I have a problem with differing functionality between these two methods listed above.
My scenario is: I am using groups with roles granted to the groups. I then add users to the groups to enable authorization functions. In a system like this I would prefer to use the authorization annotations @RolesAllowed vs BasicModel.hasRoles()
However I have found that,
org.picketlink.idm.model.basic.BasicModel.hasRole() does an inheritance check.
The @RolesAllowed annotation which is implemented in org.picketlink.authorization.DefaultAuthorizationManager.hasRole(InvocationContext invocationContext) and calls method org.picketlink.authorization.util.AuthorizationUtil.hasRole(Identity identity, PartitionManager partitionManager, String roleName) does 'not' check for inherited roles.
Any help would be appreciated in getting the @RolesAllowed annotation to check for inherited roles.