In order to keep basic information about the user (security roles, personal datas, etc...) in the session, I've created an AppSession bean, and I was wondering if it was a bad practice to inject in every backing bean a reference of that session bean.
For example, instead of this in a request scoped bean:
@ManagedBean
@RequestScoped
public class MyRequestBean {
@ManagedProperty("#{appSession.user}")
private User user;
@ManagedProperty("#{appSession.roles}")
private Roles[] roles;
}
I'd like to have something like this...
@ManagedBean
@RequestScoped
public class MyRequestBean {
@ManagedProperty("#{appSession}")
private AppSession appSession;
}
...and use appSession to retrieves user and roles datas.
What do you think of this, is there some bad practises uses here?
PS: sorry, I'm not a native english speaker
I was wondering if it was a bad practice to inject in every backing bean a reference of that session bean.
It's not. It does the job you want. Only other way would be manually grabbing it via ExternalContext#getSessionMap() or Application#evaluateExpressionGet(). But those ways are not declarative and therefore a "less good" practice.