com.vaadin.flow.server.auth.NavigationAccessControl API 24.6.4 | Vaadin

com.vaadin.flow.server.auth.

java.lang.Object

com.vaadin.flow.server.auth.NavigationAccessControl

All Implemented Interfaces:

BeforeEnterListener, BeforeEnterHandler, Serializable

Direct Known Subclasses:

SpringNavigationAccessControl

public class NavigationAccessControl extends Object implements BeforeEnterListener

A BeforeEnterListener implementation that contains logic to perform access checks before entering a view.

Access rules are defined by providing one or more NavigationAccessChecker instances, that are responsible for deciding if a navigation should be allowed or not. The final navigation grant decision is taken by a pluggable AccessCheckDecisionResolver component, based on the results of all access checkers.

If access is allowed, the navigation continues to the target component. Otherwise, for not authenticated requests, a redirect is performed to the login page (if configured) or to the not found error view.

In development mode, the access check failure reason is forwarded to the not found error view, for debugging purpose. In addition, an exception will be thrown if the decision resolver determines the navigation should be rejected because of misconfigurations.

In production mode, for security reasons, the failure message is never exposed and rejection is treated as a normal deny, without any exception being thrown.

Before redirecting to the login page, the route path and its absolute URL are stored in the HTTP session, to allow the authentication logic to access the requested resource ( SESSION_STORED_REDIRECT, SESSION_STORED_REDIRECT_ABSOLUTE ).

The default constructor create an instance pre-configured with AnnotatedViewAccessChecker.

For internal use only. May be renamed or removed in a future release.

See Also:

Field Summary

Fields

Modifier and Type

Field

Description

static final String

SESSION_STORED_REDIRECT

Attribute name used to store the route path before redirecting to the login view.

static final String

SESSION_STORED_REDIRECT_ABSOLUTE

Attribute name used to store the route absolute URL before redirecting to the login view.
Constructor Summary

Constructors

Modifier

Constructor

Description

NavigationAccessControl()

Create a new instance with the default view annotation checker and decision resolver.

protected

NavigationAccessControl(Collection<NavigationAccessChecker> checkerList)

Create a new instance with given checkers and the default decision resolver.

NavigationAccessControl(Collection<NavigationAccessChecker> checkerList, AccessCheckDecisionResolver decisionResolver)

Create a new instance with given checkers and decision resolver.
Method Summary

Modifier and Type

Method

Description

void

beforeEnter(BeforeEnterEvent event)

Callback executed before navigation to attaching Component chain is made.

AccessCheckResult

checkAccess(NavigationContext context, boolean productionMode)

NavigationContext

createNavigationContext(Class<?> navigationTarget, String path, VaadinService vaadinService, VaadinRequest vaadinRequest)

Creates a new NavigationContext instance based on the given route data and Vaadin service and request.

protected Class<? extends RuntimeException>

getAccessDeniedException(AnnotatedElement securedClass)

protected String

getLoginUrl()

Gets the frontend login view.

protected Class<? extends Component>

getLoginView()

Gets the Flow login view.

protected Principal

getPrincipal(VaadinRequest request)

Gets the principal for the currently logged in user.

protected String

getRequestURL(VaadinRequest vaadinRequest)

Gets the URL the client used to make the request.

protected Predicate<String>

getRolesChecker(VaadinRequest request)

Gets a function for checking roles for the currently logged in user.

boolean

hasAccessChecker(Class<? extends NavigationAccessChecker> type)

Checks if an access checker of the given type is in use.

final boolean

isEnabled()

Gets if the access control is enabled or not.

final void

setEnabled(boolean enabled)

Enables or disables the navigation access control.

final void

setLoginView(Class<? extends Component> loginView)

Sets the Flow login view to use.

void

setLoginView(String loginUrl)

Sets the frontend login view to use.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details
- SESSION_STORED_REDIRECT
  
  public static final String SESSION_STORED_REDIRECT
  
  Attribute name used to store the route path before redirecting to the login view.
- SESSION_STORED_REDIRECT_ABSOLUTE
  
  public static final String SESSION_STORED_REDIRECT_ABSOLUTE
  
  Attribute name used to store the route absolute URL before redirecting to the login view.
Constructor Details
- NavigationAccessControl
  
  public NavigationAccessControl()
  
  Create a new instance with the default view annotation checker and decision resolver.
  See Also:
  
  AnnotatedViewAccessChecker
  
  DefaultAccessCheckDecisionResolver
- NavigationAccessControl
  
  public NavigationAccessControl(Collection<NavigationAccessChecker> checkerList, AccessCheckDecisionResolver decisionResolver)
  
  Create a new instance with given checkers and decision resolver.
  
  Parameters:
  
  checkerList - collection of navigation access checker.
  
  decisionResolver - the decision resolver.
- NavigationAccessControl
  
  protected NavigationAccessControl(Collection<NavigationAccessChecker> checkerList)
  
  Create a new instance with given checkers and the default decision resolver.
  Parameters:
  
  checkerList - collection of navigation access checker.
  
  See Also:
  
  DefaultAccessCheckDecisionResolver
Method Details
- setEnabled
  
  public final void setEnabled(boolean enabled)
  
  Enables or disables the navigation access control.
  By disabling the access control, navigation to any route is allowed.
  By default, the access checker is enabled.
  
  Parameters:
  
  enabled - true to enable access control, false to disable the checks and allow navigation to all routes.
- isEnabled
  
  public final boolean isEnabled()
  
  Gets if the access control is enabled or not.
  
  Returns:
  
  true if the access control is enabled, otherwise false.
- setLoginView
  
  public final void setLoginView(Class<? extends Component> loginView)
  
  Sets the Flow login view to use.
  The login view can only be set once and cannot be changed afterwards.
  
  Parameters:
  
  loginView - the Flow view to use as login view
- getLoginView
  
  protected Class<? extends Component> getLoginView()
  
  Gets the Flow login view.
  
  Returns:
  
  the Flow login view, or null if not set
- setLoginView
  
  public void setLoginView(String loginUrl)
  
  Sets the frontend login view to use.
  The login view can only be set once and cannot be changed afterwards.
  
  Parameters:
  
  loginUrl - the frontend view to use as login view
- getLoginUrl
  
  protected String getLoginUrl()
  
  Gets the frontend login view.
  
  Returns:
  
  the frontend login view, or null if not set
- beforeEnter
  
  public void beforeEnter(BeforeEnterEvent event)
  
  Description copied from interface: BeforeEnterHandler
  
  Callback executed before navigation to attaching Component chain is made.
  
  Specified by:
  
  beforeEnter in interface BeforeEnterHandler
  
  Parameters:
  
  event - before navigation event with event details
- checkAccess
  
  public AccessCheckResult checkAccess(NavigationContext context, boolean productionMode)
- getPrincipal
  
  protected Principal getPrincipal(VaadinRequest request)
  
  Gets the principal for the currently logged in user.
  
  Parameters:
  
  request - the current request or null if no request is in progress (e.g. in a background thread)
  
  Returns:
  
  a representation of the currently logged in user or null if no user is currently logged in
- getRolesChecker
  
  protected Predicate<String> getRolesChecker(VaadinRequest request)
  
  Gets a function for checking roles for the currently logged in user.
  
  Parameters:
  
  request - the current request or null if no request is in progress (e.g. in a background thread)
  
  Returns:
  
  a function which takes a role name and returns true if the user is included in that role
- getRequestURL
  
  protected String getRequestURL(VaadinRequest vaadinRequest)
  
  Gets the URL the client used to make the request. The returned URL contains a protocol, server name, port number, and server path, but it does not include query string parameters. Returns an empty string if the URL cannot be extracted from the current request.
  
  Parameters:
  
  vaadinRequest - current request
  
  Returns:
  
  the URL the client used to make the request
- getAccessDeniedException
  
  protected Class<? extends RuntimeException> getAccessDeniedException(AnnotatedElement securedClass)
- hasAccessChecker
  
  public boolean hasAccessChecker(Class<? extends NavigationAccessChecker> type)
  
  Checks if an access checker of the given type is in use.
  
  Returns:
  
  true if a checker is in use, false otherwise
- createNavigationContext
  
  public NavigationContext createNavigationContext(Class<?> navigationTarget, String path, VaadinService vaadinService, VaadinRequest vaadinRequest)
  
  Creates a new NavigationContext instance based on the given route data and Vaadin service and request.
  
  Parameters:
  
  navigationTarget - the navigation target class. Not null.
  
  path - the path to the navigation target. Not null.
  
  vaadinService - the Vaadin service. Not null.
  
  vaadinRequest - the Vaadin request.
  
  Returns:
  
  a new navigation context instance.