Package com.vaadin.flow.server

Class HandlerHelper

java.lang.Object
com.vaadin.flow.server.HandlerHelper
All Implemented Interfaces:
Serializable
public class HandlerHelper extends Object implements Serializable
Contains helper methods for VaadinServlet and generally for handling VaadinRequests.
Since:
1.0
See Also:

  • Method Details

    • isRequestType

      public static boolean isRequestType(VaadinRequest request, HandlerHelper.RequestType requestType)
      Returns whether the given request is of the given type.
      Parameters:
      request - the request to check
      requestType - the type to check for
      Returns:
      true if the request is of the given type, false otherwise

    • isFrameworkInternalRequest

      public static boolean isFrameworkInternalRequest(String servletMappingPath, jakarta.servlet.http.HttpServletRequest request)
      Checks whether the request is an internal request. The requests listed in HandlerHelper.RequestType are considered internal as they are needed for applications to work.

      Requests for routes, static resources requests and similar are not considered internal requests.

      Parameters:
      servletMappingPath - the path the Vaadin servlet is mapped to, with or without and ending "/*"
      request - the servlet request
      Returns:
      true if the request is Vaadin internal, false otherwise

    • getPathIfInsideServlet

      public static Optional<String> getPathIfInsideServlet(String servletMappingPath, String requestedPath)
      Returns the rest of the path after the servlet mapping part, if the requested path targets a path inside the servlet.
      Parameters:
      servletMappingPath - the servlet mapping from the servlet configuration
      requestedPath - the request path relative to the context root
      Returns:
      an optional containing the path relative to the servlet if the request is inside the servlet mapping, an empty optional otherwise

    • getRequestPathInsideContext

      public static String getRequestPathInsideContext(jakarta.servlet.http.HttpServletRequest request)
      Returns the requested path inside the context root.
      Parameters:
      request - the servlet request
      Returns:
      the path inside the context root, not including the slash after the context root path

    • findLocale

      public static Locale findLocale(VaadinSession session, VaadinRequest request)
      Helper to find the most most suitable Locale. These potential sources are checked in order until a Locale is found:
      1. The passed component (or UI) if not null
      2. UI.getCurrent() if defined
      3. The passed session if not null
      4. VaadinSession.getCurrent() if defined
      5. The passed request if not null
      6. VaadinService.getCurrentRequest() if defined
      7. Locale.getDefault()
      Parameters:
      session - the session that is searched for locale or null if not available
      request - the request that is searched for locale or null if not available
      Returns:
      the found locale

    • setResponseNoCacheHeaders

      public static void setResponseNoCacheHeaders(BiConsumer<String,String> headerSetter, BiConsumer<String,Long> longHeaderSetter)
      Sets no cache headers to the specified response.
      Parameters:
      headerSetter - setter for string value headers
      longHeaderSetter - setter for long value headers

    • getCancelingRelativePath

      public static String getCancelingRelativePath(String pathToCancel)
      Gets a relative path that cancels the provided path. This essentially adds one .. for each part of the path to cancel.
      Parameters:
      pathToCancel - the path that should be canceled
      Returns:
      a relative path that cancels out the provided path segment

    • isPathUnsafe

      public static boolean isPathUnsafe(String path)
      Checks if the given URL path contains the directory change instruction (dot-dot), taking into account possible double encoding in hexadecimal format, which can be injected maliciously.
      Parameters:
      path - the URL path to be verified.
      Returns:
      true, if the given path has a directory change instruction, false otherwise.

    • getPublicResources

      public static String[] getPublicResources()
      URLs matching these patterns should be publicly available for applications to work. Can be used for defining a bypass for rules in e.g. Spring Security.

      These paths are relative to a potential Vaadin mapping

    • getPublicResourcesRoot

      public static String[] getPublicResourcesRoot()
      URLs matching these patterns should be publicly available for applications to work. Can be used for defining a bypass for rules in e.g. Spring Security.

      These URLs are always relative to the root path and independent of any Vaadin mapping

    • getIconVariants

      public static List<String> getIconVariants(String iconPath)
      Gets the paths of the PWA icon variants for the given base icon.
      Parameters:
      iconPath - path of the base icon.
      Returns:
      list of paths of icon variants.

    • getPublicResourcesRequiringSecurityContext

      public static String[] getPublicResourcesRequiringSecurityContext()
      URLs matching these patterns should be publicly available for applications to work but might require a security context, i.e. authentication information.

    • isNonHtmlInitiatedRequest

      public static boolean isNonHtmlInitiatedRequest(jakarta.servlet.http.HttpServletRequest request)
      Determines whether the given HTTP request is initiated by a non-HTML context. This is based on the value of the Sec-Fetch-Dest in the request headers. If the header value is absent or does not match certain predefined values, it is considered an HTML-initiated request. See Sec-Fetch-Dest header documentation for more details.
      Parameters:
      request - the HTTP servlet request to evaluate
      Returns:
      true if the request is initiated by a non-HTML context; false otherwise

    • isNonHtmlInitiatedRequest

      public static boolean isNonHtmlInitiatedRequest(VaadinRequest request)
      Determines whether the given request is initiated by a non-HTML context. This is based on the value of the Sec-Fetch-Dest in the request headers. If the header value is absent or does not match certain predefined values, it is considered an HTML-initiated request. See Sec-Fetch-Dest header documentation for more details.
      Parameters:
      request - the Vaadin request to evaluate
      Returns:
      true if the request is initiated by a non-HTML context; false otherwise