You've declared the UserManagedBean
class as a session scoped JSF managed bean. So JSF will autocreate it and put it in the session on the very first occurrence of #{userManagedBean}
in any page. This means that the session.getAttribute("userManagedBean")
is never null
once that happens, even though the user hasn't logged in yet.
Instead, you want to check its loggedIn
property.
UserManagedBean bean = session != null ? (UserManagedBean) session.getAttribute("userManagedBean") : null;
if (bean != null && bean.isLoggedIn()) {
chain.doFilter(request, response);
}
// ...
Note that the concrete problem has nothing to do with OmniFaces. You'd still face exactly the same problem when not using OmniFaces.