package org.craftercms.engine.util.spring.security;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.craftercms.engine.util.ConfigUtils;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;

/* loaded from: input_file:org/craftercms/engine/util/spring/security/ConfigAwareAuthenticationFailureHandler.class */
public class ConfigAwareAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
    public static final String LOGIN_FAILURE_URL_KEY = "security.login.failureUrl";
    protected String defaultFailureUrl;

    protected String determineFailureUrl() {
        HierarchicalConfiguration currentConfig = ConfigUtils.getCurrentConfig();
        return (currentConfig == null || !currentConfig.containsKey(LOGIN_FAILURE_URL_KEY)) ? this.defaultFailureUrl : currentConfig.getString(LOGIN_FAILURE_URL_KEY);
    }

    public void setDefaultFailureUrl(String str) {
        Assert.isTrue(UrlUtils.isValidRedirectUrl(str), "'" + str + "' is not a valid redirect URL");
        this.defaultFailureUrl = str;
    }

    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        String determineFailureUrl = determineFailureUrl();
        if (determineFailureUrl == null) {
            this.logger.debug("No failure URL set, sending 401 Unauthorized error");
            httpServletResponse.sendError(401, "Authentication Failed: " + authenticationException.getMessage());
            return;
        }
        saveException(httpServletRequest, authenticationException);
        if (isUseForward()) {
            this.logger.debug("Forwarding to " + determineFailureUrl);
            httpServletRequest.getRequestDispatcher(determineFailureUrl).forward(httpServletRequest, httpServletResponse);
        } else {
            this.logger.debug("Redirecting to " + determineFailureUrl);
            getRedirectStrategy().sendRedirect(httpServletRequest, httpServletResponse, determineFailureUrl);
        }
    }
}
