From the
EJB Spec section 21.6.9, page 452 state that:
The EJB Container must provide enforcement of the client access control per the policy defined by the Deployer. A caller is allowed to invoke a method if, and only if, the caller principal is assigned at least one of the security roles that includes the method in its method permissions
definition. (That is, it is not meant that the caller must be assigned all the roles associated with the method.) If the Container denies a client access to a business method, the Container must throw the java.rmi.RemoteException to the client if the client is a remote client, or the javax.ejb.EJBException if the client is a local client.
it said that the
container will throw java.rmi.RemoteException or javax.ejb.EJBException which is System Exception.
The question is: is the bean instance will be toasted?
since the lifecycle shows that if the
bean throw system exception, then the bean will go to DOES NOT EXIST state.
in this case, is it mater who has throw the System Exception? Bean of Container?
SCJP 1.4, SCWCD 1.4, SCBCD 1.3, SCJA<br /> <br />blog: <a href="http://jroller.com/page/rharianto" target="_blank" rel="nofollow">http://jroller.com/page/rharianto</a>