001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.kernel.servlet;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.BasePortalLifecycle;
020    import com.liferay.portal.kernel.util.GetterUtil;
021    import com.liferay.portal.kernel.util.PropsKeys;
022    import com.liferay.portal.kernel.util.PropsUtil;
023    
024    import java.io.Serializable;
025    
026    import javax.servlet.ServletContext;
027    import javax.servlet.http.HttpSession;
028    import javax.servlet.http.HttpSessionAttributeListener;
029    import javax.servlet.http.HttpSessionBindingEvent;
030    
031    /**
032     * @author Bruno Farache
033     */
034    public class SerializableSessionAttributeListener
035            extends BasePortalLifecycle implements HttpSessionAttributeListener {
036    
037            public void attributeAdded(HttpSessionBindingEvent event) {
038                    if (!_sessionVerifySerializableAttribute) {
039                            return;
040                    }
041    
042                    String name = event.getName();
043                    Object value = event.getValue();
044    
045                    if (!(value instanceof Serializable)) {
046                            _log.error(
047                                    value.getClass().getName() +
048                                            " is not serializable and will prevent this session from " +
049                                                    "being replicated");
050    
051                            if (_requiresSerializable == null) {
052                                    HttpSession session = event.getSession();
053    
054                                    ServletContext servletContext = session.getServletContext();
055    
056                                    _requiresSerializable = Boolean.valueOf(
057                                            GetterUtil.getBoolean(
058                                                    servletContext.getInitParameter(
059                                                            "session-attributes-requires-serializable")));
060                            }
061    
062                            if (_requiresSerializable) {
063                                    HttpSession session = event.getSession();
064    
065                                    session.removeAttribute(name);
066                            }
067                    }
068            }
069    
070            public void attributeRemoved(HttpSessionBindingEvent event) {
071            }
072    
073            public void attributeReplaced(HttpSessionBindingEvent event) {
074                    attributeAdded(event);
075            }
076    
077            @Override
078            protected void doPortalDestroy() throws Exception {
079            }
080    
081            @Override
082            protected void doPortalInit() throws Exception {
083                    _sessionVerifySerializableAttribute = GetterUtil.getBoolean(
084                            PropsUtil.get(PropsKeys.SESSION_VERIFY_SERIALIZABLE_ATTRIBUTE),
085                            true);
086            }
087    
088            private static Log _log = LogFactoryUtil.getLog(
089                    SerializableSessionAttributeListener.class);
090    
091            private Boolean _requiresSerializable;
092            private boolean _sessionVerifySerializableAttribute;
093    
094    }