[jboss-jira] [JBoss JIRA] (WFLY-2988) Class-level @RolesAllowed does not affect inherited methods

Stuart Douglas (JIRA) issues at jboss.org
Mon Apr 14 18:12:33 EDT 2014 

    [ https://issues.jboss.org/browse/WFLY-2988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12961783#comment-12961783 ] 

Stuart Douglas commented on WFLY-2988:
--------------------------------------

It is basically the whole section. Basically class level annotations only apply to methods defined by the class, not to methods defined by the super class. The term 'all applicable business methods of the class' just means the methods that are declared on the class itself, not on any superclass.  This applies to pretty much all EJB annotations, and is tested by the TCK. 
                
> Class-level @RolesAllowed does not affect inherited methods
> -----------------------------------------------------------
>
>                 Key: WFLY-2988
>                 URL: https://issues.jboss.org/browse/WFLY-2988
>             Project: WildFly
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Security
>    Affects Versions: 8.0.0.Final
>         Environment: Wildfly 8.0.0.Final running on OpenJDK 1.7.0_45
>            Reporter: Daniel Lechner
>            Assignee: Darran Lofthouse
>             Fix For: 8.1.0.Final
>
>
> Excerpt from the forum reference:
> Basically I have an EJB which derives from a base class. At the EJB itself there is an class-level {{@RolesAllowed}} annotation. With this annotation all methods which are implemented directly in the class can be accessed when the caller has the appropriate role. But when he tries to call a method which has been implemented in the base class, access is denied.
> Reading the EJB 3.2 Spec which says
> {quote}
> Specifying the RolesAllowed or PermitAll or DenyAll annotation on the bean class means that it applies to all applicable business methods of the class.
> {quote}
> I would suggest that this should work. Although this worked with JBoss AS 5.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list