According to spec. Page 80, from with setSessionContext() method of a stateful session bean, we cannot call getCallerPrincipal() method.
For a stateful session EJB, when the setSessionContext method is run , there must have been a user who had called create which starts off the instantiation process � new instance, setSessionContext, ejbCreate. At this time why isn�t the sessionContext able to call getCallerPrincipal, isCallerInRole() methods?
Also, what happens between setSessionContext and ejbCreate methods such that in the latter we are able to call getCallerPrincipal() method?(spec. Page 80)
But Roger, In setSessionContext(), we have the context instance available which is the lifeline to the container....so i don't quite understand why the client security info shudn't be avaliable out in the setSessionContext()methd. pls advice.