Authorization denied for authenticated users when @PermitAll is used
on EJB JAX-WS endpoint
-------------------------------------------------------------------------------------------
Key: WFLY-3988
URL:
https://issues.jboss.org/browse/WFLY-3988
Project: WildFly
Issue Type: Bug
Components: Web Services
Affects Versions: 8.1.0.Final
Reporter: Kyle Lape
Assignee: Jim Ma
Given this endpoint:
{code:java}
@Stateless
@WebService(endpointInterface="com.redhat.gss.SecureEndpoint")
@DeclareRoles({"a","b"})
@WebContext(contextRoot="/endpoint",urlPattern="/e",authMethod="BASIC")
public class SecureEndpointE implements SecureEndpoint {
@RolesAllowed({"a"})
public String a() {
return "Success";
}
@RolesAllowed({"b"})
public String b() {
return "Success";
}
@PermitAll
public String c() {
return "Success";
}
}
{code}
One would expect any authenticated user to be able to invoke {{c()}}, but only users with
a role found in {{@DelareRoles}} can invoke it.