[jboss-jira] [JBoss JIRA] (WFLY-2988) Class-level @RolesAllowed does not affect inherited methods
Stuart Douglas (JIRA)
issues at jboss.org
Mon Apr 14 17:16:34 EDT 2014
[ https://issues.jboss.org/browse/WFLY-2988?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stuart Douglas resolved WFLY-2988.
----------------------------------
Resolution: Rejected
The current behaviour is correct as per spec, and tested in the TCK.
See the section about superclasses in 12.3.2.1.
I do agree that this could be better, however we can't violate the spec.
> Class-level @RolesAllowed does not affect inherited methods
> -----------------------------------------------------------
>
> Key: WFLY-2988
> URL: https://issues.jboss.org/browse/WFLY-2988
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Security
> Affects Versions: 8.0.0.Final
> Environment: Wildfly 8.0.0.Final running on OpenJDK 1.7.0_45
> Reporter: Daniel Lechner
> Assignee: Darran Lofthouse
> Fix For: 8.1.0.Final
>
>
> Excerpt from the forum reference:
> Basically I have an EJB which derives from a base class. At the EJB itself there is an class-level {{@RolesAllowed}} annotation. With this annotation all methods which are implemented directly in the class can be accessed when the caller has the appropriate role. But when he tries to call a method which has been implemented in the base class, access is denied.
> Reading the EJB 3.2 Spec which says
> {quote}
> Specifying the RolesAllowed or PermitAll or DenyAll annotation on the bean class means that it applies to all applicable business methods of the class.
> {quote}
> I would suggest that this should work. Although this worked with JBoss AS 5.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list