One of the questions in EJB security chapter is - whether getCallerPrincipal method can be called from ejbActivate, ejbPassivate for entity bean. The answer given and the spec specify that we cannot call getCallerPrincipal from ejbActivate & ejbPassivate - dont we have a client when these methods are being called. In which case why is it that we cannot call getCallerPrincipal method?
The flow as i understand is
Client makes business method call -> ejbActivate -> ejbLoad -> business method -> ejbStore -> ejbPassivate. Here dont we know the client when we are in ejbActivate and ejbPassivate methods?
I'm newby to the EJB world, but I can guess an answer.
I think, someone can correct me if i'm wrong, that's because the entity didn't get his "ENTITY" yet. After the ejbActivate, the bean get out of the pool, and after the ejbLoad, the bean has completly get is "ENTITY" state, bound to the data it belongs.
So, in the ejbActivate, the bean is just like any other EntityBean. Maybe, that's why, we're not allowed to call the getCallerPrincipal method.
I think the reason may be that when we do a ejbPassivate() the bean goes to the pool once again and never knows that client.When the same client calls then the container may assign another bean from the pool to serve the client.In this case the container will see whether the client is the same client who had requested previous, if so then it will call the ejbActivate() to get the client state back provided the object is still available in container secondary storage.
SCJP 1.4<br />SCWCD 1.4<br />SCBCD 1.3
Always! Wait. Never. Shut up. Look at this tiny ad.