1 Reply Latest reply on Apr 7, 2015 1:17 PM by Pedro Igor

    Difference between @RolesAllowed() and BasicModel.hasRole()

    Steven Manikiam Newbie

      Hello

       

      I have a problem with differing functionality between these two methods listed above.

       

      My scenario is: I am using groups with roles granted to the groups.  I then add users to the groups to enable authorization functions.  In a system like this I would prefer to use the authorization annotations @RolesAllowed vs BasicModel.hasRoles()

       

      However I have found that,

       

      org.picketlink.idm.model.basic.BasicModel.hasRole() does an inheritance check.

       

      and

       

      The @RolesAllowed annotation which is implemented in org.picketlink.authorization.DefaultAuthorizationManager.hasRole(InvocationContext invocationContext) and calls method org.picketlink.authorization.util.AuthorizationUtil.hasRole(Identity identity, PartitionManager partitionManager, String roleName) does 'not' check for inherited roles.


      Any help would be appreciated in getting the @RolesAllowed annotation to check for inherited roles.


      Many thanks

      Steve