1Z0-900: Java EE 7 Application Developer Exam | Retrieving Principal in HttpServletRequest and EJB SessionContext

Retrieving Principal in HttpServletRequest and EJB SessionContext

Question

Given an HttpServletRequest request and an EJB SessionContext ctx.

Which is a valid way to retrieve the Principal invoking either behavior?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A.

Sure, I can provide you with a detailed explanation of the given question and its answer options.

In Java EE, an HttpServletRequest object represents an incoming HTTP request to a web application. It contains information such as headers, parameters, and cookies of the request. On the other hand, an EJB SessionContext object represents the context of an EJB session, including the caller's security information, transaction context, and environment context.

In this question, we are asked to retrieve the Principal of the caller invoking either behavior using the HttpServletRequest request and the EJB SessionContext ctx. A Principal object represents the identity of a user or a system entity, typically authenticated by a security mechanism such as login.

Option A: request.getCallerPrincipal() and ctx.getCallerPrincipal()

request.getCallerPrincipal() retrieves the Principal object that represents the caller of the request. This method returns null if the request is not authenticated. This method is typically used to retrieve the user identity of the client.

ctx.getCallerPrincipal() retrieves the Principal object that represents the caller of the current EJB session. This method returns null if the EJB session is not associated with a security context. This method is typically used to retrieve the user identity of the EJB client.

Therefore, option A is a valid way to retrieve the Principal invoking either behavior.

Option B: request.getUserPrincipal() and ctx.getUserPrincipal()

request.getUserPrincipal() retrieves the Principal object that represents the user identity of the client that sent the request. This method returns null if the request is not authenticated.

ctx.getUserPrincipal() retrieves the Principal object that represents the user identity of the current EJB session. This method returns null if the EJB session is not associated with a security context.

Therefore, option B is not a valid way to retrieve the Principal invoking either behavior since it retrieves the user identity of the client and the EJB session, respectively, not the caller's identity.

Option C: request.getCallerPrincipal() and ctx.getUserPrincipal()

request.getCallerPrincipal() retrieves the Principal object that represents the caller of the request. This method returns null if the request is not authenticated.

ctx.getUserPrincipal() retrieves the Principal object that represents the user identity of the current EJB session. This method returns null if the EJB session is not associated with a security context.

Therefore, option C is not a valid way to retrieve the Principal invoking either behavior since it retrieves the caller's identity and the user identity of the EJB session, respectively.

Option D: request.getUserPrincipal() and ctx.getCallerPrincipal()

request.getUserPrincipal() retrieves the Principal object that represents the user identity of the client that sent the request. This method returns null if the request is not authenticated.

ctx.getCallerPrincipal() retrieves the Principal object that represents the caller of the current EJB session. This method returns null if the EJB session is not associated with a security context.

Therefore, option D is not a valid way to retrieve the Principal invoking either behavior since it retrieves the user identity of the client and the caller's identity of the EJB session, respectively.

Therefore, the correct answer is option A, which is a valid way to retrieve the Principal invoking either behavior using the HttpServletRequest request and the EJB SessionContext ctx.