[
https://issues.jboss.org/browse/WFLY-2988?page=com.atlassian.jira.plugin....
]
Remus Vitan commented on WFLY-2988:
-----------------------------------
Hi,
Is there any way that I could achieve this behavior ? (the class level declared security
to be performed for methods called for that class)
My use case is quite simple : I have a GenericDAO and its implementations are the actual
beans to be called.
Each implementation has its own set of roles that should access that business part.
The only workaround I see is to create the override methods that would genuine delegators
to the parent implementation but I do not consider it very elegant :)
Class-level @RolesAllowed does not affect inherited methods
-----------------------------------------------------------
Key: WFLY-2988
URL:
https://issues.jboss.org/browse/WFLY-2988
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 8.0.0.Final
Environment: Wildfly 8.0.0.Final running on OpenJDK 1.7.0_45
Reporter: Daniel Lechner
Assignee: Darran Lofthouse
Fix For: 8.1.0.CR2, 8.1.0.Final
Excerpt from the forum reference:
Basically I have an EJB which derives from a base class. At the EJB itself there is an
class-level {{@RolesAllowed}} annotation. With this annotation all methods which are
implemented directly in the class can be accessed when the caller has the appropriate
role. But when he tries to call a method which has been implemented in the base class,
access is denied.
Reading the EJB 3.2 Spec which says
{quote}
Specifying the RolesAllowed or PermitAll or DenyAll annotation on the bean class means
that it applies to all applicable business methods of the class.
{quote}
I would suggest that this should work. Although this worked with JBoss AS 5.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)