1

I would like to inject CDI SessionScoped bean into JSP page.

import javax.enterprise.context.SessionScoped;
import java.io.Serializable;

@SessionScoped
public class UserSessionBean implements Serializable {

    private String email = "email";

    public UserSessionBean(){}

    public String getEmail() {
        return email;
    }

    public void setEmail(String email) {
        this.email = email;
    }
}

When I use the bean this way it works fine and I see initial value on the JSP page.

<jsp:useBean id="userSessionBean" class="package.UserSessionBean"/>
<jsp:getProperty name="userSessionBean" property="email"/>

The problems occurs when I inject the same bean into a service which I call from some another servlet inside my API. In this case I don't get updated value at the JSP page. Looks like I get different beans in JSP page and inside the service using @Inject annotation

Can anybody advise how it is possible to use the same SessionScoped bean inside JSP and service layer accessed from servlet?

BalusC
  • 992,635
  • 352
  • 3,478
  • 3,452
Vadim Dissa
  • 841
  • 3
  • 12
  • 27
  • 1
    AFAIK, is you annotate your class with `@Named("foo")`, the bean will be stored in a session attribute named "foo". jsp:useBean and jsp:getProperty were great in 1999. Now they're completely obsolete. – JB Nizet Jul 02 '16 at 12:30

1 Answers1

7

Get rid of <jsp:useBean> and <jsp:getProperty> tags. They predate servlets, EL and CDI. Those tags are intented for JSP pages which doesn't make use of any custom servlet or MVC framework provided servlet. See also a.o. jsp:useBean scope.

The CDI approach is to simply put @Named annotation on the bean class to give it a name in EL.

@Named
@SessionScoped
public class UserSessionBean implements Serializable {}

The name defaults to decapitalized class name. The above CDI managed bean will thus be available in EL by ${userSessionBean}. This also works in a plain JSP page.

<p>Email: <c:out value="${userSessionBean.email}" /></p>

That's all. You can keep using @Inject in your service or even servlet to get the same instance. Do note that JSTL <c:out> in above JSP snippet is not strictly necessary for printing the value. You can since JSP 2.0 do as good without it.

<p>Email: ${userSessionBean.email}</p>

But JSP as a fairly jurassic view technology doesn't have builtin XSS prevention like Facelets has. The <c:out> must be used to escape user-controlled input to prevent potential XSS attack holes. See also a.o. XSS prevention in JSP/Servlet web application.

Last but not least, make sure that your learning resources are caught up with currently available versions. Those <jsp:useBean> tags are from the previous century.

Community
  • 1
  • 1
BalusC
  • 992,635
  • 352
  • 3,478
  • 3,452
  • thanks for the answers. unfortunatelly this doesn't work (( @Named("userSessionBean") @SessionScoped public class UserSessionBean implements Serializable { ....

    Email:

    – Vadim Dissa Jul 02 '16 at 13:51
  • I get completely empty output (( while this one works but displays only initial value ((

    – Vadim Dissa Jul 02 '16 at 13:53
  • What container are you deploying to? This should work in any CDI capable container. At least, it works for me in [Tomcat+Weld](http://stackoverflow.com/questions/18995951/how-to-install-and-use-cdi-on-tomcat) when properly configured. – BalusC Jul 02 '16 at 14:34
  • apache-tomee-plus-7.0.1 – Vadim Dissa Jul 02 '16 at 14:39
  • @BalusC this confirms what I thought about Named, but I searched for a confirmation in the spec, and couldn't find any. Is that specified somewhere? Any reference? – JB Nizet Jul 02 '16 at 14:42
  • @BalusC Thanks. I was looking for "session attribute name" or "request attribute name". That's what it really is, right? The EL doesn't have some magic trick that looks for CDI beans elsewhere than just in the request or session? – JB Nizet Jul 02 '16 at 14:50
  • @JBNizet: http://stackoverflow.com/q/5387174 and CDI impl may have its own [`ELResolver`](http://docs.oracle.com/javaee/7/api/javax/el/ELResolver.html). – BalusC Jul 02 '16 at 14:52
  • @BalusC OK. So if I understand correctly, it has a magic trick: a custom EL resolver. So I can't expect `session.getAttribute("foo")` to return a session-scoped bean named "foo". Thanks. – JB Nizet Jul 02 '16 at 14:59
  • @JBNizet: just use `@Inject` for that. – BalusC Jul 02 '16 at 15:00
  • VadOs, I just tried TomEE 7.0.1 Plus with a scratchpad war project without any additional configuration and it works just fine for me out the box. All named CDI beans (request, session and application scoped ones) are found in plain JSP EL. Are you sure you've properly cleaned, rebuilt, redeployed and restarted the project and server after editing the Java source code in case your IDE doesn't support hotpublishing? – BalusC Jul 02 '16 at 15:19
  • I rebuilt the project using maven and manually deployed it to the server and all works fine. thank for help. can't get why when I make an arfifact and deploy with intellij idea I get such a strange behavior – Vadim Dissa Jul 02 '16 at 17:41
  • http://stackoverflow.com/questions/38164087/sessionscoped-bean-deployment-to-tomee-7 – Vadim Dissa Jul 02 '16 at 20:32