afterCompletion method

According to spec page # 80 the foolowing operations are allowed in afterCompletion method:
SessionContext methods: getEJBHome,
getEJBLocalHome, getCallerPrincipal,
isCallerInRole, getEJBObject,
getEJBLocalObject
JNDI access to java:comp/env
On Page 81, it says the following :
1) Invoking the getCallerPrincipal and isCallerInRole methods is disallowed in
the session bean methods for which the Container does not have a client security context.
2) Accessing resource managers and enterprise beans is disallowed in the session bean methods
for which the Container does not have a meaningful transaction context or client security context.
My question is that the getCallerPrincipal and isCallerInRole operations are allowed in afterCompletion method, which means it has a client security context. Then why can't it access resource managers and enterprise beans?

I think maybe because it's no longer got a "meaningful transaction context", but what the heck do I know?
--Dale--

Originally posted by Sany Bel:
According to spec page # 80 the foolowing operations are allowed in afterCompletion method:
SessionContext methods: getEJBHome,
getEJBLocalHome, getCallerPrincipal,
isCallerInRole, getEJBObject,
getEJBLocalObject
JNDI access to java:comp/env
On Page 81, it says the following :
1) Invoking the getCallerPrincipal and isCallerInRole methods is disallowed in
the session bean methods for which the Container does not have a client security context.
2) Accessing resource managers and enterprise beans is disallowed in the session bean methods
for which the Container does not have a meaningful transaction context or client security context.
My question is that the getCallerPrincipal and isCallerInRole operations are allowed in afterCompletion method, which means it has a client security context. Then why can't it access resource managers and enterprise beans?

because the Transaction is gone in afterCompletion method,
Does it make sense?

But it still has client security context, which should be ok to access resource managers and enterprise beans as per the spec(look at point 2).

The point two says that "Accessing resource managers and enterprise beans is disallowed in the session bean methods for which the Container does not have a meaningful transaction context or client security context.
The important part is "is disallowed". This is pure logic. Accessing the resource managers and enterprise beans is disallowed if the container does not EITHER have a transaction context OR a client security context. Thsi means that if any of those conditions (not both of them) is not true, then the access is disallowed.

That confuses me even more. Does that mean that the client has acesss to the resource managers if he has both transaction context and a client security context? If that is the case how is that ejbCreate, ejbRemove, ejbActivate, ejbPassivate have access to resource managers even if they do not have a valid transaction context?