[jboss-jira] [JBoss JIRA] (WFLY-1166) Security annotations should not be required on abstract session beans

David Lloyd (JIRA) jira-events at lists.jboss.org
Fri Sep 20 16:33:03 EDT 2013 

     [ https://issues.jboss.org/browse/WFLY-1166?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Lloyd reassigned WFLY-1166:
---------------------------------

    Assignee: Stuart Douglas  (was: jaikiran pai)


Stuart, if you feel this is not a bug, please close the issue.  Thanks.
                
> Security annotations should not be required on abstract session beans
> ---------------------------------------------------------------------
>
>                 Key: WFLY-1166
>                 URL: https://issues.jboss.org/browse/WFLY-1166
>             Project: WildFly
>          Issue Type: Feature Request
>          Components: EJB
>            Reporter: Samuel Santos
>            Assignee: Stuart Douglas
>
> Example project structure:
> {code:java}
> @Stateless
> @RunAs("private")
> @RolesAllowed("simpleuser")
> @SecurityDomain("myRealm")
> @TransactionAttribute(TransactionAttributeType.REQUIRED)
> public class ExampleServiceBean implements ExampleService {}
> @Stateless
> @RolesAllowed("private")
> @SecurityDomain("myRealm")
> @TransactionAttribute(TransactionAttributeType.SUPPORTS)
> public class ExampleDAOBean extends GenericDAOImpl<ExampleEntity, Long> implements ExampleDAO {}
> @RolesAllowed("private")
> @SecurityDomain("myRealm")
> public abstract class GenericDAOImpl<T, PK extends Serializable> implements GenericDAO<T, PK> {}
> {code}
> If you remove the annotations {{@RolesAllowed("private")}} and {{@SecurityDomain("myRealm")}} from {{GenericDAOImpl}} you will get an "Access Denied" error when invoking {{ExampleDAOBean}}  from {{ExampleServiceBean}}.
> This does not make sense. The annotations available on {{ExampleDAOBean}} should override any security constrains in the class that it extends.
> Moreover, the documentation on https://docs.jboss.org/author/display/AS72/Securing+EJBs does not state that abstracts classes should be annotated.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list