public class VaadinConnectAccessChecker extends Object
For each request that is trying to access the method in the corresponding Vaadin Connect Endpoint, the permission check is carried on.
It looks for AnonymousAllowed PermitAll, DenyAll and
RolesAllowed annotations in endpoint methods and classes containing
these methods (no super classes' annotations are taken into account).
Method-level annotation override Class-level ones.
In the next example, since the class is denied to all, method1 is not accessible to anyone, method2 can be executed by any authorized used, method3 is only allowed to the accounts having the ROLE_USER authority and method4 is available for every user, including anonymous ones that don't provide any token in their requests.
@Endpoint
@DenyAll
public class DemoEndpoint {
public void method1() {
}
@PermitAll
public void method2() {
}
@RolesAllowed("ROLE_USER")
public void method3() {
}
@AnonymousAllowed
public void method4() {
}
}
| Constructor and Description |
|---|
VaadinConnectAccessChecker() |
| Modifier and Type | Method and Description |
|---|---|
String |
check(Method method,
HttpServletRequest request)
Check that the endpoint is accessible for the current user.
|
void |
enableCsrf(boolean xsrfProtectionEnabled)
Enable or disable XSRF token checking in endpoints.
|
AnnotatedElement |
getSecurityTarget(Method method)
Gets the entity to check for Vaadin Connect security restrictions.
|
public String check(Method method, HttpServletRequest request)
method - the Vaadin endpoint method to check ACLrequest - the request that triggers the method invocationnull otherwisepublic AnnotatedElement getSecurityTarget(Method method)
method - the method to analyze, not nullIllegalArgumentException - if the method is not publicpublic void enableCsrf(boolean xsrfProtectionEnabled)
xsrfProtectionEnabled - enable or disable protection.Copyright © 2020. All rights reserved.