Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 9.0.0.Beta1
Affects Version/s: 8.1.0.Final
Component/s: Web Services
Labels:
None

Git Pull Request:
https://github.com/wildfly/wildfly/pull/6833
Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1206657

Given this endpoint:

@Stateless
@WebService(endpointInterface="com.redhat.gss.SecureEndpoint")
@DeclareRoles({"a","b"})
@WebContext(contextRoot="/endpoint",urlPattern="/e",authMethod="BASIC")
public class SecureEndpointE implements SecureEndpoint {
  @RolesAllowed({"a"})
  public String a() {
    return "Success";
  }

  @RolesAllowed({"b"})
  public String b() {
    return "Success";
  }

  @PermitAll
  public String c() {
    return "Success";
  }
}

One would expect any authenticated user to be able to invoke c(), but only users with a role found in @DelareRoles can invoke it.

is related to

AS7-5784 WSIntegrationProcessorJAXWS_EJB does not process @PermitAll, @DeclareRoles and @RolesAllowed properly

Resolved

Assignee:: Jim Ma

Reporter:: Kyle Lape

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2014/10/16 5:43 PM

Updated:: 2017/12/06 11:28 AM

Resolved:: 2015/03/16 1:28 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates