001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.servlet;
016    
017    import com.liferay.portal.kernel.cache.Lifecycle;
018    import com.liferay.portal.kernel.cache.ThreadLocalCacheManager;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.servlet.filters.compoundsessionid.CompoundSessionIdHttpSession;
022    import com.liferay.portal.kernel.servlet.filters.compoundsessionid.CompoundSessionIdSplitterUtil;
023    import com.liferay.portal.util.PropsValues;
024    import com.liferay.portal.util.WebKeys;
025    
026    import java.util.concurrent.atomic.AtomicInteger;
027    
028    import javax.servlet.http.HttpSession;
029    import javax.servlet.http.HttpSessionEvent;
030    import javax.servlet.http.HttpSessionListener;
031    
032    /**
033     * @author Brian Wing Shun Chan
034     */
035    public class PortalSessionListener implements HttpSessionListener {
036    
037            @Override
038            public void sessionCreated(HttpSessionEvent httpSessionEvent) {
039                    if (CompoundSessionIdSplitterUtil.hasSessionDelimiter()) {
040                            CompoundSessionIdHttpSession compoundSessionIdHttpSession =
041                                    new CompoundSessionIdHttpSession(httpSessionEvent.getSession());
042    
043                            httpSessionEvent = new HttpSessionEvent(
044                                    compoundSessionIdHttpSession);
045                    }
046    
047                    new PortalSessionCreator(httpSessionEvent);
048    
049                    HttpSession session = httpSessionEvent.getSession();
050    
051                    PortalSessionActivationListener.setInstance(session);
052    
053                    if (PropsValues.SESSION_MAX_ALLOWED > 0) {
054                            if (_counter.incrementAndGet() > PropsValues.SESSION_MAX_ALLOWED) {
055                                    session.setAttribute(WebKeys.SESSION_MAX_ALLOWED, Boolean.TRUE);
056    
057                                    _log.error(
058                                            "Exceeded maximum number of " +
059                                                    PropsValues.SESSION_MAX_ALLOWED + " sessions " +
060                                                            "allowed. You may be experiencing a DoS attack.");
061                            }
062                    }
063            }
064    
065            @Override
066            public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {
067                    if (CompoundSessionIdSplitterUtil.hasSessionDelimiter()) {
068                            CompoundSessionIdHttpSession compoundSessionIdHttpSession =
069                                    new CompoundSessionIdHttpSession(httpSessionEvent.getSession());
070    
071                            httpSessionEvent = new HttpSessionEvent(
072                                    compoundSessionIdHttpSession);
073                    }
074    
075                    new PortalSessionDestroyer(httpSessionEvent);
076    
077                    ThreadLocalCacheManager.clearAll(Lifecycle.SESSION);
078    
079                    if (PropsValues.SESSION_MAX_ALLOWED > 0) {
080                            _counter.decrementAndGet();
081                    }
082            }
083    
084            private static Log _log = LogFactoryUtil.getLog(
085                    PortalSessionListener.class);
086    
087            private AtomicInteger _counter = new AtomicInteger();
088    
089    }