client security context

Hi folks (although Roger seems the only one out there!),

Why is it that one cannot obtain client security information in the ejbActivate and ejbPassivate methods of an entity bean? (Page 354 HFEJB).
In fact, the whole issue of the client context is a little baffling. I thought a bean had access to the client context at or after the point at which the bean and the EJBObject are linked. Is this right?

AN activation request comes in response to a business method call from the client, so I would have thought one could obtain client security information in the entity bean ejbActivate/ejbPassivate methods. Clearly I am wrong, but why?

regards,
Simon

Still only me out here

A bean's method can only get client security information if there is a client. This is why it is possible from the ejbCreate() and ejbRemove() methods of a stateful session bean and an entity bean but not of a stateless session bean.

As for the ejbActivate() and ejbPassivate() methods of an entity bean ... When ejbActivate() is run, it is still not ready to deal with a business method, ejbLoad() must then be invoked. So, you can therefore get client security information from ejbLoad().

When ejbPassivate() is run, ejbStore() will already have been run. You can get client security information from ejbStore(). ejbPassivate() is really about transitioning the bean from the ready to the pooled state, and at this point in the life cycle it has no client.

I'm ready to be corrected on this ...

Thanks, Roger. Your explanation makes good sense.

Excellent explanation, Roger!!! I've just read it and recalled my brain about it...

BTW, when will u take the exam? Mine on 30th May...

Exam date 1 June, should be enough time