001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.kernel.servlet;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.BasePortalLifecycle;
020    import com.liferay.portal.kernel.util.GetterUtil;
021    import com.liferay.portal.kernel.util.PropsKeys;
022    import com.liferay.portal.kernel.util.PropsUtil;
023    
024    import java.io.Serializable;
025    
026    import javax.servlet.ServletContext;
027    import javax.servlet.http.HttpSession;
028    import javax.servlet.http.HttpSessionAttributeListener;
029    import javax.servlet.http.HttpSessionBindingEvent;
030    
031    /**
032     * @author Bruno Farache
033     */
034    public class SerializableSessionAttributeListener
035            extends BasePortalLifecycle implements HttpSessionAttributeListener {
036    
037            public void attributeAdded(HttpSessionBindingEvent event) {
038                    if (!_sessionVerifySerializableAttribute) {
039                            return;
040                    }
041    
042                    String name = event.getName();
043                    Object value = event.getValue();
044    
045                    if (!(value instanceof Serializable)) {
046                            _log.error(
047                                    value.getClass().getName() +
048                                            " is not serializable and will prevent this session from " +
049                                                    "being replicated");
050    
051                            if (_requiresSerializable == null) {
052                                    HttpSession session = event.getSession();
053    
054                                    ServletContext servletContext = session.getServletContext();
055    
056                                    _requiresSerializable = Boolean.valueOf(
057                                            GetterUtil.getBoolean(
058                                                    servletContext.getInitParameter(
059                                                            "session-attributes-requires-serializable")));
060                            }
061    
062                            if (_requiresSerializable) {
063                                    HttpSession session = event.getSession();
064    
065                                    session.removeAttribute(name);
066                            }
067                    }
068            }
069    
070            public void attributeRemoved(HttpSessionBindingEvent event) {
071            }
072    
073            public void attributeReplaced(HttpSessionBindingEvent event) {
074                    attributeAdded(event);
075            }
076    
077            @Override
078            protected void doPortalDestroy() throws Exception {
079            }
080    
081            @Override
082            protected void doPortalInit() throws Exception {
083                    _sessionVerifySerializableAttribute = GetterUtil.getBoolean(
084                            PropsUtil.get(PropsKeys.SESSION_VERIFY_SERIALIZABLE_ATTRIBUTE),
085                            true);
086            }
087    
088            private static Log _log = LogFactoryUtil.getLog(
089                    SerializableSessionAttributeListener.class);
090    
091            private Boolean _requiresSerializable;
092            private boolean _sessionVerifySerializableAttribute;
093    
094    }