Details
-
Bug
-
Resolution: Done
-
Major
-
8.1.0.Final
-
None
Description
Given this endpoint:
@Stateless @WebService(endpointInterface="com.redhat.gss.SecureEndpoint") @DeclareRoles({"a","b"}) @WebContext(contextRoot="/endpoint",urlPattern="/e",authMethod="BASIC") public class SecureEndpointE implements SecureEndpoint { @RolesAllowed({"a"}) public String a() { return "Success"; } @RolesAllowed({"b"}) public String b() { return "Success"; } @PermitAll public String c() { return "Success"; } }
One would expect any authenticated user to be able to invoke c(), but only users with a role found in @DelareRoles can invoke it.
Attachments
Issue Links
- is related to
-
AS7-5784 WSIntegrationProcessorJAXWS_EJB does not process @PermitAll, @DeclareRoles and @RolesAllowed properly
- Resolved