Package com.vaadin.hilla.auth

Class EndpointAccessChecker

java.lang.Object
com.vaadin.hilla.auth.EndpointAccessChecker
public class EndpointAccessChecker extends Object
Component used for checking role-based ACL in Vaadin Endpoints.

For each request that is trying to access the method in the corresponding Vaadin Endpoint, the permission check is carried on.

It looks for AnonymousAllowed PermitAll, DenyAll and RolesAllowed annotations in endpoint methods and classes containing these methods (no super classes' annotations are taken into account).

Method-level annotation override Class-level ones.

In the next example, since the class is denied to all, method1 is not accessible to anyone, method2 can be executed by any authorized used, method3 is only allowed to the accounts having the ROLE_USER authority and method4 is available for every user, including anonymous ones that don't provide any token in their requests. 

 @Endpoint
 @DenyAll
 public class DemoEndpoint {

     public void method1() {
     }

     @PermitAll
     public void method2() {
     }

     @RolesAllowed("ROLE_USER")
     public void method3() {
     }

     @AnonymousAllowed
     public void method4() {
     }
 }

  • Field Details

  • Constructor Details

    • EndpointAccessChecker

      public EndpointAccessChecker(AccessAnnotationChecker accessAnnotationChecker)
      Creates a new instance.
      Parameters:
      accessAnnotationChecker - the access checker to use

  • Method Details

    • check

      public String check(Method method, jakarta.servlet.http.HttpServletRequest request)
      Check that the endpoint is accessible for the current user.
      Parameters:
      method - the Vaadin endpoint method to check ACL
      request - the request that triggers the method invocation
      Returns:
      an error String with an issue description, if any validation issues occur, null otherwise

    • check

      public String check(Class<?> clazz, jakarta.servlet.http.HttpServletRequest request)
      Check that the endpoint is accessible for the current user.
      Parameters:
      clazz - the Vaadin endpoint class to check ACL
      request - the request that triggers the method invocation
      Returns:
      an error String with an issue description, if any validation issues occur, null otherwise

    • check

      public String check(Method method, Principal principal, Function<String,Boolean> rolesChecker)
      Check that the endpoint is accessible for the current user.
      Parameters:
      method - the Vaadin endpoint method to check ACL
      principal - the user principal object
      rolesChecker - a function for checking if a user is in a given role
      Returns:
      an error String with an issue description, if any validation issues occur, null otherwise

    • check

      public String check(Class<?> clazz, Principal principal, Function<String,Boolean> rolesChecker)
      Check that the endpoint is accessible for the current user.
      Parameters:
      clazz - the Vaadin endpoint class to check ACL
      principal - the user principal object
      rolesChecker - a function for checking if a user is in a given role
      Returns:
      an error String with an issue description, if any validation issues occur, null otherwise

    • getAccessAnnotationChecker

      public AccessAnnotationChecker getAccessAnnotationChecker()
      Returns the instance used for checking access based on annotations.
      Returns:
      the instance used for checking access based on annotations