001
014
015 package com.liferay.portal.kernel.servlet;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.util.BasePortalLifecycle;
020 import com.liferay.portal.kernel.util.GetterUtil;
021 import com.liferay.portal.kernel.util.PropsKeys;
022 import com.liferay.portal.kernel.util.PropsUtil;
023
024 import java.io.Serializable;
025
026 import javax.servlet.ServletContext;
027 import javax.servlet.http.HttpSession;
028 import javax.servlet.http.HttpSessionAttributeListener;
029 import javax.servlet.http.HttpSessionBindingEvent;
030
031
034 public class SerializableSessionAttributeListener
035 extends BasePortalLifecycle implements HttpSessionAttributeListener {
036
037 @Override
038 public void attributeAdded(
039 HttpSessionBindingEvent httpSessionBindingEvent) {
040
041 if (!_sessionVerifySerializableAttribute) {
042 return;
043 }
044
045 String name = httpSessionBindingEvent.getName();
046 Object value = httpSessionBindingEvent.getValue();
047
048 if (value instanceof Serializable) {
049 return;
050 }
051
052 Class<?> clazz = value.getClass();
053
054 _log.error(
055 clazz.getName() +
056 " is not serializable and will prevent this session from " +
057 "being replicated");
058
059 if (_requiresSerializable == null) {
060 HttpSession session = httpSessionBindingEvent.getSession();
061
062 ServletContext servletContext = session.getServletContext();
063
064 _requiresSerializable = Boolean.valueOf(
065 GetterUtil.getBoolean(
066 servletContext.getInitParameter(
067 "session-attributes-requires-serializable")));
068 }
069
070 if (_requiresSerializable) {
071 HttpSession session = httpSessionBindingEvent.getSession();
072
073 session.removeAttribute(name);
074 }
075 }
076
077 @Override
078 public void attributeRemoved(
079 HttpSessionBindingEvent httpSessionBindingEvent) {
080 }
081
082 @Override
083 public void attributeReplaced(
084 HttpSessionBindingEvent httpSessionBindingEvent) {
085
086 attributeAdded(httpSessionBindingEvent);
087 }
088
089 @Override
090 protected void doPortalDestroy() throws Exception {
091 }
092
093 @Override
094 protected void doPortalInit() throws Exception {
095 _sessionVerifySerializableAttribute = GetterUtil.getBoolean(
096 PropsUtil.get(PropsKeys.SESSION_VERIFY_SERIALIZABLE_ATTRIBUTE),
097 true);
098 }
099
100 private static Log _log = LogFactoryUtil.getLog(
101 SerializableSessionAttributeListener.class);
102
103 private Boolean _requiresSerializable;
104 private boolean _sessionVerifySerializableAttribute;
105
106 }