[jboss-jira] [JBoss JIRA] (AS7-4417) permissions for security roles are not redefined by jboss-ejb3.xml

Radim Hatlapatka (JIRA) jira-events at lists.jboss.org
Thu Apr 12 17:39:47 EDT 2012 

    [ https://issues.jboss.org/browse/AS7-4417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12683696#comment-12683696 ] 

Radim Hatlapatka commented on AS7-4417:
---------------------------------------

If this is intended behaviour then it works the way as you described.

In this I see mainly one problem:
if I deny method (add it to exclude list) in one descriptor and in second I permit it, then the access to (call of) this method is allowed.

If I look to many other systems with setting permissions, there is if some access is blocked it has higher priority than allowing access. For Example on MS Windows if you set that users from one group has denied access (specified deny), then even if he is in another group which has access he can't access it. I am not certain how it is in older versions of JBoss AS and therefore which behaviour are users of JBoss AS accustomed to. 

So please just confirm that behaviour you specified is the desired one and I will close this issue as solved.
                
> permissions for security roles are not redefined by jboss-ejb3.xml
> ------------------------------------------------------------------
>
>                 Key: AS7-4417
>                 URL: https://issues.jboss.org/browse/AS7-4417
>             Project: Application Server 7
>          Issue Type: Bug
>            Reporter: Radim Hatlapatka
>            Assignee: jaikiran pai
>              Labels: descriptor, security
>             Fix For: 7.1.2.Final-redhat1
>
>
> When I have defined permissions using security roles in ejb-jar.xml (ejb-spec) for certain methods and if I define them differently in jboss-ejb3.xml (jboss-spec) the permissions remain as their are defined in ejb-jar.xml. But I would expect that ejb-spec will redefine the permissions (because merging is not possible).
> For details see written tests here: https://github.com/rhatlapa/jboss-as/commit/62adba59b288a53672a6b08c8a710e3b5208ce10

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list