Home/ Questions/Q 8852863
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T13:30:25+00:00

Given the following scenario : A jsf component’s (e.g a CommandButton) render attribute depends

  • 0

Given the following scenario : A jsf component’s (e.g a CommandButton) render attribute depends on an application scoped managed property. Since the property is shared across all sessions, the following might easily happen : User A loads a jsf page and the button’s render attribute is true, so it is rendered. Now user B also loads the page and the render attribute is still true. Now user A clicks the button which causes the property to change its value and the button is not rendered anymore. User B still has the old view and although the render attribute is false now, he can click the button because he didn’t update his view in the meantime. What happens now if user B clicks the button?

I thought the button’s action is fired anyway because the render attribute is just used for rendering the button and has no influence anymore, once the page is rendered. But after doing some tests it seems to me that the render attribute is also checked again after clicking the button and if the attribute is false then, the action is not performed. Can someone confirm this ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Disclaimer: I’ll ignore the strange design for now.

    But after doing some tests it seems to me that the render attribute is also checked again after clicking the button and if the attribute is false then, the action is not performed. Can someone confirm this ?

    Yes, that’s correct. This is part of safeguard against possibly tampered requests wherein the hacker is trying to simulate the invocation of an action component which is actually not rendered by the server side (such as an admin-only command button which is only rendered when the current user has the admin role). The rendered (and disabled and readonly) attributes are always re-checked during processing the form submit.

    In your particular case, you’d like to have a copy of the condition responsible for the rendered attribute in the view scope so that only this copy will be used as long as you’re interacting with the same view. This can be achieved by just injecting the application scoped property as a managed property of a view scoped managed bean and then referencing it in the rendered attribute instead.

    @ManagedBean
@ViewScoped
public class ViewBean {

    @ManagedProperty("#{appBean.rendered}")
    private boolean rendered;

    // ...
}

    with

    <h:commandButton ... rendered="#{viewBean.rendered}" />
    • 0