Hello,
I have an EJB security problem. My EJB component has the following structure (in my real EJB application, all this interfaces makes sense but here I simplified the structure to get right into the point)
public interface IGeneric<T> {
T aMethod();
}
public interface SimpleEjb extends IGeneric<String> {
}
@Remote
public interface SimpleEjbRemote extends SimpleEjb {
}
@Local
public interface SimpleEjbLocal extends SimpleEjb {
}
@Stateless
@DeclareRoles(“admin”)
public class SimpleEjbImpl implements SimpleEjbLocal, SimpleEjbRemote {
@RolesAllowed(“admin”)
public String aMethod() {
return “a string”;
}
}
Although aMethod is restricted to admins, every user can call it. The problem goes away when I remove the IGeneric<T> interface and declare aMethod in SimpleEjb interface:
public interface SimpleEjb {
String aMethod();
}
@Remote
public interface SimpleEjbRemote extends SimpleEjb {
}
@Local
public interface SimpleEjbLocal extends SimpleEjb {
}
@Stateless
@DeclareRoles(“admin”)
public class SimpleEjbImpl implements SimpleEjbLocal, SimpleEjbRemote {
@RolesAllowed(“admin”)
public String aMethod() {
return “a string”;
}
}
But this is not what I want because in my real EJB component I need that parameterized interface to prevent code repetition. So is this normal or a bug of GlassFish?
[Message sent by forum member 'bsevindi' (bsevindi)]
http://forums.java.net/jive/thread.jspa?messageID=332043