If you are setting up the IBM Social Business Toolkit within your XPages application – the faces-config.xml is where you configure your SBT connection to Smartcloud/Connections. This particular issue arose for us recently but makes perfect sense once we understood what was going on.

Initially we had the following and everyone who accessed the application got the same list of one user’s files. We struggled to figure out why.

In the faces-config.xml one of the required parameters is the scope of the CredStore managed bean.

 <managed-bean>
    <managed-bean-name>CredStore</managed-bean-name>
    <managed-bean-class>com.ibm.sbt.security.credential.store.MemoryStore</managed-bean-class>
    <managed-bean-scope>application</managed-bean-scope>
  </managed-bean>

Turns out it was always the first person who logged in – which makes sense as the bean has application scope. The bean stays in scope and then everyone else starts to use it as well – giving them the wrong files.

The right answer is to use session scope for the CredStore bean (and smartcloud bean) which means that it is only in scope for the requests which are being by the session user – which is for each user exactly what you want.

 <managed-bean>
    <managed-bean-name>CredStore</managed-bean-name>
    <managed-bean-class>com.ibm.sbt.security.credential.store.MemoryStore</managed-bean-class>
    <managed-bean-scope>session</managed-bean-scope>
  </managed-bean>