Your problem comes from the fact you are trying to retrieve a
request-scoped value from a session-scoped bean wich is illegal in
JSF. It was probably a bug in the previous version that could have
give you some weird exceptions.
But I think the bug come from the request class design. Why is the
getRemoteUser method in the request class when it is clearly related
to the session, ie you need to invalidate the session to log off tthe
user. Doesn't make sense to me. The security is so messy in the J2EE
world. I hope they get some work done on this area in the future.
Anyway, back to your problem. You need to initialize the property by
hand in your backing bean even if it looks like a kind of hack.
Hope it helps!
On 12/28/05, EXTERNAL Willinger Markus (Diplomand; CC/EMT1)
<[EMAIL PROTECTED]> wrote:
>
>
> Hello,
>
> We are using Tomcat 5.5, JDK 1.5, MyFaces 1.1. In our web-application we get
> an error when trying to "login", after upgrading MyFaces from version 1.09
> to 1.1. Here is our login process in steps:
>
> 1.) Login via tomcats standard login function (j_username, j_password) using
> REALM
> 2.) Initializing the managed-bean
> "com.mycompany.UserHandlingBackingBean":
>
> <managed-bean>
>
> <managed-bean-name>userHandlingBackingBean</managed-bean-name>
> <managed-bean-class>
> com.mycompany.UserHandlingBackingBean
> </managed-bean-class>
>
> <managed-bean-scope>session</managed-bean-scope>
> <!-- sets the _currentUserName - property
> in the UserHandlingBackingBean -->
> <managed-property>
>
> <property-name>_currentUserName</property-name>
>
> <value>#{facesContext.externalContext.remoteUser}</value>
> </managed-property>
> </managed-bean>
>
> This managed-bean tries to set the current logged-in user (its username) in
> the property "(String)_currentUserName" (using
> #{facesContext.externalContext.remoteUser}). Our login
> process works fine with MyFaces 1.09. But with MyFaces 1.1 we get the
> following exception:
>
> Caused by: javax.faces.FacesException: Property _currentUserName references
> object in a scope with shorter lifetime than the target scope session
>
> at
> org.apache.myfaces.config.ManagedBeanBuilder.initializeProperties(ManagedBeanBuilder.java:154)
> at
> org.apache.myfaces.config.ManagedBeanBuilder.buildManagedBean(ManagedBeanBuilder.java:55)
> at
> org.apache.myfaces.el.VariableResolverImpl.resolveVariable(VariableResolverImpl.java:311)
> at
> org.apache.myfaces.el.ValueBindingImpl$ELVariableResolver.resolveVariable(ValueBindingImpl.java:571)
> at
> org.apache.commons.el.NamedValue.evaluate(NamedValue.java:124)
> at
> org.apache.commons.el.ComplexValue.evaluate(ComplexValue.java:140)
> at
> org.apache.myfaces.el.ValueBindingImpl.getValue(ValueBindingImpl.java:380)
> ... 47 more
>
> We changed the class "ManagedBeanBuilder" (located in myfaces-impl.jar)
> especially its method "isInValidScope()":
> [..]
> // 'session' scope can reference 'session', 'application', and
> 'none' but not 'request'
> if (targetScope.equalsIgnoreCase("session")) {
> if (valueScope != null) {
> if (valueScope.equalsIgnoreCase("request")) {
> // DISABLED BE ME to avoid the exception! return false;
> }
> }
> return true;
> }
> [..]
>
> After that it works again. Probably it is the reason that the REALM uses a
> request-scope and we use an application-scope.
>
> Our question is, how should we do a login and get the username into our
> property "(String)_currentUserName" when initializing the managed-bean
> "com.mycompany.UserHandlingBackingBean" without getting an
> exception based on the "isInValidScope()" method?
>
>
> Greetings.
--
Alexandre Poitras
Québec, Canada
