package psiprobe;

import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.security.NoTypePermission;
import com.thoughtworks.xstream.security.NullPermission;
import com.thoughtworks.xstream.security.PrimitiveTypePermission;
import java.util.ArrayList;
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.TreeMap;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService;
import org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource;
import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:WEB-INF/lib/psi-probe-core-5.1.2-SNAPSHOT.jar:psiprobe/ProbeSecurityConfig.class */
public class ProbeSecurityConfig {
    @Bean(name = {"filterChainProxy"})
    public FilterChainProxy getFilterChainProxy() {
        return new FilterChainProxy(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/**"), getSecurityContextPersistenceFilter(), getJ2eePreAuthenticatedProcessingFilter(), getLogoutFilter(), getExceptionTranslationFilter(), getFilterSecurityInterceptor()));
    }

    @Bean(name = {"authenticationManager"})
    public ProviderManager getProviderManager() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(getPreAuthenticatedAuthenticationProvider());
        return new ProviderManager(arrayList);
    }

    @Bean(name = {"securityContextPersistenceFilter"})
    public SecurityContextPersistenceFilter getSecurityContextPersistenceFilter() {
        return new SecurityContextPersistenceFilter();
    }

    @Bean(name = {"preAuthenticatedAuthenticationProvider"})
    public PreAuthenticatedAuthenticationProvider getPreAuthenticatedAuthenticationProvider() {
        PreAuthenticatedAuthenticationProvider preAuthenticatedAuthenticationProvider = new PreAuthenticatedAuthenticationProvider();
        preAuthenticatedAuthenticationProvider.setPreAuthenticatedUserDetailsService(getPreAuthenticatedGrantedAuthoritiesUserDetailsService());
        return preAuthenticatedAuthenticationProvider;
    }

    @Bean(name = {"preAuthenticatedGrantedAuthoritiesUserDetailsService"})
    public PreAuthenticatedGrantedAuthoritiesUserDetailsService getPreAuthenticatedGrantedAuthoritiesUserDetailsService() {
        return new PreAuthenticatedGrantedAuthoritiesUserDetailsService();
    }

    @Bean(name = {"j2eePreAuthenticatedProcessingFilter"})
    public J2eePreAuthenticatedProcessingFilter getJ2eePreAuthenticatedProcessingFilter() {
        J2eePreAuthenticatedProcessingFilter j2eePreAuthenticatedProcessingFilter = new J2eePreAuthenticatedProcessingFilter();
        j2eePreAuthenticatedProcessingFilter.setAuthenticationManager(getProviderManager());
        j2eePreAuthenticatedProcessingFilter.setAuthenticationDetailsSource(getJ2eeBasedPreAuthenticatedWebAuthenticationDetailsSource());
        return j2eePreAuthenticatedProcessingFilter;
    }

    @Bean(name = {"http403ForbiddenEntryPoint"})
    public Http403ForbiddenEntryPoint getHttp403ForbiddenEntryPoint() {
        return new Http403ForbiddenEntryPoint();
    }

    @Bean(name = {"logoutFilter"})
    public LogoutFilter getLogoutFilter() {
        return new LogoutFilter("/", getSecurityContextLogoutHandler());
    }

    @Bean(name = {"securityContextLogoutHandler"})
    public SecurityContextLogoutHandler getSecurityContextLogoutHandler() {
        return new SecurityContextLogoutHandler();
    }

    @Bean(name = {"j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource"})
    public J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource getJ2eeBasedPreAuthenticatedWebAuthenticationDetailsSource() {
        J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource = new J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource();
        j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.setMappableRolesRetriever(getWebXmlMappableAttributesRetriever());
        j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.setUserRoles2GrantedAuthoritiesMapper(getSimpleAttributes2GrantedAuthoritiesMapper());
        return j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource;
    }

    @Bean(name = {"simpleAttributes2GrantedAuthoritiesMapper"})
    public SimpleAttributes2GrantedAuthoritiesMapper getSimpleAttributes2GrantedAuthoritiesMapper() {
        SimpleAttributes2GrantedAuthoritiesMapper simpleAttributes2GrantedAuthoritiesMapper = new SimpleAttributes2GrantedAuthoritiesMapper();
        simpleAttributes2GrantedAuthoritiesMapper.setConvertAttributeToUpperCase(true);
        return simpleAttributes2GrantedAuthoritiesMapper;
    }

