Parameters:
pathToCancel- the path that should be canceledReturns:
a relative path that cancels out the provided path segment
-
isPathUnsafe
public static boolean isPathUnsafe(String path)Checks if the given URL path contains the directory change instruction (dot-dot), taking into account possible double encoding in hexadecimal format, which can be injected maliciously.
Parameters:
path- the URL path to be verified.Returns:
true, if the given path has a directory change instruction,falseotherwise.
-
getPublicResources
public static String[] getPublicResources()URLs matching these patterns should be publicly available for applications to work. Can be used for defining a bypass for rules in e.g. Spring Security.
-
getPublicResourcesRequiringSecurityContext
public static String[] getPublicResourcesRequiringSecurityContext()URLs matching these patterns should be publicly available for applications to work but might require a security context, i.e. authentication information.
-
-