Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-2988

Class-level @RolesAllowed does not affect inherited methods

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Rejected
    • Affects Version/s: 8.0.0.Final
    • Fix Version/s: 8.1.0.CR2, 8.1.0.Final
    • Component/s: Security
    • Labels:
      None
    • Environment:

      Wildfly 8.0.0.Final running on OpenJDK 1.7.0_45

    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      As workaround one could extend the ejb-jar.xml to add the desired roles in a method-permission section for the concrete EJB and set the method-name to "*".

      Show
      As workaround one could extend the ejb-jar.xml to add the desired roles in a method-permission section for the concrete EJB and set the method-name to "*".
    • Bugzilla Update:
      Perform

      Description

      Excerpt from the forum reference:
      Basically I have an EJB which derives from a base class. At the EJB itself there is an class-level @RolesAllowed annotation. With this annotation all methods which are implemented directly in the class can be accessed when the caller has the appropriate role. But when he tries to call a method which has been implemented in the base class, access is denied.

      Reading the EJB 3.2 Spec which says

      Specifying the RolesAllowed or PermitAll or DenyAll annotation on the bean class means that it applies to all applicable business methods of the class.

      I would suggest that this should work. Although this worked with JBoss AS 5.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  dlofthouse Darran Lofthouse
                  Reporter:
                  daniell Daniel Lechner
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: