001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.kernel.servlet;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    
021    import java.io.Serializable;
022    
023    import javax.servlet.ServletContext;
024    import javax.servlet.http.HttpSession;
025    import javax.servlet.http.HttpSessionAttributeListener;
026    import javax.servlet.http.HttpSessionBindingEvent;
027    
028    /**
029     * @author Bruno Farache
030     */
031    public class SerializableSessionAttributeListener
032            implements HttpSessionAttributeListener {
033    
034            @Override
035            public void attributeAdded(
036                    HttpSessionBindingEvent httpSessionBindingEvent) {
037    
038                    String name = httpSessionBindingEvent.getName();
039                    Object value = httpSessionBindingEvent.getValue();
040    
041                    if (value instanceof Serializable) {
042                            return;
043                    }
044    
045                    Class<?> clazz = value.getClass();
046    
047                    _log.error(
048                            clazz.getName() +
049                                    " is not serializable and will prevent this session from " +
050                                            "being replicated");
051    
052                    if (_requiresSerializable == null) {
053                            HttpSession session = httpSessionBindingEvent.getSession();
054    
055                            ServletContext servletContext = session.getServletContext();
056    
057                            _requiresSerializable = Boolean.valueOf(
058                                    GetterUtil.getBoolean(
059                                            servletContext.getInitParameter(
060                                                    "session-attributes-requires-serializable")));
061                    }
062    
063                    if (_requiresSerializable) {
064                            HttpSession session = httpSessionBindingEvent.getSession();
065    
066                            session.removeAttribute(name);
067                    }
068            }
069    
070            @Override
071            public void attributeRemoved(
072                    HttpSessionBindingEvent httpSessionBindingEvent) {
073            }
074    
075            @Override
076            public void attributeReplaced(
077                    HttpSessionBindingEvent httpSessionBindingEvent) {
078    
079                    attributeAdded(httpSessionBindingEvent);
080            }
081    
082            private static final Log _log = LogFactoryUtil.getLog(
083                    SerializableSessionAttributeListener.class);
084    
085            private Boolean _requiresSerializable;
086    
087    }