[jboss-jira] [JBoss JIRA] Created: (JBAS-6563) EJB3 container does not honour security annotations

[Karel Gardas (JIRA)]

EJB3 container does not honour security annotations
---------------------------------------------------

                 Key: JBAS-6563
                 URL: https://jira.jboss.org/jira/browse/JBAS-6563
             Project: JBoss Application Server
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: Security
    Affects Versions: JBossAS-4.2.3.GA
         Environment: Sun OS 5.11 snv_79a, Sun jdk 1.6, JBoss 4.2.3 for JDK 1.6, Eclipse Ganymede
            Reporter: Karel Gardas
            Assignee: Anil Saldhana


Hello,

I'm using the following code as a testcase for EJB3-WS security.

package demo;

import javax.annotation.security.RolesAllowed;
import javax.annotation.security.DenyAll;
import javax.ejb.Stateless;
import javax.jws.WebService;

@WebService
@Stateless
//@RolesAllowed ("Person")
public class HelloBean3 {
    public HelloBean3() {
    }

    @DenyAll
    public String sayHello() {
    	return "EJB3x: Hello my callee!";
    }
}

unfortunately when it's deployed to the JBoss 4.2.3 AS, it does not deny any requests to sayHello operation, but runs them happily. I'm using web service client developed in Eclipse using Axis:

package demo;

public class Main {
	public static void main(String[] args) throws Exception {
		// TODO Auto-generated method stub
		HelloBean3ServiceLocator loc = new HelloBean3ServiceLocator();
		HelloBean3 hello = loc.getHelloBean3Port();
		System.out.println("service tells me: `" + hello.sayHello() + "'");
	}

}



-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira