From a message driven bean, I make a call to a session bean. The caller of the MDB as you know is the container and in the called session bean if I make a call to the method like getCallerPrincipal() on the Session bean's context what will be the result? How can I access restrict such a call from MDB as container propably wont fit into any of the roles.
Thanks and please relieve me of this confusion. Vijay.
Probably you will get an UNAUTHORIZED user principal (container implementation specific thing).
SCJP 2(94%), SCBCD 5.0(86%), SCDJWS(86%), SCEA 5 (I-73%, II/III-88%)
The illiterate of the 21st century will not be those who cannot read and write, but those who cannot learn, unlearn, and relearn. - Alvin Toffler
Just an idea.. If you don't want the MDB to invoke the Session bean, it means you are expecting only a certain roles to access the Session bean, In that scenario, you can specify the @RolesAllowed annotation in the Session Bean to enumerate the allowed application specific roles -- this will restrict the "anonymous" calls from the MDB.