[jboss-jira] [JBoss JIRA] (WFLY-2988) Class-level @RolesAllowed does not affect inherited methods
Dennis Reed (JIRA)
issues at jboss.org
Mon Apr 14 17:50:33 EDT 2014
[ https://issues.jboss.org/browse/WFLY-2988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12961781#comment-12961781 ]
Dennis Reed commented on WFLY-2988:
-----------------------------------
Could you point out the specific part(s) of 12.3.2.1 where it specifies this behavior?
The parts where it describes superclasses appear to me to only apply if the superclass defines method permissions, which isn't the case here.
> Class-level @RolesAllowed does not affect inherited methods
> -----------------------------------------------------------
>
> Key: WFLY-2988
> URL: https://issues.jboss.org/browse/WFLY-2988
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Security
> Affects Versions: 8.0.0.Final
> Environment: Wildfly 8.0.0.Final running on OpenJDK 1.7.0_45
> Reporter: Daniel Lechner
> Assignee: Darran Lofthouse
> Fix For: 8.1.0.Final
>
>
> Excerpt from the forum reference:
> Basically I have an EJB which derives from a base class. At the EJB itself there is an class-level {{@RolesAllowed}} annotation. With this annotation all methods which are implemented directly in the class can be accessed when the caller has the appropriate role. But when he tries to call a method which has been implemented in the base class, access is denied.
> Reading the EJB 3.2 Spec which says
> {quote}
> Specifying the RolesAllowed or PermitAll or DenyAll annotation on the bean class means that it applies to all applicable business methods of the class.
> {quote}
> I would suggest that this should work. Although this worked with JBoss AS 5.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list