my dog learned polymorphism*
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes Quick question... Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "Quick question..." Watch "Quick question..." New topic
Author

Quick question...

James Turner
Ranch Hand

Joined: May 10, 2004
Posts: 194
Hi All,

Just a quick question:

When a bean executes a method that has no transaction context, i.e. Never. Can the bean access the security context of the client (session and entity beans)?

If a bean is BMT then my understanding is that it can access any resources in any method it wants (appart from constructor and set context method- session and message driven only) only when it starts a transaction, if it has not started a transaction, or it just ended one, it cannot access security context, resources or other beans.

Is my thinking correct?

Thank you for your help.

James.


James<br />SCJP 1.4 - 92%<br />SCJD - 93%<br />SCWCD 1.4 - 95%<br />SCBCD 1.3 - 100%<br />SCEA - 92%
James Turner
Ranch Hand

Joined: May 10, 2004
Posts: 194
Hi Guys,

Can anyone help...

Thanx.

James.
Sandesh Tathare
Ranch Hand

Joined: Jun 22, 2003
Posts: 82
When a bean executes a method that has no transaction context, i.e. Never. Can the bean access the security context of the client (session and entity beans)?

Are you referring to whether client can invoke EJBContext's following methods:
1] getCallerPrincipal()
2] isCallerInRole(java.lang.String)


Regards,<br />Sandesh<br />(SCJCP, SCWCD, SCBCD - 99%, OCP-1)<br /> <br />Either find a way or create one.
James Turner
Ranch Hand

Joined: May 10, 2004
Posts: 194
Yes, basically because, methods that execute in a transaction context, seem to ba able to access these methods:

getCallerPrincipal()
isCallerInRole(java.lang.String)

Therefore I was just wondering if these methods can only be accessed within a transaction.

Also with BMT beans, the spec says non transaction context methods can access resource managers and other beans, but is that only within a bean stated transaction, or outside also.

The spec is not that clear, it just says a bean can access these resources in a method without a transaction context. But I assume that is only for BMT beans and only after they start their own transaction.

I hope I am clear.

Thanx for any help.

James.
Anonymous
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
My understanding is that instance-level security info is not related to the transaction type, but rather if the method has been invoked by a client, i.e getCallerPrincipal() and isUserInRole() return you security info about the client.

Therefore the following methods can get security info about a client:

MessageDrivenBeans - no client, no security info.
Stateless SessionBeans - business methods
Stateful SessionBeans - ejbCreate, ejbPassivate, ejbActivate, ejbRemove, Business Methods
Synchronized SessionBeans - same as Stateful, with afterBegin, beforeCompletion, afterCompletion.
Entity Beans - ejbCreate, ejbPostCreate, ejbLoad, ejbStore, ejbRemove home business methods, business methods.

As these methods get invoked as a result of a client call. Don't take this list as being exhaustive as I might have missed some methods out though.
Arun Krishnamoorthy
Greenhorn

Joined: Nov 03, 2004
Posts: 22
For a stateful session bean, you can get security information about the client from within ejbActivate()/ejbPassivate() container callback methods i.e. getCallerPrincipal()
and isCallerInRole(java.lang.String) can be accessed. A bean can NEVER be passivated if it is in a transaction context. Hence, you can conclude that security information can be obtained (from specific methods) even if transaction context does NOT exist.
James Turner
Ranch Hand

Joined: May 10, 2004
Posts: 194
It seems strange that a stateful session bean can access it's clients security info in the ejbActivate and ejbPassivate but an entity cannot.

I surpose the entity is not associated with its client at that point. But it does make things more confusing.

Just one last question: It is impossible to access a resource manager or another bean without being in a transaction? (Does this depend on the transaction attribute of the accessed resource or bean?)

Thanx for your help.

James.
krishnakumar ramamurthy
Greenhorn

Joined: Jan 10, 2005
Posts: 7
It seems strange that a stateful session bean can access it's clients security info in the ejbActivate and ejbPassivate but an entity cannot.

I surpose the entity is not associated with its client at that point. But it does make things more confusing.



Yes. The entity is not associated with its client at that point. ejbActivate() brings the entity from the pool to the ready state.



Just one last question: It is impossible to access a resource manager or another bean without being in a transaction? (Does this depend on the transaction attribute of the accessed resource or bean?)


You can access another bean without being in a transaction. In ejbcreate() of stateful session bean you can access other beans.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Quick question...
 
Similar Threads
afterCompletion(): access EJBs?
lifecycle methods for Session beans
tough questions on beans and others
HFE vs EJB Spec - session beans
(With wonderful replies) what decides access to Resource manager/Enterprise bean?