1

Here is backing bean of my log in page. Why does it preserve values after calling the logIn() method? I mean after I submit the form and return to the login page my previously entered username is already there. I thought that by using @RequestScoped annotation the values are not preserved.

@Controller
@ManagedBean
@RequestScoped
public class LogInBean implements Serializable {

    private static final long serialVersionUID = 2092611147930386873L;

    @Autowired
    private UserService userService;
    private String username;
    private String password;
    private boolean rememberMe;

    public String logIn() {
        return "index?faces-redirect=true";
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public boolean isRememberMe() {
        return rememberMe;
    }

    public void setRememberMe(boolean rememberMe) {
        this.rememberMe = rememberMe;
    }

}
perak
  • 1,310
  • 5
  • 20
  • 31
  • With `@RequestScoped` this is always the case, as long as you do not inject any beans with a "higher" scope who can keep the data also longer. I assume that it's just the browser who saves the input. Try to use another username. I this case the browser is not able to decide anymore which one to display and should leave the field empty. – noone Sep 02 '13 at 19:36
  • It seems that the latest input is always saved, and so is the remember me checkbox. I also noticed that cookie is created when `logIn()` method is called. – perak Sep 02 '13 at 19:42
  • A cookie is expected, that's how the session id is stored. – noone Sep 02 '13 at 19:43

1 Answers1

1

It's because you're actually using an application scoped Spring managed bean instead of a request scoped JSF managed bean.

Your main mistake is that you're mixing JSF bean management annotations with a Spring bean management annotation and somehow are expecting that they seamlessly understand each other. 

@Controller
@ManagedBean
@RequestScoped

This is thus not true. You effectively end up with two completely independent managed bean instances, one managed by JSF and another managed by Spring. The @RequestScoped annotation is specific to JSF bean management facility. The Spring's equivalent, @Scope("request") is absent and therefore the Spring managed bean defaults to the application scope. When referencing the bean in EL scope like so #{logInBean}, the Spring managed one gets precedence over JSF managed one because of the Spring bean EL resolver and you ultimately end up with an application scoped Spring managed bean. This totally explains the symptoms.

Fix it accordingly by getting rid of JSF bean management annotations and placing the desired Spring scope annotation:

@Controller
@Scope("request")

(an alternative would be to get rid of Spring bean management annotation and replace @Autowired by @EJB, like as one would normally do when using standard Java EE stack without any 3rd party library)

If you still face this problem, then another possible cause would be that you're submitting the login synchronously while not having autocomplete="off" on the input fields, head to this Q&A then: Disable web browser password save.

Community
  • 1
  • 1
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • Got it working by replacing JSF bean management annotations by Spring annotations. Thanks. – perak Sep 03 '13 at 16:23