JSF / Facelets Session Leak

Here is a bug that is fixed in JSF 2.1.0, but not the 2.0.x series. Bad Facelets code forces session creation for every request. One workaround is to remove the facelets.Encoding attribute from the FacesContext before rendering using a custom ViewHandler:

    /**
     * The default FaceletViewHandler uses session attributes the track
     * the response encoding to use. We can avoid session creation by 
     * removing the facelets.Encoding attribute from the FacesContext.
     */
    @Override
    public void renderView(FacesContext faces, UIViewRoot root)
            throws IOException {
        faces.getAttributes().remove("facelets.Encoding");
        super.renderView(faces, root);
    }

The problem with this is that the template encoding then defaults to ISO-8859-1 while most of will be using UTF-8. So we need another solution.

Try as I might to find another extension point to prevent the session creation, I could not. In the end I just copied the com.sun.faces.application.view.FaceletViewHandlerStrategy source into my project and patched the file myself by commenting out the line below.

        if (ctxAttributes.containsKey("facelets.Encoding")) {
            encoding = (String) ctxAttributes.get("facelets.Encoding");
            if (LOGGER.isLoggable(Level.FINEST)) {
                LOGGER.log(Level.FINEST,
                           "Facelet specified alternate encoding {0}",
                           encoding);
            }
            //sessionMap.put(ViewHandler.CHARACTER_ENCODING_KEY, encoding);
        }

Dodgy, but effective.

About Roger Keays

Roger is an active member of the JSF 2 Expert Group and is happy to be a contributor to the Java Community. He has been writing software since the age of 8 and his other interests include languages, science, travel and surfing. You can follow Roger on Twitter and Google+.