1 Reply Latest reply on Apr 7, 2015 1:17 PM by Pedro Igor

    Difference between @RolesAllowed() and BasicModel.hasRole()

    Steven Manikiam Newbie



      I have a problem with differing functionality between these two methods listed above.


      My scenario is: I am using groups with roles granted to the groups.  I then add users to the groups to enable authorization functions.  In a system like this I would prefer to use the authorization annotations @RolesAllowed vs BasicModel.hasRoles()


      However I have found that,


      org.picketlink.idm.model.basic.BasicModel.hasRole() does an inheritance check.




      The @RolesAllowed annotation which is implemented in org.picketlink.authorization.DefaultAuthorizationManager.hasRole(InvocationContext invocationContext) and calls method org.picketlink.authorization.util.AuthorizationUtil.hasRole(Identity identity, PartitionManager partitionManager, String roleName) does 'not' check for inherited roles.

      Any help would be appreciated in getting the @RolesAllowed annotation to check for inherited roles.

      Many thanks