001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.servlet;
016    
017    import com.liferay.portal.kernel.cache.Lifecycle;
018    import com.liferay.portal.kernel.cache.ThreadLocalCacheManager;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.servlet.filters.compoundsessionid.CompoundSessionIdHttpSession;
022    import com.liferay.portal.kernel.servlet.filters.compoundsessionid.CompoundSessionIdSplitterUtil;
023    import com.liferay.portal.util.PropsValues;
024    import com.liferay.portal.util.WebKeys;
025    
026    import java.util.concurrent.atomic.AtomicInteger;
027    
028    import javax.servlet.http.HttpSession;
029    import javax.servlet.http.HttpSessionEvent;
030    import javax.servlet.http.HttpSessionListener;
031    
032    /**
033     * @author Brian Wing Shun Chan
034     */
035    public class PortalSessionListener implements HttpSessionListener {
036    
037            public void sessionCreated(HttpSessionEvent httpSessionEvent) {
038                    if (CompoundSessionIdSplitterUtil.hasSessionDelimiter()) {
039                            CompoundSessionIdHttpSession compoundSessionIdHttpSession =
040                                    new CompoundSessionIdHttpSession(httpSessionEvent.getSession());
041    
042                            httpSessionEvent = new HttpSessionEvent(
043                                    compoundSessionIdHttpSession);
044                    }
045    
046                    new PortalSessionCreator(httpSessionEvent);
047    
048                    HttpSession session = httpSessionEvent.getSession();
049    
050                    PortalSessionActivationListener.setInstance(session);
051    
052                    if (PropsValues.SESSION_MAX_ALLOWED > 0) {
053                            if (_counter.incrementAndGet() > PropsValues.SESSION_MAX_ALLOWED) {
054                                    session.setAttribute(WebKeys.SESSION_MAX_ALLOWED, Boolean.TRUE);
055    
056                                    _log.error(
057                                            "Exceeded maximum number of " +
058                                                    PropsValues.SESSION_MAX_ALLOWED + " sessions " +
059                                                            "allowed. You may be experiencing a DoS attack.");
060                            }
061                    }
062            }
063    
064            public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {
065                    if (CompoundSessionIdSplitterUtil.hasSessionDelimiter()) {
066                            CompoundSessionIdHttpSession compoundSessionIdHttpSession =
067                                    new CompoundSessionIdHttpSession(httpSessionEvent.getSession());
068    
069                            httpSessionEvent = new HttpSessionEvent(
070                                    compoundSessionIdHttpSession);
071                    }
072    
073                    new PortalSessionDestroyer(httpSessionEvent);
074    
075                    ThreadLocalCacheManager.clearAll(Lifecycle.SESSION);
076    
077                    if (PropsValues.SESSION_MAX_ALLOWED > 0) {
078                            _counter.decrementAndGet();
079                    }
080            }
081    
082            private static Log _log = LogFactoryUtil.getLog(
083                    PortalSessionListener.class);
084    
085            private AtomicInteger _counter = new AtomicInteger();
086    
087    }