[jboss-jira] [JBoss JIRA] Created: (JBMETA-152) @RolesAllowed in hierarchy are additive, should be overridden
Andrew Lee Rubinger (JIRA)
jira-events at lists.jboss.org
Tue Dec 2 03:21:36 EST 2008
@RolesAllowed in hierarchy are additive, should be overridden
-------------------------------------------------------------
Key: JBMETA-152
URL: https://jira.jboss.org/jira/browse/JBMETA-152
Project: JBoss Metadata
Issue Type: Bug
Security Level: Public (Everyone can see)
Affects Versions: 1.0.0.CR9
Environment: Affects "security5" EJB3 TestSuite, for example
Reporter: Andrew Lee Rubinger
Assignee: Andrew Lee Rubinger
Fix For: 1.0.0.GA
EJB3 Core Specification 17.3.2.1:
"If a method M of class S overrides a business method defined by a superclass of S, the method
permissions value of M is determined by the above rules as applied to class S."
As it stands, the following construct:
public class SecureServiceBeanBase implements SecureService
{
@RolesAllowed(SecureService.ROLES_BEAN_BASE)
public void someMethod()
{
return;
}
}
@Stateless
@Local(SecureService.class)
public class SecureServiceBean extends SecureServiceBeanBase implements SecureService
{
@Override
@RolesAllowed(SecureService.ROLES_EJB)
public void someMethod()
{
return;
}
}
...results in two method permissions for "someMethod".
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list