Class level @RolesAllowed does not work on an inherited method

Solution Verified - Updated -

Issue

  • Class level @RolesAllowed does not work on an inherited method

test.roles.allowed.ParentClassExample.java

@Stateless
public class ParentClassExample {
    public void parentClassMethod(){
          // some business logic
    }
}

test.roles.allowed.ChildClassExample.java

@Stateless 
@RolesAllowed({"testChildParentRole"})
public class ChildClassExample extends ParentClassExample{
    public void childClassMethod(){
          // some business logic
    }
}

test.roles.allowed.TestClientExample.java

public class TestClientExample extends HttpServlet {

    @EJB
    ChildClassExample ChildClassExampleRef;

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        System.out.println(req.isUserInRole("testChildParentRole"));
        ChildClassExampleRef.childClassMethod();
        ChildClassExampleRef.parentClassMethod();
    }
}
  • User can access childClassMethod() method successfully with testChildParentRole, but for parentClassMethod() getting below exception
javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public void test.roles.allowed.ParentClassExample.parentClassMethod() of bean: ChildClassExample is not allowed.

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.x
    • 7.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content