package org.onetwo.ext.security.url;

import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.ArrayUtils;
import org.onetwo.common.exception.BaseException;
import org.onetwo.common.utils.LangUtils;
import org.onetwo.ext.security.metadata.SecurityMetadataSourceBuilder;
import org.onetwo.ext.security.method.DefaultMethodSecurityConfigurer;
import org.onetwo.ext.security.utils.SecurityConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;

/* loaded from: input_file:org/onetwo/ext/security/url/DefaultUrlSecurityConfigurer.class */
public class DefaultUrlSecurityConfigurer extends DefaultMethodSecurityConfigurer {

    @Autowired(required = false)
    private SecurityMetadataSourceBuilder securityMetadataSourceBuilder;
    private AccessDecisionManager accessDecisionManager;

    @Autowired(required = false)
    private List<AuthenticationProvider> authenticationProviders;

    public DefaultUrlSecurityConfigurer(AccessDecisionManager accessDecisionManager) {
        this.accessDecisionManager = accessDecisionManager;
    }

    @Override // org.onetwo.ext.security.method.DefaultMethodSecurityConfigurer
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        if (LangUtils.isNotEmpty(this.authenticationProviders)) {
            this.authenticationProviders.forEach(authenticationProvider -> {
                httpSecurity.authenticationProvider(authenticationProvider);
            });
        }
        httpSecurity.authorizeRequests().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() { // from class: org.onetwo.ext.security.url.DefaultUrlSecurityConfigurer.1
            public <O extends FilterSecurityInterceptor> O postProcess(O o) {
                o.setRejectPublicInvocations(DefaultUrlSecurityConfigurer.this.securityConfig.isRejectPublicInvocations());
                o.setValidateConfigAttributes(DefaultUrlSecurityConfigurer.this.securityConfig.isValidateConfigAttributes());
                if (DefaultUrlSecurityConfigurer.this.securityMetadataSourceBuilder != null) {
                    DefaultUrlSecurityConfigurer.this.securityMetadataSourceBuilder.setFilterSecurityInterceptor(o);
                    DefaultUrlSecurityConfigurer.this.securityMetadataSourceBuilder.buildSecurityMetadataSource();
                }
                return o;
            }
        });
        if (this.securityConfig.isCheckAnyUrlpermitAll()) {
            for (Map.Entry<String[], String> entry : this.securityConfig.getIntercepterUrls().entrySet()) {
                if (ArrayUtils.contains(entry.getKey(), "/**") && ("permitAll".equals(entry.getValue()) || "authenticated".equals(entry.getValue()))) {
                    throw new BaseException("do not config /** -> permitAll or authenticated, it's very danger!");
                }
            }
        }
        configIntercepterUrls(httpSecurity, this.securityConfig.getIntercepterUrls(), this.securityConfig.getIntercepters());
        configureAnyRequest(httpSecurity);
        webConfigure(httpSecurity);
        defaultConfigure(httpSecurity);
    }

    public static void configIntercepterUrls(HttpSecurity httpSecurity, Map<String[], String> map, List<SecurityConfig.InterceptersConfig> list) throws Exception {
        if (LangUtils.isNotEmpty(map)) {
            for (Map.Entry<String[], String> entry : map.entrySet()) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(entry.getKey())).access(entry.getValue());
            }
        }
        if (LangUtils.isNotEmpty(list)) {
            for (SecurityConfig.InterceptersConfig interceptersConfig : list) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(interceptersConfig.getPathPatterns())).access(interceptersConfig.getAccess());
            }
        }
    }

    protected void webConfigure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeRequests().accessDecisionManager(this.accessDecisionManager);
    }
}
