001
014
015 package com.liferay.portal.kernel.servlet;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.kernel.util.PropsKeys;
021 import com.liferay.portal.kernel.util.PropsUtil;
022
023 import java.io.Serializable;
024
025 import javax.servlet.ServletContext;
026 import javax.servlet.http.HttpSession;
027 import javax.servlet.http.HttpSessionAttributeListener;
028 import javax.servlet.http.HttpSessionBindingEvent;
029
030
033 public class SerializableSessionAttributeListener
034 implements HttpSessionAttributeListener {
035
036 public static void initialize() {
037 _SESSION_VERIFY_SERIALIZABLE_ATTRIBUTE = GetterUtil.getBoolean(
038 PropsUtil.get(PropsKeys.SESSION_VERIFY_SERIALIZABLE_ATTRIBUTE),
039 true);
040 }
041
042 @Override
043 public void attributeAdded(
044 HttpSessionBindingEvent httpSessionBindingEvent) {
045
046 if (!_SESSION_VERIFY_SERIALIZABLE_ATTRIBUTE) {
047 return;
048 }
049
050 String name = httpSessionBindingEvent.getName();
051 Object value = httpSessionBindingEvent.getValue();
052
053 if (value instanceof Serializable) {
054 return;
055 }
056
057 Class<?> clazz = value.getClass();
058
059 _log.error(
060 clazz.getName() +
061 " is not serializable and will prevent this session from " +
062 "being replicated");
063
064 if (_requiresSerializable == null) {
065 HttpSession session = httpSessionBindingEvent.getSession();
066
067 ServletContext servletContext = session.getServletContext();
068
069 _requiresSerializable = Boolean.valueOf(
070 GetterUtil.getBoolean(
071 servletContext.getInitParameter(
072 "session-attributes-requires-serializable")));
073 }
074
075 if (_requiresSerializable) {
076 HttpSession session = httpSessionBindingEvent.getSession();
077
078 session.removeAttribute(name);
079 }
080 }
081
082 @Override
083 public void attributeRemoved(
084 HttpSessionBindingEvent httpSessionBindingEvent) {
085 }
086
087 @Override
088 public void attributeReplaced(
089 HttpSessionBindingEvent httpSessionBindingEvent) {
090
091 attributeAdded(httpSessionBindingEvent);
092 }
093
094 private static Log _log = LogFactoryUtil.getLog(
095 SerializableSessionAttributeListener.class);
096
097 private static boolean _SESSION_VERIFY_SERIALIZABLE_ATTRIBUTE;
098
099 private Boolean _requiresSerializable;
100
101 }