    @Bean(name = {"webXmlMappableAttributesRetriever"})
    public WebXmlMappableAttributesRetriever getWebXmlMappableAttributesRetriever() {
        return new WebXmlMappableAttributesRetriever();
    }

    @Bean(name = {"exceptionTranslationFilter"})
    public ExceptionTranslationFilter getExceptionTranslationFilter() {
        return new ExceptionTranslationFilter(getHttp403ForbiddenEntryPoint());
    }

    @Bean(name = {"affirmativeBased"})
    public AffirmativeBased getAffirmativeBased() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(getRoleVoter());
        AffirmativeBased affirmativeBased = new AffirmativeBased(arrayList);
        affirmativeBased.setAllowIfAllAbstainDecisions(false);
        return affirmativeBased;
    }

    @Bean(name = {"filterSecurityInterceptor"})
    public FilterSecurityInterceptor getFilterSecurityInterceptor() {
        FilterSecurityInterceptor filterSecurityInterceptor = new FilterSecurityInterceptor();
        filterSecurityInterceptor.setAuthenticationManager(getProviderManager());
        filterSecurityInterceptor.setAccessDecisionManager(getAffirmativeBased());
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(new AntPathRequestMatcher("/adm/**"), SecurityConfig.createListFromCommaDelimitedString("ROLE_MANAGER,ROLE_MANAGER-GUI"));
        linkedHashMap.put(new AntPathRequestMatcher("/adm/restartvm.ajax"), SecurityConfig.createListFromCommaDelimitedString("ROLE_POWERUSERPLUS,ROLE_MANAGER,ROLE_MANAGER-GUI"));
        linkedHashMap.put(new AntPathRequestMatcher("/sql/**"), SecurityConfig.createListFromCommaDelimitedString("ROLE_POWERUSERPLUS,ROLE_MANAGER,ROLE_MANAGER-GUI"));
        linkedHashMap.put(new AntPathRequestMatcher("/app/**"), SecurityConfig.createListFromCommaDelimitedString("ROLE_POWERUSER,ROLE_POWERUSERPLUS,ROLE_MANAGER,ROLE_MANAGER-GUI"));
        linkedHashMap.put(new AntPathRequestMatcher("/**"), SecurityConfig.createListFromCommaDelimitedString("ROLE_PROBEUSER,ROLE_POWERUSER,ROLE_POWERUSERPLUS,ROLE_MANAGER,ROLE_MANAGER-GUI"));
        filterSecurityInterceptor.setSecurityMetadataSource(new DefaultFilterInvocationSecurityMetadataSource(linkedHashMap));
        return filterSecurityInterceptor;
    }

    @Bean(name = {"roleVoter"})
    public RoleVoter getRoleVoter() {
        return new RoleVoter();
    }

    @Bean(name = {"securityContextHolderAwareRequestFilter"})
    public SecurityContextHolderAwareRequestFilter getSecurityContextHolderAwareRequestFilter() {
        return new SecurityContextHolderAwareRequestFilter();
    }

    @Bean(name = {"httpSessionRequestCache"})
    public HttpSessionRequestCache getHttpSessionRequestCache() {
        HttpSessionRequestCache httpSessionRequestCache = new HttpSessionRequestCache();
        httpSessionRequestCache.setCreateSessionAllowed(false);
        return httpSessionRequestCache;
    }

    @Bean(name = {"xstream"})
    public XStream getXstream() {
        XStream xStream = new XStream();
        xStream.addPermission(NoTypePermission.NONE);
        xStream.addPermission(NullPermission.NULL);
        xStream.addPermission(PrimitiveTypePermission.PRIMITIVES);
        xStream.allowTypeHierarchy(Collection.class);
        xStream.allowTypeHierarchy(String.class);
        xStream.allowTypeHierarchy(TreeMap.class);
        xStream.allowTypesByWildcard(new String[]{"org.jfree.data.xy.**", "psiprobe.controllers.**", "psiprobe.model.**", "psiprobe.model.stats.**"});
        return xStream;
    }
}
