The PageContext#findAttribute()scans in respectively the page, request, session and application scopes until the first non-nullattribute value is found for a given attribute key. See also the javadoc:

的PageContext#findAttribute()分别在页，请求，会话和应用范围，直到第一非扫描null属性值被发现，对于给定的属性键。另请参阅javadoc：

Searches for the named attribute in page, request, session (if valid), and application scope(s) in orderand returns the value associated or null.

按顺序搜索页面、请求、会话（如果有效）和应用程序范围中的命名属性，并返回关联的值或 null。

That explains why it finds the request scoped one set in the forwarding servlet instead of the session scoped one declared in the JSP. This is also explained in our EL wiki page.

这解释了为什么它在转发 servlet 中找到一组请求范围，而不是在 JSP 中声明的会话范围。这也在我们的 EL wiki 页面中进行了解释。

In any case, if you're using a servlet, you should not be using <jsp:useBean>on model objects which are supposed to be managed by a servlet. The <jsp:useBean>follows namely a different MVC level which would only lead to confusion and maintenance trouble when actually using a servlet as controller. This is also explicitly mentioned in "Coding style and recommendations" section of our Servlets wiki page.

在任何情况下，如果您使用的是 servlet，则不应<jsp:useBean>在应该由 servlet 管理的模型对象上使用。将<jsp:useBean>分别遵循不同的MVC水平实际使用servlet作为控制器时，这只会导致混乱和维护的麻烦。我们的 Servlets wiki 页面的“编码风格和建议”部分也明确提到了这一点。

So, instead of all those <jsp:xxx>things, you can just do:

因此，<jsp:xxx>您可以执行以下操作，而不是所有这些：

<br>Name: ${person.name}
<br>Surname: ${person.surname}

You only need to add JSTL <c:out>to prevent potential XSS attack holes while redisplaying user-controlled data (note that <jsp:getProperty>doesn't do that!)

您只需要添加 JSTL<c:out>来防止潜在的 XSS 攻击漏洞，同时重新显示用户控制的数据（注意，<jsp:getProperty>不会这样做！）

<br>Name: <c:out value="${person.name}" />
<br>Surname: <c:out value="${person.surname}" />

To learn more about JSTL, check our JSTL wiki page.

要了解有关 JSTL 的更多信息，请查看我们的 JSTL wiki 页面。