Package com.vaadin.flow.spring.security

Class RequestUtil

java.lang.Object
com.vaadin.flow.spring.security.RequestUtil
public class RequestUtil extends Object
Contains utility methods related to request handling.

  • Constructor Summary

    Constructors
    Constructor
    Description
    RequestUtil()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    static org.springframework.security.web.util.matcher.RequestMatcher[]
    antMatchers(String... patterns)
    Deprecated, for removal: This API element is subject to removal in a future version.
    AntPathRequestMatcher is deprecated and marked for removal.
    String
    applyUrlMapping(String path)
    Prepends to the given path with the configured url mapping.
    String
    getUrlMapping()
    Gets the url mapping for the Vaadin servlet.
    boolean
    isAllowedHillaView(jakarta.servlet.http.HttpServletRequest request)
    Deprecated, for removal: This API element is subject to removal in a future version.
    use isAnonymousHillaRoute(HttpServletRequest) to match requests to Hilla views that do not require authentication
    boolean
    isAnonymousEndpoint(jakarta.servlet.http.HttpServletRequest request)
    Checks whether the request targets an endpoint that is public, i.e.
    boolean
    isAnonymousHillaRoute(jakarta.servlet.http.HttpServletRequest request)
    Checks if the request targets a Hilla route that allows anonymous access.
    boolean
    isAnonymousRoute(jakarta.servlet.http.HttpServletRequest request)
    Checks whether the request targets a Flow route that is public, i.e.
    boolean
    isCustomWebIcon(jakarta.servlet.http.HttpServletRequest request)
    Checks whether the request targets a custom PWA icon or Favicon path.
    boolean
    isEndpointRequest(jakarta.servlet.http.HttpServletRequest request)
    Checks whether the request targets an endpoint.
    boolean
    isFrameworkInternalRequest(jakarta.servlet.http.HttpServletRequest request)
    Checks whether the request is an internal request.
    boolean
    isSecuredFlowRoute(jakarta.servlet.http.HttpServletRequest request)
    Checks whether the request targets a Flow route secured with navigation access control.
    boolean
    isSecuredHillaRoute(jakarta.servlet.http.HttpServletRequest request)
    Checks if the request targets a Hilla route that requires authentication.
    static org.springframework.security.web.util.matcher.RequestMatcher[]
    routeMatchers(String... patterns)
    Deprecated, for removal: This API element is subject to removal in a future version.
    AntPathRequestMatcher is deprecated and marked for removal.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • RequestUtil

      public RequestUtil()

  • Method Details

    • isFrameworkInternalRequest

      public boolean isFrameworkInternalRequest(jakarta.servlet.http.HttpServletRequest request)
      Checks whether the request is an internal request.

      An internal request is one that is needed for all Vaadin applications to function, e.g. UIDL or init requests.

      Note that bootstrap requests for any route or static resource requests are not internal, neither are resource requests for the JS bundle.

      Parameters:
      request - the servlet request
      Returns:
      true if the request is Vaadin internal, false otherwise

    • isEndpointRequest

      public boolean isEndpointRequest(jakarta.servlet.http.HttpServletRequest request)
      Checks whether the request targets an endpoint.
      Parameters:
      request - the servlet request
      Returns:
      true if the request is targeting an enpoint, false otherwise

    • isAnonymousEndpoint

      public boolean isAnonymousEndpoint(jakarta.servlet.http.HttpServletRequest request)
      Checks whether the request targets an endpoint that is public, i.e. marked as @AnonymousAllowed.
      Parameters:
      request - the servlet request
      Returns:
      true if the request is targeting an anonymous endpoint, false otherwise

    • isAllowedHillaView

      @Deprecated(since="25.0", forRemoval=true) public boolean isAllowedHillaView(jakarta.servlet.http.HttpServletRequest request)
      Deprecated, for removal: This API element is subject to removal in a future version.
      use isAnonymousHillaRoute(HttpServletRequest) to match requests to Hilla views that do not require authentication
      Checks if the request targets a Hilla view that is allowed according to its configuration and the current user.
      Parameters:
      request - the HTTP request to check
      Returns:
      true if the request corresponds to an accessible Hilla view, false otherwise

