1 Reply Latest reply on Apr 7, 2015 1:17 PM by pcraveiro

Difference between @RolesAllowed() and BasicModel.hasRole()

sman_uk Mar 20, 2015 1:39 PM

Hello

I have a problem with differing functionality between these two methods listed above.

My scenario is: I am using groups with roles granted to the groups. I then add users to the groups to enable authorization functions. In a system like this I would prefer to use the authorization annotations @RolesAllowed vs BasicModel.hasRoles()

However I have found that,

org.picketlink.idm.model.basic.BasicModel.hasRole() does an inheritance check.

and

The @RolesAllowed annotation which is implemented in org.picketlink.authorization.DefaultAuthorizationManager.hasRole(InvocationContext invocationContext) and calls method org.picketlink.authorization.util.AuthorizationUtil.hasRole(Identity identity, PartitionManager partitionManager, String roleName) does 'not' check for inherited roles.

Any help would be appreciated in getting the @RolesAllowed annotation to check for inherited roles.

Many thanks

Steve

1. Re: Difference between @RolesAllowed() and BasicModel.hasRole()

pcraveiro Apr 7, 2015 1:17 PM (in response to sman_uk)

Hi Steven,

You are right, @RolesAllowed is not checking inheritance of privileges.

I've opened this JIRA [1].

[1] https://issues.jboss.org/browse/PLINK-699

Regards.
Actions