• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Quick question...

 
James Turner
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

Just a quick question:

When a bean executes a method that has no transaction context, i.e. Never. Can the bean access the security context of the client (session and entity beans)?

If a bean is BMT then my understanding is that it can access any resources in any method it wants (appart from constructor and set context method- session and message driven only) only when it starts a transaction, if it has not started a transaction, or it just ended one, it cannot access security context, resources or other beans.

Is my thinking correct?

Thank you for your help.

James.
 
James Turner
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys,

Can anyone help...

Thanx.

James.
 
Sandesh Tathare
Ranch Hand
Posts: 82
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When a bean executes a method that has no transaction context, i.e. Never. Can the bean access the security context of the client (session and entity beans)?

Are you referring to whether client can invoke EJBContext's following methods:
1] getCallerPrincipal()
2] isCallerInRole(java.lang.String)
 
James Turner
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, basically because, methods that execute in a transaction context, seem to ba able to access these methods:

getCallerPrincipal()
isCallerInRole(java.lang.String)

Therefore I was just wondering if these methods can only be accessed within a transaction.

Also with BMT beans, the spec says non transaction context methods can access resource managers and other beans, but is that only within a bean stated transaction, or outside also.

The spec is not that clear, it just says a bean can access these resources in a method without a transaction context. But I assume that is only for BMT beans and only after they start their own transaction.

I hope I am clear.

Thanx for any help.

James.
 
Anonymous
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My understanding is that instance-level security info is not related to the transaction type, but rather if the method has been invoked by a client, i.e getCallerPrincipal() and isUserInRole() return you security info about the client.

Therefore the following methods can get security info about a client:

MessageDrivenBeans - no client, no security info.
Stateless SessionBeans - business methods
Stateful SessionBeans - ejbCreate, ejbPassivate, ejbActivate, ejbRemove, Business Methods
Synchronized SessionBeans - same as Stateful, with afterBegin, beforeCompletion, afterCompletion.
Entity Beans - ejbCreate, ejbPostCreate, ejbLoad, ejbStore, ejbRemove home business methods, business methods.

As these methods get invoked as a result of a client call. Don't take this list as being exhaustive as I might have missed some methods out though.
 
Arun Krishnamoorthy
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For a stateful session bean, you can get security information about the client from within ejbActivate()/ejbPassivate() container callback methods i.e. getCallerPrincipal()
and isCallerInRole(java.lang.String) can be accessed. A bean can NEVER be passivated if it is in a transaction context. Hence, you can conclude that security information can be obtained (from specific methods) even if transaction context does NOT exist.
 
James Turner
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It seems strange that a stateful session bean can access it's clients security info in the ejbActivate and ejbPassivate but an entity cannot.

I surpose the entity is not associated with its client at that point. But it does make things more confusing.

Just one last question: It is impossible to access a resource manager or another bean without being in a transaction? (Does this depend on the transaction attribute of the accessed resource or bean?)

Thanx for your help.

James.
 
krishnakumar ramamurthy
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It seems strange that a stateful session bean can access it's clients security info in the ejbActivate and ejbPassivate but an entity cannot.

I surpose the entity is not associated with its client at that point. But it does make things more confusing.



Yes. The entity is not associated with its client at that point. ejbActivate() brings the entity from the pool to the ready state.



Just one last question: It is impossible to access a resource manager or another bean without being in a transaction? (Does this depend on the transaction attribute of the accessed resource or bean?)


You can access another bean without being in a transaction. In ejbcreate() of stateful session bean you can access other beans.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic