File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes Section 5.5.1 of EJB 3.0 Core Specs Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "Section 5.5.1 of EJB 3.0 Core Specs" Watch "Section 5.5.1 of EJB 3.0 Core Specs" New topic

Section 5.5.1 of EJB 3.0 Core Specs

Meng Tan
Ranch Hand

Joined: Jan 20, 2001
Posts: 115

Got a question.
Hope anyone can help me.

Under Section 5.5.1 (Operations Allowed in the Methods of a Message-Driven Bean Class) of EJB 3.0 Core Specs, there is a table (Table 3) which shows that "getCallerPrincipal" is an allowed operation in the message listener method, business method interceptor method and timeout callback method of an MDB.

My understanding is that for a MDB, there is no concept of a caller client. The message listener method, business method interceptor method and timeout callback method are invoked by the container.

So why is "getCallerPrincipal" an allowed operation?
What is its returned value?
And if "getCallerPrincipal" an allowed operation then why is "isCallerInRole" not an allowed operation?

Please help me!
Narendra Dhande
Ranch Hand

Joined: Dec 04, 2004
Posts: 951

In case of MDB, though there is no concept of client view, when you receive the message to MBD's message listener method, it come form the JMS messaging agent configured for this purpose. This agent have it's own security mechnism and it apply this security when the message is passed to MDB, So there is security Principal associated with message. How the security is implemented and propagated is specific to messaging system. That is the reason you can not call isUserInRole() is these methods as the security Principals are propagated through external system.


Narendra Dhande
SCJP 1.4,SCWCD 1.4, SCBCD 5.0, SCDJWS 5.0, SCEA 5.0
Meng Tan
Ranch Hand

Joined: Jan 20, 2001
Posts: 115
Hi Narendra,

I tried calling "getCallerPrincipal()" of "MessageDrivenContext" within the "onMessage" method of a MDB deployed in JBoss 4.2.2.
It gives an "IllegalStateException".
This is the stacktrace:

Caused by: java.lang.IllegalStateException: No valid security context for the caller identity
at org.jboss.ejb3.BaseSessionContext.getCallerPrincipal(
at com.titan.reservationprocessor.ReservationProcessorBean.onMessage(
at sun.reflect.GeneratedMethodAccessor102.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
at java.lang.reflect.Method.invoke(
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(
at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(
at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(
at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(
at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(
at org.jboss.aspects.tx.TxPolicy.invokeInCallerTx(
... 17 more

Is either the specs is wrong or JBoss 4.2.2 is wrong.
I suspect the former.

Can someone please confirm?
Thanks a lot!!
Kirill Tsibriy

Joined: Feb 09, 2008
Posts: 1
Maybe it would be a good idea to post it on JBoss forums? Gavin King is listed as an EJB3 spec Expert Group member.
Benoît de Chateauvieux
Ranch Hand

Joined: Aug 10, 2007
Posts: 183
Yes... a bit strange because O'Reilly EJB3 ( says:

The security methodsgetCallerPrincipal( ) and isCallerInRole( )also throw a
RuntimeException if invoked on a MessageDrivenContext.

This post is helpful:

SCJP5 | SCBCD5 | SCEA5 Part 1
I agree. Here's the link:
subject: Section 5.5.1 of EJB 3.0 Core Specs
It's not a secret anymore!