Hi all
Chapter 4 from EJB3.0 Core Spec says
The PostConstruct lifecycle callback interceptor methods execute in an unspecified transaction
and security context.
The PreDestroy lifecycle callback interceptor methods execute in an unspecified transaction and
security context.
The PrePassivate and PostActivate lifecycle callback interceptor methods execute in an
unspecified transaction and security context.
and Chapter 17 on Security says
The Bean Provider can invoke the getCallerPrincipal and isCallerInRole methods only in
the enterprise bean’s business methods
Then why does the PostConstruct, PreDestroy , PrePassivate and PostActivate methods of a stateful session beans have access to these methods getCallerPrincipal and isCallerInRole(Table 1
Operations Allowed in the Methods of a Stateful Session Bean on page 79) when they are not associated with any Security context and it being said that only business methods have access to these security methods.
With Regards
Deepthi