Using session bean created by JSF from a JSP

Question

So I'm creating and managing a bean using a JSF. The JSF then links to a JSP page that I need access to the managed bean. The JSF code:

<h:inputText id="firstName" value="#{registration.lastName}"/>
<h:commandButton value="Register" action="confirm.jsp"/>

The JSP:

<jsp:useBean id = "registration" scope = "session"
    class = "Project1.Registration">
</jsp:useBean>

<%=
        registration.getFirstName()
%>

So, the JSP firstName is null. Can you use 'usebean' to get access to the JSF bean? Is there more I need to do to call the JSP and pass the managed bean? Obviously this is for a class and I wouldn't see a reason to mix the two like this, but alas that is the requirement. Any help is appreciated.

Answer 1

There are 2 mistakes:

1. You do not need <jsp:useBean> if bean is already been created by some controller beforehand (such as JSF or even a plain vanilla servlet). Just directly access it by its name. It's as being a session scoped bean just available as a session attribute the usual EL way by ${registration}.

2. Neither <jsp:useBean> nor EL variables are as direct variables available in scriptlet <% ... %> scope. Instead, just use EL the usual way. Even more, scriptlets are strongly discouraged since more than a decade. You should stop using them and configure your web.xml to disable them.

So, all in all just this should do:

<c:out value="${registration.firstName}" />

The <c:out> is technically not mandatory, you can also just use ${registration.firstName}, but in contrary to Facelets, legacy JSP doesn't have implicit HTML escaping. So using <c:out> is functionally mandatory in order to prevent XSS attack holes which can occur during redisplaying unsanitized user-controlled input inline in HTML output.

See also:

• Our EL wiki page
• How to avoid Java code in JSP files?