Error with RemoteUser after upgrading from MyFaces 1.09 to 1.1

[EXTERNAL Willinger Markus (Diplomand; CC/EMT1)]

Title: Error with RemoteUser after upgrading from MyFaces 1.09 to 1.1

Hello,

We are using Tomcat 5.5, JDK 1.5, MyFaces 1.1. In our web-application we get an error when trying to "login", after upgrading MyFaces from version 1.09 to 1.1. Here is our login process in steps:

1.) Login via tomcats standard login function (j_username, j_password) using REALM
2.) Initializing the managed-bean "com.mycompany.UserHandlingBackingBean":

        <managed-bean>
                <managed-bean-name>userHandlingBackingBean</managed-bean-name>
                <managed-bean-class>
                        com.mycompany.UserHandlingBackingBean
                </managed-bean-class>
                <managed-bean-scope>session</managed-bean-scope>
                <!--  sets the _currentUserName - property
                        in the UserHandlingBackingBean -->
                <managed-property>
                        <property-name>_currentUserName</property-name>
                        <value>#{facesContext.externalContext.remoteUser}</value>
                </managed-property>
        </managed-bean>

This managed-bean tries to set the current logged-in user (its username) in the property "(String)_currentUserName" (using #{facesContext.externalContext.remoteUser}). Our login process works fine with MyFaces 1.09. But with MyFaces 1.1 we get the following exception:

Caused by: javax.faces.FacesException: Property _currentUserName references object in a scope with shorter lifetime than the target scope session

        at org.apache.myfaces.config.ManagedBeanBuilder.initializeProperties(ManagedBeanBuilder.java:154)
        at org.apache.myfaces.config.ManagedBeanBuilder.buildManagedBean(ManagedBeanBuilder.java:55)
        at org.apache.myfaces.el.VariableResolverImpl.resolveVariable(VariableResolverImpl.java:311)
        at org.apache.myfaces.el.ValueBindingImpl$ELVariableResolver.resolveVariable(ValueBindingImpl.java:571)
        at org.apache.commons.el.NamedValue.evaluate(NamedValue.java:124)
        at org.apache.commons.el.ComplexValue.evaluate(ComplexValue.java:140)
        at org.apache.myfaces.el.ValueBindingImpl.getValue(ValueBindingImpl.java:380)
        ... 47 more

We changed the class "ManagedBeanBuilder" (located in myfaces-impl.jar) especially its method "isInValidScope()":
[..]
            // 'session' scope can reference 'session', 'application', and 'none' but not 'request'
            if (targetScope.equalsIgnoreCase("session")) {
                if (valueScope != null) {
                    if (valueScope.equalsIgnoreCase("request")) {
//  DISABLED BE ME to avoid the exception!        return false;
                    }
                }
                return true;
            }
[..]

After that it works again. Probably it is the reason that the REALM uses a request-scope and we use an application-scope.

Our question is, how should we do a login and get the username into our property "(String)_currentUserName" when initializing the managed-bean "com.mycompany.UserHandlingBackingBean" without getting an exception based on the "isInValidScope()" method?

Greetings.