package com.u2ware.springfield.security.authorization;

import com.u2ware.springfield.security.Navigation;
import com.u2ware.springfield.security.NavigationVisitor;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.expression.WebSecurityExpressionRoot;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.context.ServletContextAware;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

/* loaded from: input_file:com/u2ware/springfield/security/authorization/AccessDecisionInterceptor.class */
public class AccessDecisionInterceptor implements HandlerInterceptor, ServletContextAware {
    protected final Log logger = LogFactory.getLog(getClass());
    protected final String name = getClass().getName();
    private ServletContext servletContext;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/u2ware/springfield/security/authorization/AccessDecisionInterceptor$Visitor.class */
    public class Visitor implements NavigationVisitor {
        private AntPathMatcher antPathMatcher = new AntPathMatcher();
        private AuthorityExpressionRoot accessExpressionRoot;
        private String requestPath;

        public Visitor(Authentication authentication, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            if (authentication != null) {
                this.accessExpressionRoot = new AuthorityExpressionRoot(authentication, httpServletRequest, httpServletResponse);
            }
            this.requestPath = httpServletRequest.getServletPath();
        }

        @Override // com.u2ware.springfield.security.NavigationVisitor
        public void visit(Navigation navigation) {
            updateSelected(navigation);
            updateHide(navigation);
        }

        private void updateSelected(Navigation navigation) {
            if (navigation.getPattern() == null) {
                return;
            }
            if (!this.antPathMatcher.match(navigation.getPattern(), this.requestPath)) {
                navigation.setSelected(false);
            } else {
                navigation.setSelected(true);
                AccessDecisionInterceptor.this.logger.debug("\t" + navigation);
            }
        }

        private void updateHide(Navigation navigation) {
            if (this.accessExpressionRoot != null && navigation.isAccessible()) {
                navigation.setHide(!this.accessExpressionRoot.evaluateAsBoolean(navigation.getAccess()));
                AccessDecisionInterceptor.this.logger.debug("\t" + navigation);
            }
        }
    }

    public void setServletContext(ServletContext servletContext) {
        this.servletContext = servletContext;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        return true;
    }

    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
        if (modelAndView == null || modelAndView.getModel().containsKey(this.name)) {
            return;
        }
        this.logger.debug("Navigate Decide Start " + httpServletRequest.getServletPath() + " " + httpServletRequest.getMethod());
        WebSecurityExpressionRoot createWebSecurityExpressionRoot = createWebSecurityExpressionRoot(httpServletRequest, httpServletResponse);
        Navigation createNavigation = createNavigation(httpServletRequest, httpServletResponse);
        modelAndView.getModel().put("sec", createWebSecurityExpressionRoot);
        modelAndView.getModel().put(Navigation.OBJECT_NAME, createNavigation);
        this.logger.debug("Navigate Decide End " + httpServletRequest.getServletPath() + " " + httpServletRequest.getMethod());
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
    }

    private Navigation createNavigation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Navigation navigation = new Navigation();
        BeanUtils.copyProperties((Navigation) this.servletContext.getAttribute(Navigation.OBJECT_NAME), navigation);
        navigation.travel(new Visitor(SecurityContextHolder.getContext().getAuthentication(), httpServletRequest, httpServletResponse));
        return navigation;
    }

    private WebSecurityExpressionRoot createWebSecurityExpressionRoot(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return null;
        }
        WebSecurityExpressionRoot webSecurityExpressionRoot = new WebSecurityExpressionRoot(authentication, new FilterInvocation(httpServletRequest, httpServletResponse, new FilterChain() { // from class: com.u2ware.springfield.security.authorization.AccessDecisionInterceptor.1
            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
                throw new UnsupportedOperationException();
            }
        }));
        webSecurityExpressionRoot.setTrustResolver(new AuthenticationTrustResolverImpl());
        return webSecurityExpressionRoot;
    }
}
