Hi all,
David, reading your multiple comments from this morning, I really wonder if you are preparing to pass SCBCD in 3 days...
Impressive !
Sudhir, if you compare the stateless version of ejbCreate() on p.228 of HFE with the stateful one (p.196), the *only* difference is that stateless session beans have no access to security information about the client.
But it's quite logical, isn't it ?
Stateless session beans are *pre-created* by the Container, and then pooled (to be later called by clients), meaning that when they are created there is *no client* yet (or no relation with them anyway).
While stateful session beans are only created as a result of a client's create*() call on their home interface. As a result, when ejbCreate*() is called, the client is well known, hence the security stuff can be tested.
Regards,
Phil.
[ January 06, 2004: Message edited by: Philippe Maquet ]