[
https://issues.apache.org/struts/browse/STR-2441?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Paul Benedict closed STR-2441.
------------------------------
Resolution: Won't Fix
Assignee: (was: Struts Developers)
To eat the exception means to, as Niall pointed out, hide the true cause of the
problem. While it sounds interesting to never match a role on an exception,
Struts cannot realistically assume this behavior is desirable on a global level.
> RequestProcessor.processRoles() broken on Orion 2.0.6
> -----------------------------------------------------
>
> Key: STR-2441
> URL: https://issues.apache.org/struts/browse/STR-2441
> Project: Struts 1
> Issue Type: Improvement
> Components: Core
> Affects Versions: 1.2.4
> Environment: Operating System: other
> Platform: Other
> Reporter: Emmanuel Bourg
> Priority: Minor
>
> The implementation of HttpServletRequest.isUserInRole() in Orion 2.0.6 throws
> an
> IllegalArgumentException if the role doesn't exist, it breaks the processRoles
> method in the RequestProcessor class. I suggest adding a try/catch block
> inside
> the loop iterating over the roles to prevent such an exception from breaking
> the
> processing:
> // Check the current user against the list of required roles
> for (int i = 0; i < roles.length; i++) {
> try {
> if (request.isUserInRole(roles[i])) {
> if (log.isDebugEnabled()) {
> log.debug(" User '" + request.getRemoteUser() +
> "' has role '" + roles[i] + "', granting access");
> }
> return (true);
> }
> } catch (Exception e) {
> if (log.isDebugEnabled()) {
> log.debug(e.getMessage(), e);
> }
> }
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
