package com.jk.webstack.security.impl;

import com.jk.core.config.JKConfig;
import com.jk.core.logging.JKLogger;
import com.jk.core.logging.JKLoggerFactory;
import com.jk.webstack.security.NullAuthenticationProvider;
import com.jk.webstack.security.UserRole;
import com.jk.webstack.security.services.SecurityService;
import jakarta.servlet.ServletContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.firewall.DefaultHttpFirewall;
import org.springframework.security.web.firewall.HttpFirewall;

@EnableWebSecurity
@Configuration
/* loaded from: input_file:com/jk/webstack/security/impl/JKDefaultWebSecurityConfig.class */
public class JKDefaultWebSecurityConfig {

    @Autowired
    ServletContext context;
    JKLogger logger = JKLoggerFactory.getLogger(getClass());
    private boolean enabled = JKConfig.getDefaultInstance().getProperty("jk.security.enabled", "false").equals("true");
    private String[] publicUrls = JKConfig.get().getProperty("jk.web.security.public_url", "/services/**,/index.xhtml,/error/**,/login/**,/public/**,/resources/**,*.css,*.js,/jakarta.faces.resource/**,/javax.faces.resource/**,/util/**").split(",");

    @Bean
    public SecurityFilterChain configure(HttpSecurity httpSecurity) throws Exception {
        this.logger.debug(this.enabled ? "WebSecurity is Enabled" : "WebSecurity is Disabled", new Object[0]);
        if (this.enabled) {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeHttpRequests().requestMatchers(this.publicUrls)).permitAll().requestMatchers(new String[]{"/admin/**"})).hasAnyAuthority(new String[]{UserRole.ADMIN}).requestMatchers(new String[]{"/*/components/**"})).denyAll().anyRequest()).authenticated().and().formLogin().loginProcessingUrl("/login").loginPage("/login/index.xhtml").defaultSuccessUrl("/").failureUrl("/login/").permitAll().and().logout().logoutUrl("/logout").logoutSuccessUrl("/").deleteCookies(new String[]{"JSESSIONID"}).permitAll().and().exceptionHandling().accessDeniedPage("/error/403.xhtml");
        } else {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeHttpRequests().requestMatchers(new String[]{"**"})).permitAll();
        }
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        if (this.enabled) {
            authenticationManagerBuilder.authenticationProvider(authenticationProvider());
        }
    }

    @Bean
    public AuthenticationProvider authenticationProvider() {
        if (!this.enabled) {
            return new NullAuthenticationProvider();
        }
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setUserDetailsService(new SecurityService());
        daoAuthenticationProvider.setPasswordEncoder(encoder());
        return daoAuthenticationProvider;
    }

    @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public HttpFirewall defaultHttpFirewall() {
        return new DefaultHttpFirewall();
    }

    @Bean
    public ServletContext getServletContext() {
        return this.context;
    }
}
