package org.onetwo.ext.security.ajax;

import com.google.common.base.Charsets;
import java.io.IOException;
import java.net.URLEncoder;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.onetwo.common.jackson.JsonMapper;
import org.onetwo.common.spring.mvc.utils.DataResults;
import org.onetwo.common.web.utils.RequestUtils;
import org.onetwo.common.web.utils.ResponseUtils;
import org.onetwo.common.web.utils.WebUtils;
import org.onetwo.ext.permission.utils.UrlResourceInfoParser;
import org.onetwo.ext.security.SecurityExceptionMessager;
import org.onetwo.ext.security.utils.SecurityConfig;
import org.onetwo.ext.security.utils.SecurityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;

/* loaded from: input_file:org/onetwo/ext/security/ajax/AjaxSupportedAccessDeniedHandler.class */
public class AjaxSupportedAccessDeniedHandler implements AccessDeniedHandler, InitializingBean {
    protected String redirectErrorUrl;
    protected String errorPage;

    @Autowired(required = false)
    private SecurityExceptionMessager securityExceptionMessager;

    @Autowired
    private SecurityConfig securityConfig;
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    protected JsonMapper mapper = JsonMapper.IGNORE_NULL;
    protected AccessDeniedHandler delegateAccessDeniedHandler = new AccessDeniedHandlerImpl();

    public void afterPropertiesSet() throws Exception {
        AccessDeniedHandlerImpl accessDeniedHandlerImpl = new AccessDeniedHandlerImpl();
        accessDeniedHandlerImpl.setErrorPage(this.errorPage);
        this.delegateAccessDeniedHandler = accessDeniedHandlerImpl;
    }

    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        String str = httpServletRequest.getMethod() + UrlResourceInfoParser.METHOD_URL_SPILITOR + httpServletRequest.getRequestURI();
        String errorMessage = getErrorMessage(accessDeniedException);
        this.logger.info("[{}] AccessDenied: {}. Enable [jfish.security.]logSecurityError to see more error detail.", str, errorMessage);
        if (this.securityConfig.isLogSecurityError()) {
            this.logger.error("security access denied. ", accessDeniedException);
        }
        if (RequestUtils.isAjaxRequest(httpServletRequest)) {
            String json = this.mapper.toJson(WebUtils.buildErrorCode(DataResults.error(errorMessage + ", at " + httpServletRequest.getRequestURI()).code(SecurityUtils.SecurityErrors.ACCESS_DENIED).data(str), httpServletRequest, accessDeniedException).build());
            if (this.securityConfig.isLogSecurityError()) {
                this.logger.info("[{}] AccessDenied, render json: {}", str, json);
            }
            ResponseUtils.render(httpServletResponse, json, "application/json; charset=UTF-8", true);
            return;
        }
        if (httpServletResponse.isCommitted() || !StringUtils.isNotBlank(this.redirectErrorUrl)) {
            ResponseUtils.renderHtml(httpServletResponse, accessDeniedException.getMessage() + ": 无权访问 " + (httpServletRequest.getMethod() + UrlResourceInfoParser.METHOD_URL_SPILITOR + httpServletRequest.getRequestURI()));
            return;
        }
        String str2 = this.redirectErrorUrl;
        String str3 = ((str2.contains("?") ? str2 + "&" : str2 + "?") + "accessDenied=true&status=403&message=") + URLEncoder.encode(errorMessage, Charsets.UTF_8.name());
        if (this.securityConfig.isLogSecurityError()) {
            this.logger.info("{} AccessDenied, redirect to {}", str, str3);
        }
        httpServletResponse.sendRedirect(str3);
    }

    protected void defaultHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        this.logger.info("{} AccessDenied, delegateAccessDeniedHandler forward to errorPage: {}", httpServletRequest.getMethod() + UrlResourceInfoParser.METHOD_URL_SPILITOR + httpServletRequest.getRequestURI(), this.errorPage);
        this.delegateAccessDeniedHandler.handle(httpServletRequest, httpServletResponse, accessDeniedException);
    }

    protected final String getErrorMessage(AccessDeniedException accessDeniedException) {
        String message = accessDeniedException.getMessage();
        if (this.securityExceptionMessager != null) {
            message = this.securityExceptionMessager.findMessageByThrowable(accessDeniedException, new Object[0]);
        }
        return message;
    }

    public void setErrorPage(String str) {
        this.errorPage = str;
    }

    public void setRedirectErrorUrl(String str) {
        this.redirectErrorUrl = str;
    }
}
