[jboss-jira] [JBoss JIRA] (AS7-4417) permissions for security roles are not redefined by jboss-ejb3.xml

jaikiran pai (JIRA) jira-events at lists.jboss.org
Thu Apr 12 13:10:47 EDT 2012 

    [ https://issues.jboss.org/browse/AS7-4417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12683622#comment-12683622 ] 

jaikiran pai commented on AS7-4417:
-----------------------------------

AS7 (and even previous versions of AS), "add" the method permission roles. So if you have role1 configured in ejb-jar.xml for foo method and role2 in jboss-ejb3.xml for the same foo method, then the foo method is allowed to be accessed by role1 _and_ role2. That's how it behaves currently. 

I do see one reason why we might want to change this to treat the roles as "overrides", but at the same time I believe letting this remain the way it is will be more useful since that's how users have been accustomed to this.

I had a quick look at your testcase and I believe changing the test to expect the role2Echo method to be accessed by both role1 and role2 should be the right assertion in that test.

I'm closing this as not a bug. If you still have concerns or test failures (after that change), then feel free to reopen and add the details.


                
> permissions for security roles are not redefined by jboss-ejb3.xml
> ------------------------------------------------------------------
>
>                 Key: AS7-4417
>                 URL: https://issues.jboss.org/browse/AS7-4417
>             Project: Application Server 7
>          Issue Type: Bug
>            Reporter: Radim Hatlapatka
>            Assignee: jaikiran pai
>              Labels: descriptor, security
>             Fix For: 7.1.2.Final-redhat1
>
>
> When I have defined permissions using security roles in ejb-jar.xml (ejb-spec) for certain methods and if I define them differently in jboss-ejb3.xml (jboss-spec) the permissions remain as their are defined in ejb-jar.xml. But I would expect that ejb-spec will redefine the permissions (because merging is not possible).
> For details see written tests here: https://github.com/rhatlapa/jboss-as/commit/62adba59b288a53672a6b08c8a710e3b5208ce10

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list