    • isAnonymousRoute

      public boolean isAnonymousRoute(jakarta.servlet.http.HttpServletRequest request)
      Checks whether the request targets a Flow route that is public, i.e. marked as @AnonymousAllowed.
      Parameters:
      request - the servlet request
      Returns:
      true if the request is targeting an anonymous route, false otherwise

    • isSecuredFlowRoute

      public boolean isSecuredFlowRoute(jakarta.servlet.http.HttpServletRequest request)
      Checks whether the request targets a Flow route secured with navigation access control.
      Parameters:
      request - the servlet request
      Returns:
      true if the request is targeting a Flow route secured with navigation access control, false otherwise

    • isAnonymousHillaRoute

      public boolean isAnonymousHillaRoute(jakarta.servlet.http.HttpServletRequest request)
      Checks if the request targets a Hilla route that allows anonymous access.
      Parameters:
      request - the HTTP request to check
      Returns:
      true if the request corresponds to a Hilla route that allows anonymous access, false otherwise

    • isSecuredHillaRoute

      public boolean isSecuredHillaRoute(jakarta.servlet.http.HttpServletRequest request)
      Checks if the request targets a Hilla route that requires authentication.
      Parameters:
      request - the HTTP request to check
      Returns:
      true if the request corresponds to a Hilla route that requires authentication, false otherwise

    • isCustomWebIcon

      public boolean isCustomWebIcon(jakarta.servlet.http.HttpServletRequest request)
      Checks whether the request targets a custom PWA icon or Favicon path.
      Parameters:
      request - the servlet request
      Returns:
      true if the request is targeting a custom PWA icon or a custom favicon path, false otherwise

    • antMatchers

      @Deprecated(since="24.8", forRemoval=true) public static org.springframework.security.web.util.matcher.RequestMatcher[] antMatchers(String... patterns)
      Deprecated, for removal: This API element is subject to removal in a future version.
      AntPathRequestMatcher is deprecated and marked for removal. This method is deprecated without direct replacement; use PathPatternRequestMatcher instead.
      Utility to create RequestMatchers from ant patterns.

      Since org.springframework.security.web.util.matcher.AntPathRequestMatcher is deprecated and will be removed, callers of this method should be updated to use PathPatternRequestMatcher instead. 

       
  var matcherBuilder = PathPatternRequestMatcher.withDefaults():
  var requestMatcher = matcherBuilder.match(path);
      Parameters:
      patterns - and patterns
      Returns:
      an array or RequestMatcher instances for the given patterns.

    • routeMatchers

      @Deprecated(since="24.8", forRemoval=true) public static org.springframework.security.web.util.matcher.RequestMatcher[] routeMatchers(String... patterns)
      Deprecated, for removal: This API element is subject to removal in a future version.
      AntPathRequestMatcher is deprecated and marked for removal. This method is deprecated without direct replacement; use PathPatternRequestMatcher instead.
      Utility to create RequestMatchers for a Vaadin routes, using ant patterns and HTTP get method.

      Since org.springframework.security.web.util.matcher.AntPathRequestMatcher is deprecated and will be removed, callers of this method should be updated to use PathPatternRequestMatcher instead. 

       
  var matcherBuilder = PathPatternRequestMatcher.withDefaults():
  var requestMatcher = matcherBuilder.match(HttpMethod.GET, path);
      Parameters:
      patterns - ANT patterns
      Returns:
      an array or RequestMatcher instances for the given patterns.

    • getUrlMapping

      public String getUrlMapping()
      Gets the url mapping for the Vaadin servlet.
      Returns:
      the url mapping
      See Also:

    • applyUrlMapping

      public String applyUrlMapping(String path)
      Prepends to the given path with the configured url mapping.

      A null path is treated as empty string; the same applies for url mapping.

      Parameters:
      path - the path to prepend the url mapping to
      Returns:
      the path with prepended url mapping.
      See Also: