001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.kernel.servlet;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.kernel.util.PropsKeys;
021    import com.liferay.portal.kernel.util.PropsUtil;
022    
023    import java.io.Serializable;
024    
025    import javax.servlet.ServletContext;
026    import javax.servlet.http.HttpSession;
027    import javax.servlet.http.HttpSessionAttributeListener;
028    import javax.servlet.http.HttpSessionBindingEvent;
029    
030    /**
031     * @author Bruno Farache
032     */
033    public class SerializableSessionAttributeListener
034            implements HttpSessionAttributeListener {
035    
036            public static void initialize() {
037                    _SESSION_VERIFY_SERIALIZABLE_ATTRIBUTE = GetterUtil.getBoolean(
038                            PropsUtil.get(PropsKeys.SESSION_VERIFY_SERIALIZABLE_ATTRIBUTE),
039                            true);
040            }
041    
042            @Override
043            public void attributeAdded(
044                    HttpSessionBindingEvent httpSessionBindingEvent) {
045    
046                    if (!_SESSION_VERIFY_SERIALIZABLE_ATTRIBUTE) {
047                            return;
048                    }
049    
050                    String name = httpSessionBindingEvent.getName();
051                    Object value = httpSessionBindingEvent.getValue();
052    
053                    if (value instanceof Serializable) {
054                            return;
055                    }
056    
057                    Class<?> clazz = value.getClass();
058    
059                    _log.error(
060                            clazz.getName() +
061                                    " is not serializable and will prevent this session from " +
062                                            "being replicated");
063    
064                    if (_requiresSerializable == null) {
065                            HttpSession session = httpSessionBindingEvent.getSession();
066    
067                            ServletContext servletContext = session.getServletContext();
068    
069                            _requiresSerializable = Boolean.valueOf(
070                                    GetterUtil.getBoolean(
071                                            servletContext.getInitParameter(
072                                                    "session-attributes-requires-serializable")));
073                    }
074    
075                    if (_requiresSerializable) {
076                            HttpSession session = httpSessionBindingEvent.getSession();
077    
078                            session.removeAttribute(name);
079                    }
080            }
081    
082            @Override
083            public void attributeRemoved(
084                    HttpSessionBindingEvent httpSessionBindingEvent) {
085            }
086    
087            @Override
088            public void attributeReplaced(
089                    HttpSessionBindingEvent httpSessionBindingEvent) {
090    
091                    attributeAdded(httpSessionBindingEvent);
092            }
093    
094            private static Log _log = LogFactoryUtil.getLog(
095                    SerializableSessionAttributeListener.class);
096    
097            private static boolean _SESSION_VERIFY_SERIALIZABLE_ATTRIBUTE;
098    
099            private Boolean _requiresSerializable;
100    
101    }