What is the usefulness of statelessness in JSF?

by

First of all, I would like to clarify that JSF isn’t exactly “going stateless” at its whole own. JSF just adds a new feature enabling the developers to create stateless views/forms on demand.

State saving is particularly helpful in dynamically manipulated forms with e.g. conditionally ajax-rendered parts. It remembers the state of the form across ajax based postbacks. In other words, it are those forms where you absolutely need a view scoped managed bean instead of a request scoped managed bean. In case of static forms tied to a request scoped bean, the state could easily be recreated on a per-request basis based on the view file and hence doesn’t necessarily need to be saved.

State saving has in case of server side state saving management however a cost in terms of server memory and session creation. Also, it has the additional disadvantage that a ViewExpiredException would occur during a postback while the session has expired. All of this can be solved by setting the state saving management to client side. But this has in turn a cost in terms of network bandwidth and lower performance due to serialization.

For example, in case of large websites covering a “public” and “restricted” section, you’d like to postpone session creation until the user has actually logged in. However, if you have a JSF login form on the public part, then the session would still be created by just accessing that page. This is an unnecessary cost if the form has basically no dynamic state at its own and is tied to a request scoped bean.

True, this cost is negligible if you have state of the art hardware, but it’s not negligible if you have relatively a lot of visitors and/or relatively poor hardware. In that case, measuring is knowing. Also, it is not always possible to go fully stateless, you’d lose the benefit and experience of having dynamically manipulated views/forms. You could however theoretically maintain the state on a per-request basis by fiddling with hidden input fields and/or custom request parameters.

Noted should be that statelessness has an additional disadvantage that it’s theoretically more easy to perform a CSRF attack if there’s an open XSS hole. Fortunately, with JSF2/Facelets it’s already very hard to have a XSS hole. The only way to get that is to use a <h:outputText escape="false"> to redisplay user-controlled data.

See also:

More Related Contents:

  1. Upgrade JSF / Mojarra in JBoss AS / EAP / WildFly
  2. com.sun.faces.numberOfViewsInSession vs com.sun.faces.numberOfLogicalViews
  3. Difference between Mojarra and MyFaces
  4. How to update Mojarra version in GlassFish
  5. Configuration of com.sun.faces.config.ConfigureListener
  6. How to choose the right bean scope?
  7. Differences between action and actionListener
  8. How to use PrimeFaces p:fileUpload? Listener method is never invoked or UploadedFile is null / throws an error / not usable
  9. Conversion Error setting value for ‘null Converter’ – Why do I need a Converter in JSF?
  10. Difference between h:button and h:commandButton
  11. How implement a login filter in JSF?
  12. Localization in JSF, how to remember selected locale per session instead of per request/view
  13. How do PrimeFaces Selectors as in update=”@(.myClass)” work?
  14. Packaging Facelets files (templates, includes, composites) in a JAR
  15. Execution order of events when pressing PrimeFaces p:commandButton
  16. How to load and display dependent h:selectOneMenu on change of a h:selectOneMenu
  17. What URL to use to link / navigate to other JSF pages
  18. Is there any easy way to preprocess and redirect GET requests?
  19. PrimeFaces CSS skin not showing in login page, also JavaScript undefined errors
  20. Does view scope bean survive Navigation JSF
  21. What is the function of @this exactly?
  22. Running JSF 2.0 on Servlet 2.4 container
  23. Adding faces message to redirected page using ExternalContext.redirect()
  24. How to use EL in PrimeFaces oncomplete attribute which is updated during action method
  25. How create a custom converter in JSF 2?
  26. Primefaces valueChangeListener or
  27. JSF 2.0: How to override base renderers with custom ones?
  28. h:commandButton not working inside h:dataTable
  29. How to implement a PhaseListener which runs at end of lifecycle?
  30. How to use Parameterized MessageFormat with non-Value attributes of JSF components

Leave a Comment