[jboss-jira] [JBoss JIRA] (WFLY-3988) Authorization denied for authenticated users when @PermitAll is used on EJB JAX-WS endpoint
Kyle Lape (JIRA)
issues at jboss.org
Thu Oct 16 17:43:35 EDT 2014
Kyle Lape created WFLY-3988:
-------------------------------
Summary: Authorization denied for authenticated users when @PermitAll is used on EJB JAX-WS endpoint
Key: WFLY-3988
URL: https://issues.jboss.org/browse/WFLY-3988
Project: WildFly
Issue Type: Bug
Components: Web Services
Affects Versions: 8.1.0.Final
Reporter: Kyle Lape
Assignee: Alessio Soldano
Given this endpoint:
{code:java}
@Stateless
@WebService(endpointInterface="com.redhat.gss.SecureEndpoint")
@DeclareRoles({"a","b"})
@WebContext(contextRoot="/endpoint",urlPattern="/e",authMethod="BASIC")
public class SecureEndpointE implements SecureEndpoint {
@RolesAllowed({"a"})
public String a() {
return "Success";
}
@RolesAllowed({"b"})
public String b() {
return "Success";
}
@PermitAll
public String c() {
return "Success";
}
}
{code}
One would expect any authenticated user to be able to invoke {{c()}}, but only users with a role found in {{@DelareRoles}} can invoke it.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the jboss-jira
mailing list