1

I have the following snippet on the home page of my app:

<h:panelGroup rendered="#{loginBean.loggedIn}">
    <p>Welcome, #{loginBean.currentUser.firstName}</p>
</h:panelGroup>

LoginBean is @SessionScoped. Since it is being referred to on the home page, an instance of the same will be created when the page loads.

Now, assume that the user never logs in. In that case, my LoginBean is of no use since it won't be holding any information about the user. Wouldn't this be redundant?

Am not saying that this causes problems, but am just wondering about the unnecessary instantiation taking up memory space.

Vrushank
  • 2,763
  • 3
  • 27
  • 41

1 Answers1

1

Make the #{loginBean} request/view scoped and manually put the user in the session scope on successful login. The session scope is available as a map by ExternalContext#getSessionMap().

@ManagedBean
@ViewScoped
public class LoginBean {

    public void login() {
        // ...

        if (user != null) {
            externalContext.getSessionMap().put("user", user);
        }

        // ...
    }

}

This way you can get away with

<h:panelGroup rendered="#{not empty user}">
    <p>Welcome, #{user.firstName}</p>
</h:panelGroup>

See also:

Community
  • 1
  • 1
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • Nice.. thanks :) Regarding the container based authentication, is it supported by Tomcat 7 ? I came across this link : http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html. Can I follow the steps mentioned at this link, for the same (using JDBCRealm) ? – Vrushank Jan 08 '13 at 15:21
  • Yes, that's essentially the same. With a *realm*, you basically configure an user/role database for container managed authentication. The container managed authentication is then to be further configured by `` in `web.xml`. See also among others http://stackoverflow.com/a/6079648 – BalusC Jan 08 '13 at 15:22