Sorry Robert, we are experiencing team change these days and may have a delay on
Yeah please create a JIRA issue, which is the safest way it will be checked :-)
Weinan Li / JBoss
On May 18, 2016, at 11:34 PM, Robert Marcano
Sorry for replying to myself, do you people prefer a JIRA issue for
discussion? I ask for the lack of response :(
On 05/14/2016 09:00 PM, Robert Marcano wrote:
> When using resource interfaces, the RolesAllowed annotation is only used
> if it is found on the interface and not on the implementation class.
> This took me by surprise because if you use the same annotation on an
> EJB, it is only valid when it is on the bean implementation, not on the
> remote or local interfaces. Probably there should be some consistency
> here with other JEE specs.
> I use interfaces in order to use a proxy based client from a remote JVM
> that is migrating from EJB remoting. There is no need for the clients to
> know which roles are allowed (or their names), so I want to avoid the
> need to add RolesAllowed to the interfaces.
> Before submitting a bug report or working on a patch. What is the best
> approach here?
> 1- only use RolesAllowed when they are on the implementation class, It
> will break existing code
> 2- implementation RolesAllowed override interface RolesAllowed
> 3- merge implementation RolesAllowed and interface RolesAllowed. Union
> or intersection of both group of roles?
> The same questions are valid for @PermitAll and @DenyAll
> Note: please update the website mailing list link, I subscribed to the
> sourceforge mailing list yesterday in order to send this email. Noticed
> the migration notice because I checked today the web archive for the
> lack of response.
resteasy-dev mailing list