Hi Keerthi and Amol,
When I was preparing for the exam I noticed that too. I searched the forum and found out that this subject has been discussed here before (just search by "enterprise bean access" and you will find some discussions. Unfortunately nobody came out with a reasonable explanation about this, as you can see in
this thread.
Amol:
I'm not sure about your statement. When afterCompletion() runs there is no Tx context at all, no matter whether the previous transaction commited or not. I don't see any difference between this method and ejbCreate() regarding the Tx context.
In my opinion, there is an error in the specification because if access to enterprise beans should be allowed in the presence of a transaction
or security context, then this access should be granted to the afterCompletion() method since it has a client security context.
One could argue that access is allowed only if you have both contexts, but in this case the ejbCrete(), ejbRemove(), etc would violate this rule because they don't have a meaningful transaction context and they still can access another enterprise beans.
PS: I know I didn't come with the solution for this... I'm just trying to warm up the discussion.
Regards,
Stefan
[ March 21, 2005: Message edited by: Stefan Guilhen ]