LoginController
is request-scoped and your SecurityService
is dependent-scoped (for all purposes it is not session-scoped unless you specify it as such). Therefore, when the second JSF page references the LoginController
in a EL expression, a new instance of LoginController
would be created that would have a reference to a different instance of the SecurityService
SFSB.
If you need to access the original SecurityService
instance, you should mark it as @SessionScoped
so that clients like the LoginController
can access them across requests. But then, you might also want to consider why you need a @Stateful
annotation in the first place, since this task could be done by an @SessionScoped
managed bean. You don't really need a SFSB to store a reference to your User/Principal objects.