i don't quite understand why a statefull session bean can access other entity beans in ejbCreate, but stateless is not aloud. doesn't statefull beans also run this method in unspecified transactional context? i just saw that today and thought it was kinda weird.
I think it may be because Stateful session beans are associated with an EJBObject at the time of create whereas Stateless beans have no associations and are just lying around in the pool, so they are not allowed.
According to the spec, access to Enterprise beans are not allowed from methods where there is no transaction context or client security information. in ejbcreate the stateful beans have access to client security whereas stateless beans do not have.