package org.onetwo.ext.security.method;

import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.onetwo.common.utils.LangUtils;
import org.onetwo.ext.security.ajax.AjaxAuthenticationHandler;
import org.onetwo.ext.security.ajax.AjaxLogoutSuccessHandler;
import org.onetwo.ext.security.ajax.AjaxSupportedAccessDeniedHandler;
import org.onetwo.ext.security.ajax.AjaxSupportedAuthenticationEntryPoint;
import org.onetwo.ext.security.matcher.MatcherUtils;
import org.onetwo.ext.security.utils.IgnoreCsrfProtectionRequestUrlMatcher;
import org.onetwo.ext.security.utils.SecurityConfig;
import org.onetwo.ext.security.utils.SimpleThrowableAnalyzer;
import org.springframework.beans.PropertyAccessorFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer;
import org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
import org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer;
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer;
import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.cors.CorsUtils;

/* loaded from: input_file:org/onetwo/ext/security/method/DefaultMethodSecurityConfigurer.class */
public class DefaultMethodSecurityConfigurer extends WebSecurityConfigurerAdapter {

    @Autowired
    private AjaxAuthenticationHandler ajaxAuthenticationHandler;

    @Autowired
    private AjaxSupportedAccessDeniedHandler ajaxSupportedAccessDeniedHandler;

    @Autowired(required = false)
    private AjaxSupportedAuthenticationEntryPoint authenticationEntryPoint;

    @Autowired(required = false)
    private AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired(required = false)
    private UserDetailsService userDetailsService;

    @Autowired
    protected SecurityConfig securityConfig;

    @Autowired(required = false)
    private SecurityContextRepository securityContextRepository;

    @Autowired(required = false)
    private LogoutSuccessHandler logoutSuccessHandler;

    public void configure(WebSecurity webSecurity) throws Exception {
        if (this.securityConfig.isIgnoringDefautStaticPaths()) {
            webSecurity.ignoring().antMatchers(new String[]{"/webjars/**", "/images/**", "/static/**"});
        }
        if (!LangUtils.isEmpty(this.securityConfig.getIgnoringUrls())) {
            webSecurity.ignoring().antMatchers(this.securityConfig.getIgnoringUrls());
        }
        webSecurity.debug(this.securityConfig.isDebug());
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        if (this.userDetailsService != null) {
            authenticationManagerBuilder.userDetailsService(this.userDetailsService).passwordEncoder(this.passwordEncoder);
            return;
        }
        InMemoryUserDetailsManagerConfigurer inMemoryAuthentication = authenticationManagerBuilder.inMemoryAuthentication();
        this.securityConfig.getMemoryUsers().forEach((str, memoryUser) -> {
            UserDetailsManagerConfigurer.UserDetailsBuilder password = inMemoryAuthentication.withUser(str).password(memoryUser.getPassword());
            if (!LangUtils.isEmpty(memoryUser.getRoles())) {
                password.roles(memoryUser.getRoles());
            }
            if (LangUtils.isEmpty(memoryUser.getAuthorities())) {
                return;
            }
            password.authorities(memoryUser.getAuthorities());
        });
        inMemoryAuthentication.passwordEncoder(this.passwordEncoder);
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeRequests().withObjectPostProcessor(new ObjectPostProcessor<MethodSecurityInterceptor>() { // from class: org.onetwo.ext.security.method.DefaultMethodSecurityConfigurer.1
            public <O extends MethodSecurityInterceptor> O postProcess(O o) {
                o.setRejectPublicInvocations(DefaultMethodSecurityConfigurer.this.securityConfig.isRejectPublicInvocations());
                o.setValidateConfigAttributes(DefaultMethodSecurityConfigurer.this.securityConfig.isValidateConfigAttributes());
                return o;
            }
        });
        configureAnyRequest(httpSecurity);
        defaultConfigure(httpSecurity);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void configureAnyRequest(HttpSecurity httpSecurity) throws Exception {
        defaultAnyRequest(httpSecurity, this.securityConfig.getAnyRequest());
    }

    public static void defaultAnyRequest(HttpSecurity httpSecurity, String str) throws Exception {
        if (StringUtils.isBlank(str)) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).authenticated();
        } else {
            if (SecurityConfig.ANY_REQUEST_NONE.equals(str)) {
                return;
            }
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).access(str);
        }
    }

