• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • salvin francis
  • fred rosenberger

afterCompletion method

 
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
According to spec page # 80 the foolowing operations are allowed in afterCompletion method:
SessionContext methods: getEJBHome,
getEJBLocalHome, getCallerPrincipal,
isCallerInRole, getEJBObject,
getEJBLocalObject
JNDI access to java:comp/env
On Page 81, it says the following :
1) Invoking the getCallerPrincipal and isCallerInRole methods is disallowed in
the session bean methods for which the Container does not have a client security context.
2) Accessing resource managers and enterprise beans is disallowed in the session bean methods
for which the Container does not have a meaningful transaction context or client security context.
My question is that the getCallerPrincipal and isCallerInRole operations are allowed in afterCompletion method, which means it has a client security context. Then why can't it access resource managers and enterprise beans?
 
Ranch Hand
Posts: 275
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think maybe because it's no longer got a "meaningful transaction context", but what the heck do I know?
--Dale--
 
Ranch Hand
Posts: 203
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Sany Bel:
According to spec page # 80 the foolowing operations are allowed in afterCompletion method:
SessionContext methods: getEJBHome,
getEJBLocalHome, getCallerPrincipal,
isCallerInRole, getEJBObject,
getEJBLocalObject
JNDI access to java:comp/env
On Page 81, it says the following :
1) Invoking the getCallerPrincipal and isCallerInRole methods is disallowed in
the session bean methods for which the Container does not have a client security context.
2) Accessing resource managers and enterprise beans is disallowed in the session bean methods
for which the Container does not have a meaningful transaction context or client security context.
My question is that the getCallerPrincipal and isCallerInRole operations are allowed in afterCompletion method, which means it has a client security context. Then why can't it access resource managers and enterprise beans?



because the Transaction is gone in afterCompletion method,
Does it make sense?
 
Sany Bel
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But it still has client security context, which should be ok to access resource managers and enterprise beans as per the spec(look at point 2).
 
Author & Gold Digger
Posts: 7617
6
IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The point two says that "Accessing resource managers and enterprise beans is disallowed in the session bean methods for which the Container does not have a meaningful transaction context or client security context.
The important part is "is disallowed". This is pure logic. Accessing the resource managers and enterprise beans is disallowed if the container does not EITHER have a transaction context OR a client security context. Thsi means that if any of those conditions (not both of them) is not true, then the access is disallowed.
 
Sany Bel
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That confuses me even more. Does that mean that the client has acesss to the resource managers if he has both transaction context and a client security context? If that is the case how is that ejbCreate, ejbRemove, ejbActivate, ejbPassivate have access to resource managers even if they do not have a valid transaction context?
 
You ridiculous clown, did you think you could get away with it? This is my favorite tiny ad!
Devious Experiments for a Truly Passive Greenhouse!
https://www.kickstarter.com/projects/paulwheaton/greenhouse-1
    Bookmark Topic Watch Topic
  • New Topic