2 Replies Latest reply on Sep 14, 2009 1:02 PM by Lukasz Rozek

    security support only for public methods

    Lukasz Rozek Newbie

      hi guys,

      security served by annotations (@Restrict, etc.) works only on public methods. Look at Component.initSecurity(), internally it calls class.getMethods(), which returns only public methods. In contrary to other annotations (scanMethod()) it uses class.getDeclaredMethods() which returns all methods (public, protected, private, package), so others annotation can be applied to all methods. In security case is it a bug or a feature ?? If you chose to apply security on public methods, can you explain me why ?? I use template method pattern, which calls internally protected method (invocation is made on proxy, so interceptors are fired ) implemented by inherited class. But in my case security doesn't work because method is protected and @Restrict wasn't detected.