001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.kernel.servlet;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.BasePortalLifecycle;
020    import com.liferay.portal.kernel.util.GetterUtil;
021    import com.liferay.portal.kernel.util.PropsKeys;
022    import com.liferay.portal.kernel.util.PropsUtil;
023    
024    import java.io.Serializable;
025    
026    import javax.servlet.ServletContext;
027    import javax.servlet.http.HttpSession;
028    import javax.servlet.http.HttpSessionAttributeListener;
029    import javax.servlet.http.HttpSessionBindingEvent;
030    
031    /**
032     * @author Bruno Farache
033     */
034    public class SerializableSessionAttributeListener
035            extends BasePortalLifecycle implements HttpSessionAttributeListener {
036    
037            public void attributeAdded(
038                    HttpSessionBindingEvent httpSessionBindingEvent) {
039    
040                    if (!_sessionVerifySerializableAttribute) {
041                            return;
042                    }
043    
044                    String name = httpSessionBindingEvent.getName();
045                    Object value = httpSessionBindingEvent.getValue();
046    
047                    if (!(value instanceof Serializable)) {
048                            Class<?> clazz = value.getClass();
049    
050                            _log.error(
051                                    clazz.getName() +
052                                            " is not serializable and will prevent this session from " +
053                                                    "being replicated");
054    
055                            if (_requiresSerializable == null) {
056                                    HttpSession session = httpSessionBindingEvent.getSession();
057    
058                                    ServletContext servletContext = session.getServletContext();
059    
060                                    _requiresSerializable = Boolean.valueOf(
061                                            GetterUtil.getBoolean(
062                                                    servletContext.getInitParameter(
063                                                            "session-attributes-requires-serializable")));
064                            }
065    
066                            if (_requiresSerializable) {
067                                    HttpSession session = httpSessionBindingEvent.getSession();
068    
069                                    session.removeAttribute(name);
070                            }
071                    }
072            }
073    
074            public void attributeRemoved(
075                    HttpSessionBindingEvent httpSessionBindingEvent) {
076            }
077    
078            public void attributeReplaced(
079                    HttpSessionBindingEvent httpSessionBindingEvent) {
080    
081                    attributeAdded(httpSessionBindingEvent);
082            }
083    
084            @Override
085            protected void doPortalDestroy() throws Exception {
086            }
087    
088            @Override
089            protected void doPortalInit() throws Exception {
090                    _sessionVerifySerializableAttribute = GetterUtil.getBoolean(
091                            PropsUtil.get(PropsKeys.SESSION_VERIFY_SERIALIZABLE_ATTRIBUTE),
092                            true);
093            }
094    
095            private static Log _log = LogFactoryUtil.getLog(
096                    SerializableSessionAttributeListener.class);
097    
098            private Boolean _requiresSerializable;
099            private boolean _sessionVerifySerializableAttribute;
100    
101    }