    protected void configureCsrf(HttpSecurity httpSecurity) throws Exception {
        CsrfConfigurer csrf = httpSecurity.csrf();
        if (this.securityConfig.getCsrf().isDisable()) {
            csrf.disable();
            httpSecurity.headers().frameOptions().disable();
            return;
        }
        if (ArrayUtils.isNotEmpty(this.securityConfig.getCsrf().getIgnoringPaths())) {
            csrf.ignoringAntMatchers(this.securityConfig.getCsrf().getIgnoringPaths());
        }
        if (ArrayUtils.isNotEmpty(this.securityConfig.getCsrf().getRequirePaths())) {
            csrf.requireCsrfProtectionMatcher(MatcherUtils.matchAntPaths(this.securityConfig.getCsrf().getRequirePaths()));
        } else {
            csrf.requireCsrfProtectionMatcher(IgnoreCsrfProtectionRequestUrlMatcher.ignoreUrls("/login*"));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void defaultConfigure(HttpSecurity httpSecurity) throws Exception {
        if (this.securityContextRepository != null) {
            httpSecurity.securityContext().securityContextRepository(this.securityContextRepository);
        }
        if (this.logoutSuccessHandler != null) {
            httpSecurity.logout().logoutSuccessHandler(this.logoutSuccessHandler);
        }
        FormLoginConfigurer formLogin = httpSecurity.formLogin();
        if (StringUtils.isNotBlank(this.securityConfig.getDefaultLoginPage())) {
            httpSecurity.getConfigurer(DefaultLoginPageConfigurer.class).withObjectPostProcessor(new ObjectPostProcessor<DefaultLoginPageGeneratingFilter>() { // from class: org.onetwo.ext.security.method.DefaultMethodSecurityConfigurer.2
                public <O extends DefaultLoginPageGeneratingFilter> O postProcess(O o) {
                    o.setLoginPageUrl(DefaultMethodSecurityConfigurer.this.securityConfig.getDefaultLoginPage());
                    o.setLogoutSuccessUrl(DefaultMethodSecurityConfigurer.this.securityConfig.getLogoutSuccessUrl());
                    o.setFailureUrl(DefaultMethodSecurityConfigurer.this.securityConfig.getFailureUrl());
                    return o;
                }
            });
            httpSecurity.getConfigurer(ExceptionHandlingConfigurer.class).withObjectPostProcessor(new ObjectPostProcessor<ExceptionTranslationFilter>() { // from class: org.onetwo.ext.security.method.DefaultMethodSecurityConfigurer.3
                public <O extends ExceptionTranslationFilter> O postProcess(O o) {
                    PropertyAccessorFactory.forDirectFieldAccess(o).setPropertyValue("authenticationEntryPoint", DefaultMethodSecurityConfigurer.this.authenticationEntryPoint);
                    if (DefaultMethodSecurityConfigurer.this.securityConfig.isDebug()) {
                        o.setThrowableAnalyzer(new SimpleThrowableAnalyzer());
                    }
                    return o;
                }
            });
        } else {
            formLogin.loginPage(this.securityConfig.getLoginUrl()).permitAll();
            httpSecurity.exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint);
        }
        formLogin.loginProcessingUrl(this.securityConfig.getLoginProcessUrl()).permitAll().usernameParameter("username").passwordParameter("password").failureUrl(this.securityConfig.getFailureUrl()).failureHandler(this.ajaxAuthenticationHandler).successHandler(this.ajaxAuthenticationHandler);
        LogoutConfigurer permitAll = httpSecurity.logout().logoutRequestMatcher(new AntPathRequestMatcher(this.securityConfig.getLogoutUrl())).logoutSuccessUrl(this.securityConfig.getLogoutSuccessUrl()).permitAll();
        if (this.ajaxLogoutSuccessHandler != null) {
            permitAll.logoutSuccessHandler(this.ajaxLogoutSuccessHandler);
        }
        if (this.securityConfig.getHttpBasic().isEnable()) {
            httpSecurity.httpBasic();
        } else {
            httpSecurity.httpBasic().disable();
        }
        httpSecurity.headers().frameOptions().sameOrigin().xssProtection().xssProtectionEnabled(true).and().and().exceptionHandling().accessDeniedHandler(this.ajaxSupportedAccessDeniedHandler);
        if (this.securityConfig.getRememberMe().isEnabled()) {
            httpSecurity.rememberMe().tokenValiditySeconds(this.securityConfig.getRememberMe().getTokenValiditySeconds()).key(this.securityConfig.getRememberMe().getKey());
        }
        configureCsrf(httpSecurity);
        configureCors(httpSecurity);
    }

    protected void configureCors(HttpSecurity httpSecurity) throws Exception {
        if (this.securityConfig.getCors().isDisable()) {
            httpSecurity.cors().disable();
        }
        if (this.securityConfig.getCors().isPermitAllPreFlightRequest()) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().requestMatchers(new RequestMatcher[]{httpServletRequest -> {
                return CorsUtils.isPreFlightRequest(httpServletRequest);
            }})).permitAll();
        }
    }

    public AjaxAuthenticationHandler getAjaxAuthenticationHandler() {
        return this.ajaxAuthenticationHandler;
    }

    public AjaxSupportedAccessDeniedHandler getAjaxSupportedAccessDeniedHandler() {
        return this.ajaxSupportedAccessDeniedHandler;
    }

    public PasswordEncoder getPasswordEncoder() {
        return this.passwordEncoder;
    }

    public UserDetailsService getUserDetailsService() {
        return this.userDetailsService;
    }

    public SecurityConfig getSecurityConfig() {
        return this.securityConfig;
    }
}
