Proposed patch: Index: src/main/java/org/jboss/metadata/annotation/creator/ejb/jboss/RolesAllowedProcessor.java | =================================================================== | --- src/main/java/org/jboss/metadata/annotation/creator/ejb/jboss/RolesAllowedProcessor.java (revision 81835) | +++ src/main/java/org/jboss/metadata/annotation/creator/ejb/jboss/RolesAllowedProcessor.java (working copy) | @@ -73,6 +73,29 @@ | methods = new MethodsMetaData(); | perm.setMethods(methods); | } | + | + /* | + * JBMETA-152 | + * | + * Check that we haven't already defined permissions for this method | + */ | + MethodPermissionsMetaData permissions = metaData.getMethodPermissionsByEjbName(ejbName); | + if (permissions != null) | + { | + for (MethodPermissionMetaData permission : permissions) | + { | + for (MethodMetaData methodMetaDataInPermissions : permission.getMethods()) | + { | + // If this method's already been added | + if (methodMetaDataInPermissions.equals(mmd)) | + { | + // Do nothing | + return; | + } | + } | + } | + } | + | HashSet<String> roles = new HashSet<String>(); | for(String role : allowed.value()) | roles.add(role); Makes for expected output in "security5" tests: 03:40:31,934 WARN [Ejb3DescriptorHandler] Adding @RolesAllowed for method echo([java.lang.String]) of EJB FirstBean: [InternalRole] | 03:40:32,108 WARN [Ejb3DescriptorHandler] Adding @RolesAllowed for method *(null) of EJB SecondBean: [InternalRole] | 03:40:32,169 WARN [Ejb3DescriptorHandler] Adding @RolesAllowed for method echo([java.lang.String]) of EJB SimpleStatelessBean: [EchoSLSB] | 03:40:32,308 WARN [Ejb3DescriptorHandler] Adding @RolesAllowed for method echo([java.lang.String]) of EJB SimpleStatefulBean: [EchoSFSB] ...though the tests still fail. :( S, ALR View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4193676#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...