[jboss-jira] [JBoss JIRA] Resolved: (JBMETA-152) @RolesAllowed in hierarchy are additive, should be overridden

@RolesAllowed in hierarchy are additive, should be overridden ------------------------------------------------------------- Key: JBMETA-152 URL: https://jira.jboss.org/jira/browse/JBMETA-152 Project: JBoss Metadata Issue Type: Bug Security Level: Public(Everyone can see) Affects Versions: 1.0.0.CR9 Environment: Affects "security5" EJB3 TestSuite, for example Reporter: Andrew Lee Rubinger Assignee: Andrew Lee Rubinger Fix For: 1.0.0.CR11 EJB3 Core Specification 17.3.2.1: "If a method M of class S overrides a business method defined by a superclass of S, the method permissions value of M is determined by the above rules as applied to class S." As it stands, the following construct: public class SecureServiceBeanBase implements SecureService { @RolesAllowed(SecureService.ROLES_BEAN_BASE) public void someMethod() { return; } } @Stateless @Local(SecureService.class) public class SecureServiceBean extends SecureServiceBeanBase implements SecureService { @Override @RolesAllowed(SecureService.ROLES_EJB) public void someMethod() { return; } } ...results in two method permissions for "someMethod".