Adrian Crum wrote: > --- On Wed, 1/13/10, Adam Heath <doo...@brainfood.com> wrote: > >> From: Adam Heath <doo...@brainfood.com> >> Subject: Re: svn commit: r898965 - in >> /ofbiz/branches/executioncontext20091231: ./ >> framework/api/src/org/ofbiz/api/context/ >> framework/context/src/org/ofbiz/context/ framework/example/data/ >> themes/bizznesstime/includes/ themes/bluelight/includes/ >> themes/droppingcrum... >> To: dev@ofbiz.apache.org >> Date: Wednesday, January 13, 2010, 6:31 PM >> adri...@apache.org >> wrote: >>> Author: adrianc >>> Date: Wed Jan 13 22:06:46 2010 >>> New Revision: 898965 >>> >>> URL: http://svn.apache.org/viewvc?rev=898965&view=rev >>> Log: >>> Implemented permission filters. Added a user group to >> the Example component. Main navigation is controlled by the >> new security design. >>> Added: >>> >> >> ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ContextUtil.java >> (with >> props) >>> Modified: >>> >> ofbiz/branches/executioncontext20091231/BranchReadMe.txt >>> >> >> ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ThreadContext.java >>> >> >> ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java >>> >> >> ofbiz/branches/executioncontext20091231/framework/example/data/ExampleSecurityData.xml >>> >> >> ofbiz/branches/executioncontext20091231/themes/bizznesstime/includes/appbar.ftl >>> >> >> ofbiz/branches/executioncontext20091231/themes/bizznesstime/includes/secondary-appbar.ftl >>> >> >> ofbiz/branches/executioncontext20091231/themes/bluelight/includes/appbarOpen.ftl >>> >> >> ofbiz/branches/executioncontext20091231/themes/droppingcrumbs/includes/appbarOpen.ftl >>> >> >> ofbiz/branches/executioncontext20091231/themes/flatgrey/includes/appbar.ftl >>> >> >> ofbiz/branches/executioncontext20091231/themes/flatgrey/includes/footer.ftl >> >>> Added: >> ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ContextUtil.java >>> URL: >>> http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ContextUtil.java?rev=898965&view=auto >>> >> ============================================================================== >>> --- >> ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ContextUtil.java >> (added) >>> +++ >> ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ContextUtil.java >> Wed Jan 13 22:06:46 2010 >>> @@ -0,0 +1,57 @@ >>> + >> *******************************************************************************/ >>> +package org.ofbiz.context; >>> + >>> +import static >> org.ofbiz.api.authorization.BasicPermissions.Access; >>> + >>> +import java.util.List; >>> + >>> +import javolution.util.FastList; >>> + >>> +import org.ofbiz.api.authorization.AccessController; >>> +import org.ofbiz.api.context.ArtifactPath; >>> +import org.ofbiz.api.context.ThreadContext; >>> +import org.ofbiz.base.component.ComponentConfig; >>> +import >> org.ofbiz.base.component.ComponentConfig.WebappInfo; >>> + >>> +/** >>> + * ExecutionContext utility methods. >>> + * >>> + */ >>> +public class ContextUtil { >>> + >>> + public static List<WebappInfo> >> getAppBarWebInfos(String serverName, String menuName) { >>> + List<WebappInfo> >> webInfos = ComponentConfig.getAppBarWebInfos(serverName, >> menuName); >>> + String [] pathArray = >> {ArtifactPath.PATH_ROOT_NODE_NAME, null}; >>> + ArtifactPath artifactPath >> = new ArtifactPath(pathArray); >>> + AccessController >> accessController = ThreadContext.getAccessController(); >>> + List<WebappInfo> >> resultList = FastList.newInstance(); >>> + for (WebappInfo >> webAppInfo : webInfos) { >>> + >> pathArray[1] = webAppInfo.getContextRoot().replace("/", >> ""); >>> + >> artifactPath.saveState(); >>> + try { >>> + >> accessController.checkPermission(Access, >> artifactPath); >>> + >> resultList.add(webAppInfo); >>> + } catch >> (Exception e) {} >>> + >> artifactPath.restoreState(); >>> + } >>> + return resultList; >>> + } >>> + >>> +} >> >> restoreState should be in finally. You don't handle >> runtime >> exception. If it was in finally, you wouldn't need >> the catch. It's >> also bad that you don't log the exception, or rethrow it. > > I think you're not understanding the application. This might help: > > http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#checkPermission%28java.security.Permission%29
That has no bearing whatsoever. RuntimeException and Error can happen at any point.