001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.kernel.servlet;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.BasePortalLifecycle;
020    import com.liferay.portal.kernel.util.GetterUtil;
021    import com.liferay.portal.kernel.util.PropsKeys;
022    import com.liferay.portal.kernel.util.PropsUtil;
023    
024    import java.io.Serializable;
025    
026    import javax.servlet.ServletContext;
027    import javax.servlet.http.HttpSession;
028    import javax.servlet.http.HttpSessionAttributeListener;
029    import javax.servlet.http.HttpSessionBindingEvent;
030    
031    /**
032     * @author Bruno Farache
033     */
034    public class SerializableSessionAttributeListener
035            extends BasePortalLifecycle implements HttpSessionAttributeListener {
036    
037            public void attributeAdded(
038                    HttpSessionBindingEvent httpSessionBindingEvent) {
039    
040                    if (!_sessionVerifySerializableAttribute) {
041                            return;
042                    }
043    
044                    String name = httpSessionBindingEvent.getName();
045                    Object value = httpSessionBindingEvent.getValue();
046    
047                    if (!(value instanceof Serializable)) {
048                            Class<?> clazz = value.getClass();
049    
050                            _log.error(
051                                    clazz.getName() +
052                                            " is not serializable and will prevent this session from " +
053                                                    "being replicated");
054    
055                            if (_requiresSerializable == null) {
056                                    HttpSession session = httpSessionBindingEvent.getSession();
057    
058                                    ServletContext servletContext = session.getServletContext();
059    
060                                    _requiresSerializable = Boolean.valueOf(
061                                            GetterUtil.getBoolean(
062                                                    servletContext.getInitParameter(
063                                                            "session-attributes-requires-serializable")));
064                            }
065    
066                            if (_requiresSerializable) {
067                                    HttpSession session = httpSessionBindingEvent.getSession();
068    
069                                    session.removeAttribute(name);
070                            }
071                    }
072            }
073    
074            public void attributeRemoved(
075                    HttpSessionBindingEvent httpSessionBindingEvent) {
076            }
077    
078            public void attributeReplaced(
079                    HttpSessionBindingEvent httpSessionBindingEvent) {
080    
081                    attributeAdded(httpSessionBindingEvent);
082            }
083    
084            @Override
085            protected void doPortalDestroy() throws Exception {
086            }
087    
088            @Override
089            protected void doPortalInit() throws Exception {
090                    _sessionVerifySerializableAttribute = GetterUtil.getBoolean(
091                            PropsUtil.get(PropsKeys.SESSION_VERIFY_SERIALIZABLE_ATTRIBUTE),
092                            true);
093            }
094    
095            private static Log _log = LogFactoryUtil.getLog(
096                    SerializableSessionAttributeListener.class);
097    
098            private Boolean _requiresSerializable;
099            private boolean _sessionVerifySerializableAttribute;
100    
101    }