Injecting non-serializable application scoped bean as managed property of serializable session scoped bean in a cluster

Question

I have the following managed beans :

@ApplicationScoped
public class ApplicationBean {
    // ...
}

@SessionScoped
public class SessionBean implements Serializable {

    @ManagedProperty("#{applicationBean}")
    private ApplicationBean applicationBean;

    // ...
}

This is deployed to a server cluster with several nodes. What will happen when the HTTP session will be serialized on another node?

ApplicationBean is not serialized because it doesn't implement Serializable. Will it be re-injected by @ManagedProperty? Or will it actually be serialized somehow?

Answer 1

What will happen when the HTTP session will be serialized on another node?

All HTTP session attributes will be serialized as well, including session scoped JSF managed beans. Any bean properties which are not serializable will be skipped. During deserialization on another node, you will face a NotSerializableException on all bean properties which are not serializable. Marking the property transient will fix that exception, but the property will still remain null after deserialization.

---

Will it be re-injected by @ManagedProperty? Or will it actually be serialized somehow?

Nope. It won't be re-injected. You have to take care of this manually in case of @ManagedProperty.

One somewhat naive and error-prone way is getting rid of @ManagedProperty and performing lazy loading in the getter (thus, act like a proxy yourself):

private transient ApplicationBean applicationBean;

public ApplicationBean getApplicationBean() {
    if (applicationBean == null) { 
        FacesContext context = FacesContext.getCurrentInstance();
        applicationBean = context.getApplication().evaluateExpressionGet(context, "#{applicationBean}", ApplicationBean.class);
    }

    return applicationBean;
}

and use the getter throughout the code instead referencing the property directly.

The better way is to make it an EJB or a CDI managed bean. They're fully transparently created and injected as serializable proxies and you never need to worry about serialization on them.

Thus, either make it an EJB:

import javax.ejb.Singleton;

@Singleton
public class ApplicationBean {
    // ...
}

import javax.ejb.EJB;
import.javax.faces.bean.ManagedBean;
import.javax.faces.bean.SessionScoped;

@ManagedBean
@SessionScoped
public class SessionBean implements Serializable {

    @EJB
    private ApplicationBean applicationBean;

    // ... (no setter/getter necessary!)
}

Or, make them both CDI managed beans:

import javax.enterprise.context.ApplicationScoped;
import javax.inject.Named;

@Named
@ApplicationScoped
public class ApplicationBean {
    // ...
}

import javax.enterprise.context.SessionScoped;
import javax.inject.Inject;
import javax.inject.Named;

@Named
@SessionScoped
public class SessionBean implements Serializable {

    @Inject
    private ApplicationBean applicationBean;

    // ... (also here, no setter/getter necessary!)
}