ebad6ae0e7c8192dc9aed2bc1b8b0939f3ed36bd,src/modules/rest/extjs/src/main/java/it/geosolutions/geostore/services/rest/impl/RESTExtJsServiceImpl.java,RESTExtJsServiceImpl,getExtResourcesList,#SecurityContext#number#number#boolean#boolean#SearchFilter#,269

Before Change


        }

        if (LOGGER.isDebugEnabled())
            LOGGER.debug("getResourcesList(start=" + start + ", limit=" + limit
                    + ", includeAttributes=" + includeAttributes);
        
        User authUser = null;
        try{
        	authUser = extractAuthUser(sc);
        }catch (InternalErrorWebEx ie){
        	// serch without user information
        }

        Integer page = null;
        if (start != null) {
            page = start / limit;
        }

        try {
            List<Resource> resources = getResourcesAllowed(resourceService.getResources(filter, page, limit,
                    includeAttributes, includeData, authUser), authUser);

            // Here the Read permission on each resource must be checked due to will be returned the full Resource not just a ShortResource
            // N.B. This is a bad method to check the permissions on each requested resource, it can perform 2 database access for each resource.
            // Possible optimization -> When retrieving the resources, add to "filter" also another part to load only the allowed resources.

            long count = 0;
            if (resources != null && resources.size() > 0)
                count = resourceService.getCountByFilterAndUser(filter, authUser);

            ExtResourceList list = new ExtResourceList(count, resources);
            return list;

        } catch (InternalErrorServiceEx e) {
            if (LOGGER.isEnabledFor(Level.ERROR))
                LOGGER.error(e.getMessage());

            return null;
        } catch (BadRequestServiceEx e) {

After Change


        }

        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("getResourcesList(start=" + start + ", limit=" + limit
                    + ", includeAttributes=" + includeAttributes);
        }

        User authUser = null;
        try {
            authUser = extractAuthUser(sc);
        } catch (InternalErrorWebEx ie) {
            // serch without user information
            LOGGER.warn("Error in validating user (this action should probably be aborted)", ie); // why is this exception caught?
        }

        Integer page = null;
        if (start != null) {
            page = start / limit;
        }

        try {
            List<Resource> resources = getResourcesAllowed(resourceService.getResources(filter, page, limit,
                    includeAttributes, includeData, authUser), authUser);

            // Here the Read permission on each resource must be checked due to will be returned the full Resource not just a ShortResource
            // N.B. This is a bad method to check the permissions on each requested resource, it can perform 2 database access for each resource.
            // Possible optimization -> When retrieving the resources, add to "filter" also another part to load only the allowed resources.
            long count = 0;
            if (resources != null && resources.size() > 0) {
                count = resourceService.getCountByFilterAndUser(filter, authUser);
            }

            ExtResourceList list = new ExtResourceList(count, resources);
            return list;

        } catch (InternalErrorServiceEx e) {
            LOGGER.warn(e.getMessage(), e);

            return null;
        } catch (BadRequestServiceEx e) {