2 Replies Latest reply on Feb 20, 2013 3:29 PM by bape_tc

    SessionScoped managedbean not working


      I don't find the solution for my problem.
      I use spring security 3.1.2 and jsf 2.1

      Logging in my application with different users give me the same managed beans.
      I printed out the sessionid after login, this is always a new session id.

      Code LoginBean:

      import javax.faces.application.FacesMessage;
      import javax.faces.bean.ManagedBean;
      import javax.faces.bean.SessionScoped;
      import javax.faces.context.ExternalContext;
      import javax.faces.context.FacesContext;
      import javax.servlet.http.HttpServletRequest;
      import javax.servlet.http.HttpSession;

      import org.springframework.beans.factory.annotation.Autowired;
      import org.springframework.stereotype.Controller;

      import x.y.User;
      import x.y.AuthenticationService;
      import x.y.UserService;

      public class LoginBean {

      private String login;
      private String password;

      private String userName = null;

      private AuthenticationService authenticationService;

      private UserService userService;

      public String login() {

      boolean success = authenticationService.login(login, password);

      if (success) {
      User user = this.userService.findUser(login);
      this.userName = user.getName();

      FacesContext context = FacesContext.getCurrentInstance();
      HttpServletRequest request = (HttpServletRequest)context.getExternalContext().getRequest();
      HttpSession httpSession = request.getSession(false);
      return "/secure/index.xhtml?faces-redirect=true";
      } else {
      FacesContext.getCurrentInstance().addMessage(null, new FacesMessage("Login or password incorrect."));
      return "/login?faces-redirect=true";

      public String logout() {

      FacesContext context = FacesContext.getCurrentInstance();
      ExternalContext ec = context.getExternalContext();
      final HttpServletRequest request = (HttpServletRequest)ec.getRequest();

      return "/login?faces-redirect=true";

      public String getLogin() {
      return login;

      public void setLogin(String login) {
      this.login = login;

      public String getPassword() {
      return password;

      public void setPassword(String password) {
      this.password = password;

      public String getUserName() {
      return userName;

      public void setUserName(String userName) {
      this.userName = userName;


      In my jsf page I printout the username like this:

      <h:outputText value="Logged in as: " /><h:outputText value="#{loginBean.userName} " />

      And it displays always the last userName logged in the application :-) So, it is always the same object of LoginBean and not an new per session?
      How is this possible?