Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-2988

Class-level @RolesAllowed does not affect inherited methods

    XMLWordPrintable

    Details

    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      As workaround one could extend the ejb-jar.xml to add the desired roles in a method-permission section for the concrete EJB and set the method-name to "*".

      Show
      As workaround one could extend the ejb-jar.xml to add the desired roles in a method-permission section for the concrete EJB and set the method-name to "*".

      Description

      Excerpt from the forum reference:
      Basically I have an EJB which derives from a base class. At the EJB itself there is an class-level @RolesAllowed annotation. With this annotation all methods which are implemented directly in the class can be accessed when the caller has the appropriate role. But when he tries to call a method which has been implemented in the base class, access is denied.

      Reading the EJB 3.2 Spec which says

      Specifying the RolesAllowed or PermitAll or DenyAll annotation on the bean class means that it applies to all applicable business methods of the class.

      I would suggest that this should work. Although this worked with JBoss AS 5.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              dlofthouse Darran Lofthouse
              Reporter:
              daniell Daniel Lechner (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: