jsf - Homegrown authentication, how do I remember and get the logged in user -

i made filter , authentication in application jsf works i'd current user , have no idea how that. me?

this method authenticates

public string authenticates() {     facescontext fc = facescontext.getcurrentinstance();     entitymanager manager = getmanager();     persondao dao = new persondaojpa(manager);      if (dao.login(getperson().getemail(), getperson().getpassword())) {         externalcontext ec = fc.getexternalcontext();         httpsession session = (httpsession) ec.getsession(false);         session.setattribute("userlogged", true);         getcurrentuser();         return "/index.xhtml" + "?faces-redirect=true";     } else {         facesmessage ms = new facesmessage("email or password incorrect");         ms.setseverity(facesmessage.severity_error);         fc.addmessage(null, ms);         return "/account.xhtml";     } } 

you're setting boolean in session indicate if user logged in or not.

if (userservice.login(email, password)) {     session.setattribute("userlogged", true); } 

this rather simplistic. can improved putting user in session.

user user = userservice.find(email, password);  if (user != null) {     session.setattribute("user", user); } 

now, wherever you'd check if user logged in, instead of checking if userlogged equals true, check if user not equal null.

user user = (user) session.getattribute("user");  if (user != null) {     // user logged in. } else {     // user not logged in. } 

this solves problem of getting "current" user. it's way available #{user}.

<p>your email #{user.email}.</p> 

---

unrelated concrete problem, you'd better not grab raw httpsession under jsf's covers in jsf artifact. false argument in getsession(false) thinking mistake , prone nullpointerexception later on. instead, use externalcontext#getsessionmap().

context.getexternalcontext().getsessionmap().put("user", user);