@RolesAllowed in hierarchy are additive, should be overridden ------------------------------------------------------------- Key: JBMETA-152 URL: https://jira.jboss.org/jira/browse/JBMETA-152 Project: JBoss Metadata Issue Type: Bug Security Level: Public (Everyone can see) Affects Versions: 1.0.0.CR9 Environment: Affects "security5" EJB3 TestSuite, for example Reporter: Andrew Lee Rubinger Assignee: Andrew Lee Rubinger Fix For: 1.0.0.GA EJB3 Core Specification 17.3.2.1: "If a method M of class S overrides a business method defined by a superclass of S, the method permissions value of M is determined by the above rules as applied to class S." As it stands, the following construct: public class SecureServiceBeanBase implements SecureService { @RolesAllowed(SecureService.ROLES_BEAN_BASE) public void someMethod() { return; } } @Stateless @Local(SecureService.class) public class SecureServiceBean extends SecureServiceBeanBase implements SecureService { @Override @RolesAllowed(SecureService.ROLES_EJB) public void someMethod() { return; } } ...results in two method permissions for "someMethod". -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira