[jboss-jira] [JBoss JIRA] Resolved: (JBMETA-152) @RolesAllowed in hierarchy are additive, should be overridden
Andrew Lee Rubinger (JIRA)
jira-events at lists.jboss.org
Tue Dec 2 04:38:36 EST 2008
[ https://jira.jboss.org/jira/browse/JBMETA-152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Lee Rubinger resolved JBMETA-152.
----------------------------------------
Fix Version/s: 1.0.0.CR11
(was: 1.0.0.GA)
Resolution: Done
> @RolesAllowed in hierarchy are additive, should be overridden
> -------------------------------------------------------------
>
> Key: JBMETA-152
> URL: https://jira.jboss.org/jira/browse/JBMETA-152
> Project: JBoss Metadata
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: 1.0.0.CR9
> Environment: Affects "security5" EJB3 TestSuite, for example
> Reporter: Andrew Lee Rubinger
> Assignee: Andrew Lee Rubinger
> Fix For: 1.0.0.CR11
>
>
> EJB3 Core Specification 17.3.2.1:
> "If a method M of class S overrides a business method defined by a superclass of S, the method
> permissions value of M is determined by the above rules as applied to class S."
> As it stands, the following construct:
> public class SecureServiceBeanBase implements SecureService
> {
> @RolesAllowed(SecureService.ROLES_BEAN_BASE)
> public void someMethod()
> {
> return;
> }
> }
> @Stateless
> @Local(SecureService.class)
> public class SecureServiceBean extends SecureServiceBeanBase implements SecureService
> {
> @Override
> @RolesAllowed(SecureService.ROLES_EJB)
> public void someMethod()
> {
> return;
> }
> }
> ...results in two method permissions for "someMethod".
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list