struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Benedict (JIRA)" <j...@apache.org>
Subject [jira] Closed: (STR-2441) RequestProcessor.processRoles() broken on Orion 2.0.6
Date Tue, 03 Jul 2007 03:29:26 GMT

     [ https://issues.apache.org/struts/browse/STR-2441?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Paul Benedict closed STR-2441.
------------------------------

    Resolution: Won't Fix
      Assignee:     (was: Struts Developers)

To eat the exception means to, as Niall pointed out, hide the true cause of the problem. While
it sounds interesting to never match a role on an exception, Struts cannot realistically assume
this behavior is desirable on a global level.

> RequestProcessor.processRoles() broken on Orion 2.0.6
> -----------------------------------------------------
>
>                 Key: STR-2441
>                 URL: https://issues.apache.org/struts/browse/STR-2441
>             Project: Struts 1
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 1.2.4
>         Environment: Operating System: other
> Platform: Other
>            Reporter: Emmanuel Bourg
>            Priority: Minor
>
> The implementation of HttpServletRequest.isUserInRole() in Orion 2.0.6 throws an
> IllegalArgumentException if the role doesn't exist, it breaks the processRoles
> method in the RequestProcessor class. I suggest adding a try/catch block inside
> the loop iterating over the roles to prevent such an exception from breaking the
> processing:
>     // Check the current user against the list of required roles
>     for (int i = 0; i < roles.length; i++) {
>         try {
>             if (request.isUserInRole(roles[i])) {
>                 if (log.isDebugEnabled()) {
>                     log.debug(" User '" + request.getRemoteUser() +
>                         "' has role '" + roles[i] + "', granting access");
>                 }
>                 return (true);
>             }
>         } catch (Exception e) {
>             if (log.isDebugEnabled()) {
>                 log.debug(e.getMessage(), e);
>             }
>         }
>     }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message