EJB.15.5 EJB Architecture Client Responsibilities

This section defines the rules that the EJB architecture client program must follow to ensure that the security context passed on the client calls, and possibly imported by the enterprise bean, does not conflict with the EJB server's capabilities for association between a security context and transactions.

These rules are:

• A transactional client cannot change its principal association within a transaction. This rule ensures that all calls from the client within a transaction are performed with the same security context.

• A session bean's client must not change its principal association for the duration of the communication with the session object. This rule ensures that the server can associate a security identity with the session instance at instance creation time, and never have to change the security association during the session instance lifetime.

• If transactional requests within a single transaction arrive from multiple clients (this could happen if there are intermediary objects or programs in the transaction call-chain), all requests within the same transaction must be associated with the same security context.