package org.craftercms.studio.impl.v2.security.authentication.token;

import jakarta.servlet.http.HttpServletRequest;
import java.beans.ConstructorProperties;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.studio.api.v2.service.security.AccessTokenService;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.context.NullSecurityContextRepository;

/* loaded from: input_file:org/craftercms/studio/impl/v2/security/authentication/token/AccessTokenAuthenticationFilter.class */
public class AccessTokenAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
    public static final String TOKEN_PREFIX = "Bearer ";
    protected AccessTokenService accessTokenService;

    @ConstructorProperties({"accessTokenService"})
    public AccessTokenAuthenticationFilter(AccessTokenService accessTokenService) {
        this.accessTokenService = accessTokenService;
        setSecurityContextRepository(new NullSecurityContextRepository());
    }

    protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (StringUtils.isEmpty(header) || !StringUtils.startsWithIgnoreCase(header, TOKEN_PREFIX)) {
            return null;
        }
        return this.accessTokenService.getUsername(StringUtils.removeStartIgnoreCase(header, TOKEN_PREFIX));
    }

    protected Object getPreAuthenticatedCredentials(HttpServletRequest httpServletRequest) {
        return "N/A";
    }
}
