Win a copy of Svelte and Sapper in Action this week in the JavaScript forum!

Jarek Wa

Greenhorn
+ Follow
since Jan 12, 2012
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
1
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Jarek Wa

Hi,

Today I passed 1Z0-895 exam. My preparation was divided into three parts:

- reading EJB and Interceptors specs
- writing some application code (one EAR with ejb and war modules)
- using preparation tests from Enthuware

After finishing answering questions I had ~35 minutes left for reviewing my answers so I was quite comfortable with time. I must say that Enthuware s/w is a must for this exam.
Great work guys. I also appreciate the feedback from Enthuware's forum administrator Paul, who quickly fixed inaccuracies in questions that I complained about;-)

The dark side of the exam was obvious inaccuracies/errors in questions - I counted three. Anyone else had the same?

It took me about 2 months to prepare. Earlier in 2010 I read book Enterprise JavaBeans 3.1, 6th Edition from O'Reilly. I found it quite useful.


Thanks,
J
7 years ago
No,
You should use @PrePassivate and PostActivate callback to properly manage resources used by a bean. Note that for example if Stateful bean times out during passivation, its resources remain open (if not released in PrePassivate).

Spec 4.3.4:

The PrePassivate callback notification signals the intent of the container to passivate the instance. The PostActivate notification signals the instance it has just been reactivated. Their purpose is to allow stateful session beans to maintain those open resources that need to be closed prior to an instance’s passivation and then reopened during an instance’s activation.



Also 4.6.3 for stateful session bean:

The application using the session bean should provide some clean up mechanism to periodically clean up the unreleased resources.
For example, if a shopping cart component is implemented as a session bean, and the session bean stores the shopping cart content in a database, the application should provide a program that runs periodically and removes “abandoned” shopping carts from the database.


Hi,

Only Singleton Bean can access resource managers in PostConstruct and PreDestroy (because it is the only one for which these two methos can be associated with transaction context).

Specification, 4.8.6 , table 3:

SessionContext methods: getBusinessObject, getRollbackOnly, setRollbackOnly, getTimerService, lookup, getContextData
JNDI access to java:comp/env
Resource manager access
Enterprise bean access
EntityManagerFactory access
EntityManager access
TimerService and Timer methods



And here are the operations you can access from PostConstruct, PreDestroy lifecycle callback interceptor methods of Stateless Session Bean:

Specification, 4.7.2, table 2:

SessionContext methods: getBusinessObject, getEJBHome, getEJBLocalHome, getEJBObject, getEJBLocalObject, getTimerService, lookup, getContextData
JNDI access to java:comp/env
EntityManagerFactory access



Generally you cannot use resource managers as SFSB and SLSB PostConstruct and PreDestroy methods, because they run in unspecified transaction context.

HTH,
J

Sagar Rohankar wrote:

Eshwar Prasad wrote:I have application where after user login, a user details object is stored in the session. On logout, user object from session is removed. In case if users login to application in two browser windows with two different user ids and logout a user in one window, then, even the second user in other window is also logged out.


No, it won't happen unless you developed the application in such a way that you share same session for all users, which is bad.



I agree with Satar. I believe that you have designed your apllication in a wrong way.
8 years ago
Hi Rogerio,
Your application server might be helpful in this case. For example Weblogic Server can be explicitly configured to secure these types of attacks.
Please check docs of application server that you use
8 years ago
Hi everyone,

There is a pseudo-code:



The exception I get:



What comes to my mind is to mark performOperation transaction attribute of SubManager as NOT_SUPPORTED (there are no database operations in that method).
What are your recommendations to avoid this exception? (I have no influence on the external system).
The code is running in Weblogic Server