[jboss-jira] [JBoss JIRA] (WFLY-2988) Class-level @RolesAllowed does not affect inherited methods
Remus Vitan (JIRA)
issues at jboss.org
Wed Aug 12 08:45:06 EDT 2015
[ https://issues.jboss.org/browse/WFLY-2988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13097626#comment-13097626 ]
Remus Vitan commented on WFLY-2988:
-----------------------------------
Hi,
Is there any way that I could achieve this behavior ? (the class level declared security to be performed for methods called for that class)
My use case is quite simple : I have a GenericDAO and its implementations are the actual beans to be called.
Each implementation has its own set of roles that should access that business part.
The only workaround I see is to create the override methods that would genuine delegators to the parent implementation but I do not consider it very elegant :)
> Class-level @RolesAllowed does not affect inherited methods
> -----------------------------------------------------------
>
> Key: WFLY-2988
> URL: https://issues.jboss.org/browse/WFLY-2988
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 8.0.0.Final
> Environment: Wildfly 8.0.0.Final running on OpenJDK 1.7.0_45
> Reporter: Daniel Lechner
> Assignee: Darran Lofthouse
> Fix For: 8.1.0.CR2, 8.1.0.Final
>
>
> Excerpt from the forum reference:
> Basically I have an EJB which derives from a base class. At the EJB itself there is an class-level {{@RolesAllowed}} annotation. With this annotation all methods which are implemented directly in the class can be accessed when the caller has the appropriate role. But when he tries to call a method which has been implemented in the base class, access is denied.
> Reading the EJB 3.2 Spec which says
> {quote}
> Specifying the RolesAllowed or PermitAll or DenyAll annotation on the bean class means that it applies to all applicable business methods of the class.
> {quote}
> I would suggest that this should work. Although this worked with JBoss AS 5.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list