From 37dbb494ba8ef677c2187cd112659202eadc5fdf Mon Sep 17 00:00:00 2001
From: Michael Burman <miburman@redhat.com>
Date: Tue, 2 Aug 2016 16:40:04 +0300
Subject: [PATCH] [BZ 1361933] createSubject was missing RequiredPermissions
 annotation

(cherry picked from commit 5f653740f0f2674cfd3185d7e17b343a0ef05c1b)
---
 .../java/org/rhq/enterprise/server/auth/SubjectManagerBean.java  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java
index b6ac078e0c0..0ae58ecdcac 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java
@@ -199,6 +199,7 @@ public Subject updateSubject(Subject whoami, Subject subjectToModify) {
         return entityManager.merge(subjectToModify);
     }
 
+    @RequiredPermission(Permission.MANAGE_SECURITY)
     public Subject createSubject(Subject whoami, Subject subjectToCreate, String password) throws SubjectException,
         EntityExistsException {
         if (getSubjectByName(subjectToCreate.getName()) != null) {