Win a copy of Python Continuous Integration and Delivery this week in the Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Paul Clapham
  • Jeanne Boyarsky
Sheriffs:
  • Devaka Cooray
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Tim Holloway
  • Claude Moore
  • Stephan van Hulst
Bartenders:
  • Winston Gutkowski
  • Carey Brown
  • Frits Walraven

jsf session different/lost  RSS feed

 
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello All,

I am dumbfounded why session is lost or different every time when calling backbean.  I googled and tried different solutions but it's not working.  One thing that works is if I create a JSP page then the session and attributes work.  Basically, from JSF webapp1 calling JSP webapp2/servlet.  Then webapp2/servlet forward back to webapp1.  I want to get attributes saved in webapp2 but it always NULL.  Here is how I am doing it:

add to context.xml
crossContext="true"

servlet.java
getServletContext().getContext("/webapp1").getRequestDispatcher("/Login.xhtml").forward(request, response);  //if change to Login.jsp then it works

backbean

@ManagedBean(name="sessionBean")
@SessionScoped

session = (HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(true);


Am I missing something?


Thanks
 
Saloon Keeper
Posts: 20504
115
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're missing two somethings.

First, and most fatally, you're writing your own login system. Don't. JEE defines a standard security framework that's well-documented, designed by full-time security people, well-debugged and requires minimal extra coding. User-defined security systems, on the other hand are none of these, and in about 95% of the cases I've seen over the last decade or so, the user-defined security systems can be cracked by non-technical people in 15 minutes or less. And that includes the ones that the company's "expert" designed for them. Security is a case where one weak link breaks the chain and unless you like having sensitive data for auction in Serbia, leave it to people who don't have to do it "in 'addition' to the important stuff".

Secondly, JSF is an Inversion of Control framework. In IoC, you don't go after stuff, you sit back and have it delivered to you' It's the Amazon Prime of JEE webapp programming, if you like.

In fact, I have 2 basic rules about JSF and one of them is this: The more JSF-specific code you have in your application, the more likely you've done it the wrong way.
 
bruce truong
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for your comments.  Unfortunately these are old application that need to perform authentication and redirection.  They use different technology and framework so it's not easily integrated.  Session is not working but I got ServletContext to work so it will do for now.

Thanks

 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!