• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

afterCompletion method

 
Sany Bel
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
According to spec page # 80 the foolowing operations are allowed in afterCompletion method:
SessionContext methods: getEJBHome,
getEJBLocalHome, getCallerPrincipal,
isCallerInRole, getEJBObject,
getEJBLocalObject
JNDI access to java:comp/env
On Page 81, it says the following :
1) Invoking the getCallerPrincipal and isCallerInRole methods is disallowed in
the session bean methods for which the Container does not have a client security context.
2) Accessing resource managers and enterprise beans is disallowed in the session bean methods
for which the Container does not have a meaningful transaction context or client security context.
My question is that the getCallerPrincipal and isCallerInRole operations are allowed in afterCompletion method, which means it has a client security context. Then why can't it access resource managers and enterprise beans?
 
Dale Seng
Ranch Hand
Posts: 275
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think maybe because it's no longer got a "meaningful transaction context", but what the heck do I know?
--Dale--
 
Weerawit Maneepongsawat
Ranch Hand
Posts: 203
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Sany Bel:
According to spec page # 80 the foolowing operations are allowed in afterCompletion method:
SessionContext methods: getEJBHome,
getEJBLocalHome, getCallerPrincipal,
isCallerInRole, getEJBObject,
getEJBLocalObject
JNDI access to java:comp/env
On Page 81, it says the following :
1) Invoking the getCallerPrincipal and isCallerInRole methods is disallowed in
the session bean methods for which the Container does not have a client security context.
2) Accessing resource managers and enterprise beans is disallowed in the session bean methods
for which the Container does not have a meaningful transaction context or client security context.
My question is that the getCallerPrincipal and isCallerInRole operations are allowed in afterCompletion method, which means it has a client security context. Then why can't it access resource managers and enterprise beans?


because the Transaction is gone in afterCompletion method,
Does it make sense?
 
Sany Bel
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But it still has client security context, which should be ok to access resource managers and enterprise beans as per the spec(look at point 2).
 
Valentin Crettaz
Gold Digger
Sheriff
Posts: 7610
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The point two says that "Accessing resource managers and enterprise beans is disallowed in the session bean methods for which the Container does not have a meaningful transaction context or client security context.
The important part is "is disallowed". This is pure logic. Accessing the resource managers and enterprise beans is disallowed if the container does not EITHER have a transaction context OR a client security context. Thsi means that if any of those conditions (not both of them) is not true, then the access is disallowed.
 
Sany Bel
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That confuses me even more. Does that mean that the client has acesss to the resource managers if he has both transaction context and a client security context? If that is the case how is that ejbCreate, ejbRemove, ejbActivate, ejbPassivate have access to resource managers even if they do not have a valid transaction context?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic