Re: [resteasy-dev] @RolesAllowed and interfaces

On May 18, 2016, at 11:34 PM, Robert Marcano <robert(a)marcanoonline.com&gt; wrote: Sorry for replying to myself, do you people prefer a JIRA issue for discussion? I ask for the lack of response :( On 05/14/2016 09:00 PM, Robert Marcano wrote: > Greetings. > > When using resource interfaces, the RolesAllowed annotation is only used > if it is found on the interface and not on the implementation class. > This took me by surprise because if you use the same annotation on an > EJB, it is only valid when it is on the bean implementation, not on the > remote or local interfaces. Probably there should be some consistency > here with other JEE specs. > > I use interfaces in order to use a proxy based client from a remote JVM > that is migrating from EJB remoting. There is no need for the clients to > know which roles are allowed (or their names), so I want to avoid the > need to add RolesAllowed to the interfaces. > > Before submitting a bug report or working on a patch. What is the best > approach here? > > 1- only use RolesAllowed when they are on the implementation class, It > will break existing code > > 2- implementation RolesAllowed override interface RolesAllowed > > 3- merge implementation RolesAllowed and interface RolesAllowed. Union > or intersection of both group of roles? > > The same questions are valid for @PermitAll and @DenyAll > > Note: please update the website mailing list link, I subscribed to the > sourceforge mailing list yesterday in order to send this email. Noticed > the migration notice because I checked today the web archive for the > lack of response. _______________________________________________ resteasy-dev mailing list resteasy-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/resteasy-dev