Under the covers, JSF stores session scoped managed beans as an attribute of the HttpSession
with the managed bean name as key.
So, provided that you've a @ManagedBean @SessionScoped public class User {}
, just this should do inside the doFilter()
method:
HttpSession session = ((HttpServletRequest) request).getSession(false);
User user = (session != null) ? (User) session.getAttribute("user") : null;
if (user != null && user.isLoggedIn()) {
// Logged in.
}
Or, if you're actually using CDI instead of JSF to manage beans, then just use @Inject
directly in the filter.