[jboss-jira] [JBoss JIRA] (WFLY-3988) Authorization denied for authenticated users when @PermitAll is used on EJB JAX-WS endpoint
Jim Ma (JIRA)
issues at jboss.org
Mon Mar 16 01:29:19 EDT 2015
[ https://issues.jboss.org/browse/WFLY-3988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13050294#comment-13050294 ]
Jim Ma commented on WFLY-3988:
------------------------------
https://github.com/wildfly/wildfly/commit/1c56cbacb3699f3d506fd4b2418b575156d179f6
> Authorization denied for authenticated users when @PermitAll is used on EJB JAX-WS endpoint
> -------------------------------------------------------------------------------------------
>
> Key: WFLY-3988
> URL: https://issues.jboss.org/browse/WFLY-3988
> Project: WildFly
> Issue Type: Bug
> Components: Web Services
> Affects Versions: 8.1.0.Final
> Reporter: Kyle Lape
> Assignee: Jim Ma
>
> Given this endpoint:
> {code:java}
> @Stateless
> @WebService(endpointInterface="com.redhat.gss.SecureEndpoint")
> @DeclareRoles({"a","b"})
> @WebContext(contextRoot="/endpoint",urlPattern="/e",authMethod="BASIC")
> public class SecureEndpointE implements SecureEndpoint {
> @RolesAllowed({"a"})
> public String a() {
> return "Success";
> }
> @RolesAllowed({"b"})
> public String b() {
> return "Success";
> }
> @PermitAll
> public String c() {
> return "Success";
> }
> }
> {code}
> One would expect any authenticated user to be able to invoke {{c()}}, but only users with a role found in {{@DelareRoles}} can invoke it.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
More information about the jboss-jira
mailing list