Calling getCallerPrincipal method..

One of the questions in EJB security chapter is - whether getCallerPrincipal method can be called from ejbActivate, ejbPassivate for entity bean. The answer given and the spec specify that we cannot call getCallerPrincipal from ejbActivate & ejbPassivate - dont we have a client when these methods are being called. In which case why is it that we cannot call getCallerPrincipal method?

The flow as i understand is

Client makes business method call -> ejbActivate -> ejbLoad -> business method -> ejbStore -> ejbPassivate. Here dont we know the client when we are in ejbActivate and ejbPassivate methods?

Want to know what is it that i am missing here.

Hi Subramanian,

I'm newby to the EJB world, but I can guess an answer.

I think, someone can correct me if i'm wrong, that's because the entity
didn't get his "ENTITY" yet. After the ejbActivate, the bean get out of
the pool, and after the ejbLoad, the bean has completly get is "ENTITY"
state, bound to the data it belongs.

So, in the ejbActivate, the bean is just like any other EntityBean.
Maybe, that's why, we're not allowed to call the getCallerPrincipal
method.


Sylvain Bouchard
SCJP, SCWCD

Hi,

I think the reason may be that when we do a ejbPassivate() the bean goes to the pool once again and never knows that client.When the same client calls then the container may assign another bean from the pool to serve the client.In this case the container will see whether the client is the same client who had requested previous, if so then it will call the ejbActivate() to get the client state back provided the object is still available in container secondary storage.