What is the relation between session scoped beans and HttpServletRequest?

Question

While trying to figure out how to implement a login filter for a JSF app I saw these 2 lines of code that I didn't understand that much :

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {  

HttpServletRequest req = (HttpServletRequest) request;
LoginBean login = (LoginBean) req.getSession().getAttribute("login");

}

Assuming that LoginBean class is a session scoped bean named "login" , as I noticed the bean is an attribute for the request , what is the relation between them ? are all session scoped bean saved as "attributes" in request sessions ?

Answer 1

are all session scoped bean saved as "attributes" in request sessions ?

That's correct. JSF is just a MVC framework which is built on top of the bare Servlet API, not an entirely standalone framework which can run without the Servlet API. Even more, the JSF core controller FacesServlet is a fullworthy Servlet, so it definitely requires a servlet container to run. The concept "session" is in the Servlet API provided by HttpSession, so it would make fully sense to store JSF session scoped beans in there instead of reinventing it.

Note that JSF request scoped beans are stored as HttpServletRequest attributes and that JSF application scoped beans are stored as ServletContext attributes.

See also:

• Get JSF managed bean by name in any Servlet related class
• How do servlets work? Instantiation, sessions, shared variables and multithreading