According to the specs, Security Client Context information can be accessed in SFSB's activate and passivate methods.
Say if I have 2 Stateful session beans of beans type A and B.
Assume bean A is in a passivated state and bean B is active. In both the bean's activate/passivate methods, I have some code to extract the security client information and print it out to the screen on the server side.
If a client X calls a business method on bean A and if the container decides to passivate B, activate A and call my business method on bean A, then will I see the security information of client X displayed twice on the screen? ......(as a result of bean B's passivate method and bean A's activate method being called)?
Client X called a method on only bean A and not on bean B...

The security information DEFINITLY will be displayed twice. Keep in mind that it is the container that decides to passivate a stateful session bean. When it does it will all ALWAYS call ejbPassivate() first. In your case it will display the security info once when ejbPassivate() is called on bean B and a second time when ejbActivate() is called on bean A.
Hope this helps.

Thanks Keith,
Even I thought so...But my innocent client X had nothing to do with bean B. :roll: How can the Container attach the security client context information with bean B?
[ February 02, 2004: Message edited by: Vish Kumar ]

Hey Vish,
When a stateful session bean is created, it is associated with a particular security context and will be until that bean is removed. Whatever client initiated the creation of the bean by calling create on the home interface will pass it's security info to the bean. In the case of bean B, whatever client was responsible for it's creation is where it's security info came from. That security info is available in all the bean methods. When ejbPassivate is called on bean B, the security info that is available and displayed is of the client that created it.
Hope this helps.