EJB3 container does not honour security annotations
---------------------------------------------------
Key: JBAS-6563
URL:
https://jira.jboss.org/jira/browse/JBAS-6563
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Security
Affects Versions: JBossAS-4.2.3.GA
Environment: Sun OS 5.11 snv_79a, Sun jdk 1.6, JBoss 4.2.3 for JDK 1.6, Eclipse
Ganymede
Reporter: Karel Gardas
Assignee: Anil Saldhana
Hello,
I'm using the following code as a testcase for EJB3-WS security.
package demo;
import javax.annotation.security.RolesAllowed;
import javax.annotation.security.DenyAll;
import javax.ejb.Stateless;
import javax.jws.WebService;
@WebService
@Stateless
//@RolesAllowed ("Person")
public class HelloBean3 {
public HelloBean3() {
}
@DenyAll
public String sayHello() {
return "EJB3x: Hello my callee!";
}
}
unfortunately when it's deployed to the JBoss 4.2.3 AS, it does not deny any requests
to sayHello operation, but runs them happily. I'm using web service client developed
in Eclipse using Axis:
package demo;
public class Main {
public static void main(String[] args) throws Exception {
// TODO Auto-generated method stub
HelloBean3ServiceLocator loc = new HelloBean3ServiceLocator();
HelloBean3 hello = loc.getHelloBean3Port();
System.out.println("service tells me: `" + hello.sayHello() +
"'");
}
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira