Just a tought: impersonate a role within the SB's method remove instead of
reliying on interactive login:
public void remove() .... {
//get UserManager
UserManager um = ic.lookup("java:comp/UserManager");
um.login("mySecuritySafeUser","thePassWd");
this.myejbref.remove();
}
I haven't tried this, but I guess it should work, specially if auto-sessions
are on...
HTH,
JP
> -----Original Message-----
> From: Gerald Gutierrez [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 22, 2001 3:05 PM
> To: Orion-Interest
> Subject: Removing SBs when expiring HttpSessions ... the challenge
> continues.
>
>
>
> When an HttpSession expires, it calls valueUnbound() on all
> session-bound
> variables that implement the HttpSessionBindingListener
> interface. So this
> provides a way for expiring HTTP sessions to remove session
> beans that would
> otherwise stay active and eventually consume all resources
> and cause the
> server to crash.
>
> The reasonable thing to do is to call ejb.remove() (and whatever other
> methods) within the valueUnbound() method so that the SB can
> clean up and be
> removed on the event.
>
> HOWEVER, if the SB is protected by security constraints,
> calling methods on
> the SB causes either NullPointerExceptions, or SecurityExceptions.
>
> In my case, I have a HttpSession which has bound an SB, which
> in turn has a
> reference to an EB. When the session expires, I need to
> remove the SB, which
> in turn must call a method on the EB. If I attempt to just
> call sb.remove(),
> the ejbRemove() method is called but a NullPointerException
> is thrown in the
> EB's wrapper. If I call getCallerPrincipal() in the SB first
> (which returns
> me the "guest" user), then call the EB, a SecurityException is thrown.
> Ignoring the fact that the different exceptions may be an
> Orion bug, the
> fact still remains that the "guest" user is calling the SB
> when calling
> through the valueUnbound() method.
>
> SO, the question, once again, is: When an HttpSession
> expires, what's the
> proper way to cleanup and remove the EJBs that are bound to
> that session?
>
>
>
> Gerald.
>
>