I have the following questions regarding Entity beans:-
1. Why the ejbCreate() method in an entity bean always return null? Is this behaviour ejbCreate() method same for both CMP and BMP Entity beans?
2. If ejbActivate() and ejbPassivate() methods in an entity bean can get a reference of their EJBObject, then why these methods cannot access the security information about the client?
I only can help for the second question, in ejb specification Page 436(21.2.5) and 451(21.6.5) It is mentioned that container's responsibility is providing security context in business methods.
Somewhere between ejbActivate and ejbLoad the container associates the bean with a client. The same thing occurs after ejbStore() and before ejbPAssivate(). The entity bean is too general during activate and passivate to know about the client that is calling the business method. It has not been associated with a client or transaction.
According to the specification the primary key for the entity must be set before ejbCreate completes, Once that is done the primary key is available through getPrimaryKey method of EntityContext. There should be some way to communicate to the container what primary will be used for this entity. In case of CMP we have to do something like setId() (id is the primary key and a virtual persistence field). So when ejbCreate returns the container knows the primary key and we return null, In case of BMP there is no way the container knows what the primary key is and hence we need to return the primary key class and not null from the ejbCreate of BMP bean.