package com.manydesigns.portofino.shiro;

import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
import java.io.Serializable;
import java.security.Principal;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.PathMatchingFilter;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/portofino-pageactions-4.2.13-SNAPSHOT.jar:com/manydesigns/portofino/shiro/ServletContainerSecurityFilter.class */
public class ServletContainerSecurityFilter extends PathMatchingFilter {
    public static final String copyright = "Copyright (C) 2005-2025 ManyDesigns srl";
    public static final Logger logger = LoggerFactory.getLogger((Class<?>) ServletContainerSecurityFilter.class);

    @Override // org.apache.shiro.web.filter.PathMatchingFilter
    protected boolean onPreHandle(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        Subject subject = SecurityUtils.getSubject();
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        boolean isAuthenticated = subject.isAuthenticated();
        Principal containerPrincipal = getContainerPrincipal(httpServletRequest);
        boolean z = containerPrincipal != null;
        logger.debug("User authenticated by Shiro? {} User authenticated by the container? {}", Boolean.valueOf(isAuthenticated), Boolean.valueOf(z));
        if (isAuthenticated || !z) {
            if (!isAuthenticated || z) {
                return true;
            }
            logger.debug("User is authenticated to Shiro, but not to the servlet container; logging out of Shiro.");
            Serializable userId = ShiroUtils.getUserId(SecurityUtils.getSubject());
            subject.logout();
            logger.info("User {} logout", userId);
            return true;
        }
        logger.debug("User is known to the servlet container, but not to Shiro, attempting programmatic login");
        try {
            subject.login(new ServletContainerToken(httpServletRequest));
            logger.info("User {} login", ShiroUtils.getUserId(SecurityUtils.getSubject()));
            return true;
        } catch (AuthenticationException e) {
            HttpSession session = httpServletRequest.getSession(false);
            String str = ServletContainerSecurityFilter.class.getName() + ".shiroLoginFailedErrorLogged";
            String str2 = "User " + containerPrincipal + " is known to the servlet container, but not to Shiro, and programmatic login failed!";
            if (session == null || session.getAttribute(str) == null) {
                logger.error(str2, (Throwable) e);
            } else {
                logger.debug(str2, (Throwable) e);
            }
            if (session == null) {
                return true;
            }
            session.setAttribute(str, true);
            return true;
        }
    }

    protected Principal getContainerPrincipal(HttpServletRequest httpServletRequest) {
        if (httpServletRequest instanceof ShiroHttpServletRequest) {
            HttpServletRequest request = ((ShiroHttpServletRequest) httpServletRequest).getRequest();
            if (request instanceof HttpServletRequest) {
                return request.getUserPrincipal();
            }
        }
        return httpServletRequest.getUserPrincipal();
    }
}
