001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.kernel.servlet;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.BasePortalLifecycle;
020    import com.liferay.portal.kernel.util.GetterUtil;
021    import com.liferay.portal.kernel.util.PropsKeys;
022    import com.liferay.portal.kernel.util.PropsUtil;
023    
024    import java.io.Serializable;
025    
026    import javax.servlet.ServletContext;
027    import javax.servlet.http.HttpSession;
028    import javax.servlet.http.HttpSessionAttributeListener;
029    import javax.servlet.http.HttpSessionBindingEvent;
030    
031    /**
032     * @author Bruno Farache
033     */
034    public class SerializableSessionAttributeListener
035            extends BasePortalLifecycle implements HttpSessionAttributeListener {
036    
037            @Override
038            public void attributeAdded(
039                    HttpSessionBindingEvent httpSessionBindingEvent) {
040    
041                    if (!_sessionVerifySerializableAttribute) {
042                            return;
043                    }
044    
045                    String name = httpSessionBindingEvent.getName();
046                    Object value = httpSessionBindingEvent.getValue();
047    
048                    if (value instanceof Serializable) {
049                            return;
050                    }
051    
052                    Class<?> clazz = value.getClass();
053    
054                    _log.error(
055                            clazz.getName() +
056                                    " is not serializable and will prevent this session from " +
057                                            "being replicated");
058    
059                    if (_requiresSerializable == null) {
060                            HttpSession session = httpSessionBindingEvent.getSession();
061    
062                            ServletContext servletContext = session.getServletContext();
063    
064                            _requiresSerializable = Boolean.valueOf(
065                                    GetterUtil.getBoolean(
066                                            servletContext.getInitParameter(
067                                                    "session-attributes-requires-serializable")));
068                    }
069    
070                    if (_requiresSerializable) {
071                            HttpSession session = httpSessionBindingEvent.getSession();
072    
073                            session.removeAttribute(name);
074                    }
075            }
076    
077            @Override
078            public void attributeRemoved(
079                    HttpSessionBindingEvent httpSessionBindingEvent) {
080            }
081    
082            @Override
083            public void attributeReplaced(
084                    HttpSessionBindingEvent httpSessionBindingEvent) {
085    
086                    attributeAdded(httpSessionBindingEvent);
087            }
088    
089            @Override
090            protected void doPortalDestroy() throws Exception {
091            }
092    
093            @Override
094            protected void doPortalInit() throws Exception {
095                    _sessionVerifySerializableAttribute = GetterUtil.getBoolean(
096                            PropsUtil.get(PropsKeys.SESSION_VERIFY_SERIALIZABLE_ATTRIBUTE),
097                            true);
098            }
099    
100            private static Log _log = LogFactoryUtil.getLog(
101                    SerializableSessionAttributeListener.class);
102    
103            private Boolean _requiresSerializable;
104            private boolean _sessionVerifySerializableAttribute;
105    
106    }