com.vaadin.flow.server

Class HandlerHelper

java.lang.Object

com.vaadin.flow.server.HandlerHelper

All Implemented Interfaces:

Serializable

public class HandlerHelper
extends Object
implements Serializable

Contains helper methods for VaadinServlet and generally for handling VaadinRequests.

Since:

1.0

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	HandlerHelper.RequestType Framework internal enum for tracking the type of a request.

Method Summary

Modifier and Type	Method and Description
static Locale	findLocale(VaadinSession session, VaadinRequest request) Helper to find the most most suitable Locale.
static String	getCancelingRelativePath(String pathToCancel) Gets a relative path that cancels the provided path.
static Optional<String>	getPathIfInsideServlet(String servletMappingPath, String requestedPath) Returns the rest of the path after the servlet mapping part, if the requested path targets a path inside the servlet.
static String[]	getPublicResources() URLs matching these patterns should be publicly available for applications to work.
static String[]	getPublicResourcesRequiringSecurityContext() URLs matching these patterns should be publicly available for applications to work but might require a security context, i.e.
static boolean	isFrameworkInternalRequest(String servletMappingPath, javax.servlet.http.HttpServletRequest request) Checks whether the request is an internal request.
static boolean	isPathUnsafe(String path) Checks if the given URL path contains the directory change instruction (dot-dot), taking into account possible double encoding in hexadecimal format, which can be injected maliciously.
static boolean	isRequestType(VaadinRequest request, HandlerHelper.RequestType requestType) Returns whether the given request is of the given type.
static void	setResponseNoCacheHeaders(BiConsumer<String,String> headerSetter, BiConsumer<String,Long> longHeaderSetter) Sets no cache headers to the specified response.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

isRequestType

public static boolean isRequestType(VaadinRequest request,
                                    HandlerHelper.RequestType requestType)

Returns whether the given request is of the given type.

Parameters:

request - the request to check

requestType - the type to check for

Returns:

true if the request is of the given type, false otherwise

isFrameworkInternalRequest

public static boolean isFrameworkInternalRequest(String servletMappingPath,
                                                 javax.servlet.http.HttpServletRequest request)

Checks whether the request is an internal request. The requests listed in HandlerHelper.RequestType are considered internal as they are needed for applications to work.

Requests for routes, static resources requests and similar are not considered internal requests.

Parameters:

servletMappingPath - the path the Vaadin servlet is mapped to, with or without and ending "/*"

request - the servlet request

Returns:

true if the request is Vaadin internal, false otherwise

getPathIfInsideServlet

public static Optional<String> getPathIfInsideServlet(String servletMappingPath,
                                                      String requestedPath)

Returns the rest of the path after the servlet mapping part, if the requested path targets a path inside the servlet.

Parameters:

servletMappingPath - the servlet mapping from the servlet configuration

requestedPath - the request path relative to the context root

Returns:

an optional containing the path relative to the servlet if the request is inside the servlet mapping, an empty optional otherwise

findLocale

public static Locale findLocale(VaadinSession session,
                                VaadinRequest request)

Helper to find the most most suitable Locale. These potential sources are checked in order until a Locale is found:

1. The passed component (or UI) if not null
2. UI.getCurrent() if defined
3. The passed session if not null
4. VaadinSession.getCurrent() if defined
5. The passed request if not null
6. VaadinService.getCurrentRequest() if defined
7. Locale.getDefault()

Parameters:

session - the session that is searched for locale or null if not available

request - the request that is searched for locale or null if not available

Returns:

the found locale

setResponseNoCacheHeaders

public static void setResponseNoCacheHeaders(BiConsumer<String,String> headerSetter,
                                             BiConsumer<String,Long> longHeaderSetter)

Sets no cache headers to the specified response.

Parameters:

headerSetter - setter for string value headers

longHeaderSetter - setter for long value headers

getCancelingRelativePath

public static String getCancelingRelativePath(String pathToCancel)

Gets a relative path that cancels the provided path. This essentially adds one .. for each part of the path to cancel.

Parameters:

pathToCancel - the path that should be canceled

Returns:

a relative path that cancels out the provided path segment

isPathUnsafe

public static boolean isPathUnsafe(String path)

Checks if the given URL path contains the directory change instruction (dot-dot), taking into account possible double encoding in hexadecimal format, which can be injected maliciously.

Parameters:

path - the URL path to be verified.

Returns:

true, if the given path has a directory change instruction, false otherwise.

getPublicResources

public static String[] getPublicResources()

URLs matching these patterns should be publicly available for applications to work. Can be used for defining a bypass for rules in e.g. Spring Security.

getPublicResourcesRequiringSecurityContext

public static String[] getPublicResourcesRequiringSecurityContext()

URLs matching these patterns should be publicly available for applications to work but might require a security context, i.e. authentication information.