com.vaadin.flow.server.auth.DefaultAccessCheckDecisionResolver API 24.7.0 | Vaadin

com.vaadin.flow.server.auth.

java.lang.Object

com.vaadin.flow.server.auth.DefaultAccessCheckDecisionResolver

All Implemented Interfaces:

AccessCheckDecisionResolver, Serializable

public class DefaultAccessCheckDecisionResolver extends Object implements AccessCheckDecisionResolver

Default implementation of AccessCheckDecisionResolver that allow access only if input results are all ALLOW, or a combination of ALLOW and NEUTRAL. In any other case the access is DENIED.

 | Results         | Decision |
 | --------------- | -------- |
 | All ALLOW       | ALLOW    |
 | ALLOW + NEUTRAL | ALLOW    |
 | All DENY        | DENY     |
 | DENY + NEUTRAL  | DENY     |
 | ALL NEUTRAL     | DENY     |
 | ALLOW + DENY    | REJECT   |

Almost the same rule applies also if the evaluation happens during error handling phase (NavigationContext.isErrorHandling() is true), with a single exception: in this case, if all the results are NEUTRAL the access is granted because the target of the navigation is supposed to be an error handler component and not a view with sensible information.

It should be noted that the above situation never occurs if the AnnotatedViewAccessChecker is enabled because it computes only ALLOW or DENY results.

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type

Field

Description

static final org.slf4j.Logger

LOGGER
Constructor Summary

Constructors

Constructor

Description

DefaultAccessCheckDecisionResolver()
Method Summary

Modifier and Type

Method

Description

AccessCheckResult

resolve(List<AccessCheckResult> results, NavigationContext context)

Determines if access is granted for a specific navigation context, based on the decisions provided by NavigationAccessCheckers.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details
- LOGGER
  
  public static final org.slf4j.Logger LOGGER
Constructor Details
- DefaultAccessCheckDecisionResolver
  
  public DefaultAccessCheckDecisionResolver()
Method Details
- resolve
  
  public AccessCheckResult resolve(List<AccessCheckResult> results, NavigationContext context)
  
  Description copied from interface: AccessCheckDecisionResolver
  
  Determines if access is granted for a specific navigation context, based on the decisions provided by NavigationAccessCheckers.
  
  The decision resolver should grant access or deny it by returning an appropriate AccessCheckResult object.
  
  The expected result of the method should be AccessCheckDecision.ALLOW or AccessCheckDecision.DENY, or AccessCheckDecision.REJECT.
  
  A AccessCheckDecision.NEUTRAL result does not make because it does not provide meaningful information to NavigationAccessControl to complete the access check process. For this reason, a neutral result will produce the same effect as AccessCheckDecision.REJECT, preventing the navigation and failing with an exception in development mode.
```
 AccessCheckResult resolve(List<Result> results,
         NavigationContext context) {

     Map<Decision, Long> votes = results.stream()
             .collect(groupingBy(Result::decision, counting()));

     int allow = votes.getOrDefault(Decision.ALLOW, 0L).intValue();
     int deny = votes.getOrDefault(Decision.ALLOW, 0L).intValue();
     int diff = allow - deny;

     if (allow == 0 && deny == 0) {
         return AccessCheckResult.neutral();
     } else if (diff > 0) {
         return AccessCheckResult.allow();
     } else if (diff < 0) {
         return AccessCheckResult.deny(String
                 .format("Allow %d - Deny %d. Deny wins!", allow, deny));
     }
     return AccessCheckResult
             .reject("To allow, or not to allow, that is the question.");
 }
 
```
  Result object can also be created using NavigationContext helpers NavigationContext.allow(), NavigationContext.deny(String), NavigationContext.reject(String) and NavigationContext.neutral().
  
  Specified by:
  
  resolve in interface AccessCheckDecisionResolver
  
  Parameters:
  
  results - the decisions from access checkers.
  
  context - the current navigation context
  
  Returns:
  
  a result indicating weather the access to target view should be granted or not, never null.