Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Overriding @RolesAllowed in DD  RSS feed

 
Vish Shukla
Ranch Hand
Posts: 111
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

Consider the following scenario for EJB3 session bean. Session bean SecureEJB



And DD is as per below.



Now my doubt is : Can user with "emp" role still call create() method or its completely overridden by "guest"?

I am not able to test it because of restrictions in setting up development environment. Thanks in advance..
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As far as I know, XML settings override annotations, and @RolesAllowed in not exception.
 
Vish Shukla
Ranch Hand
Posts: 111
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes. DD overrides annotations. This is from EJB specs.

Any values explicitly specified in the deployment descriptor override any values specified in
annotations. If a value for a method has not be specified in the deployment descriptor, and a
value has been specified for that method by means of the use of annotations, the value specified
in annotations will apply. The granularity of overriding is on the per-method basis.


The confusion is in the sentence
The granularity of overriding is on the per-method basis.
If I am interpreting it correctly, it says that if I am using @RolesAllowed("emp") at class level and in DD I am giving method permission for read() method to "guest" role, then "guest" and "emp" both can access read() method. Because as per specs, the granularity of overriding is on the per-method basis. is this correct? (sorry for changing original scenario.)
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!