JSF/Spring Session is shared between users

Question

I have a JSF-managed session-scopped bean. It is also a spring component so that I can inject some fields:

import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;
import org.springframework.stereotype.Component;

@ManagedBean
@SessionScoped
@Component
public class EpgBean {...}

The problem is that the session is shared between users! If a user does some stuff and another user from another computer connects, he sees the SessionScoped data of the other user.

Is it due to the spring @Component which would force the bean to be a singleton? What is a correct approach to this matter?

Answer 1

I solved the problem using spring scope annotation @Scope("session") instead of JSF @SessionScopped. I guess that since spring is configured as FacesEl resolver, it is spring scope that matters, while JSF scope is ignored.

Answer 2

The approach I use is to keep the managed beans inside JSF container, and inject the Spring beans into them via EL on a managed property. See related question.

To do that, set up SpringBeanFacesELResolver in faces-config.xml, so JSF EL can resolve Spring beans:

<application>
    ...
    <el-resolver>org.springframework.web.jsf.el.SpringBeanFacesELResolver</el-resolver>
    ...
</application>

After that, you can inject Spring beans in your @ManagedBean annotated beans like this:

@ManagedBean
@ViewScoped
public class SomeMB {
    // this will inject Spring bean with id someSpringService
    @ManagedProperty("#{someSpringService}")
    private SomeSpringService someSpringService;

    // getter and setter for managed-property
    public void setSomeSpringService(SomeSpringService s){
        this.someSpringService = s;
    }
    public SomeSpringService getSomeSpringService(){
        return this.someSpringService;
    }
}

There may be better approachs than this, but this is what I've been using lately.