• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Security Methods of EJBContext

 
Ranch Hand
Posts: 125
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all

Chapter 4 from EJB3.0 Core Spec says

The PostConstruct lifecycle callback interceptor methods execute in an unspecified transaction
and security context.
The PreDestroy lifecycle callback interceptor methods execute in an unspecified transaction and
security context.
The PrePassivate and PostActivate lifecycle callback interceptor methods execute in an
unspecified transaction and security context.



and Chapter 17 on Security says

The Bean Provider can invoke the getCallerPrincipal and isCallerInRole methods only in
the enterprise bean’s business methods



Then why does the PostConstruct, PreDestroy , PrePassivate and PostActivate methods of a stateful session beans have access to these methods getCallerPrincipal and isCallerInRole(Table 1 Operations Allowed in the Methods of a Stateful Session Bean on page 79) when they are not associated with any Security context and it being said that only business methods have access to these security methods.

With Regards
Deepthi




 
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I also stuck across same question. I was wondering about not only Unspecified Security Context but about Unspecified Transaction Centext also. I didn't get exact answer but I could understood it little bit when I read specs, EJB-Core 13.6.5. It talks about "Handling of Methods that Run with “an unspecified transaction context."

The EJB specification does not prescribe how the container should manage the execution of a method
with an unspecified transaction context—the transaction semantics are left to the container implementation.



What specification mandates is Table 1 Operations Allowed in the Methods of a Stateful Session Bean on page 79. So it is container providers responsibility to handle such special cases.
I think same holds true for Unspecified Security Context also.

Still if somebody can make it more clearer that would be great.

Thanks,
Prasad
 
Whatever you say buddy! And I believe this tiny ad too:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic