package org.osaf.cosmo.acegisecurity;

import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import org.osaf.cosmo.acegisecurity.providers.ticket.TicketAuthenticationToken;
import org.osaf.cosmo.acegisecurity.providers.wsse.WsseAuthenticationToken;
import org.osaf.cosmo.acegisecurity.userdetails.CosmoUserDetails;
import org.osaf.cosmo.model.User;
import org.osaf.cosmo.server.UserPath;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.FilterInvocation;

/* loaded from: input_file:org/osaf/cosmo/acegisecurity/UserPathAccessDecisionManager.class */
public class UserPathAccessDecisionManager implements AccessDecisionManager {
    public void decide(Authentication authentication, Object obj, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
        HttpServletRequest httpRequest = ((FilterInvocation) obj).getHttpRequest();
        if (!(authentication instanceof UsernamePasswordAuthenticationToken) && !(authentication instanceof TicketAuthenticationToken) && !(authentication instanceof WsseAuthenticationToken)) {
            throw new InsufficientAuthenticationException("Unrecognized authentication token");
        }
        UserPath parse = UserPath.parse(httpRequest.getPathInfo(), true);
        if (parse != null) {
            if (!(authentication instanceof UsernamePasswordAuthenticationToken) && !(authentication instanceof WsseAuthenticationToken)) {
                throw new AccessDeniedException("principal cannot access resource");
            }
            User user = ((CosmoUserDetails) authentication.getPrincipal()).getUser();
            if (!user.getUsername().equalsIgnoreCase(parse.getUsername()) && !user.getAdmin().booleanValue()) {
                throw new AccessDeniedException("principal cannot access resource");
            }
        }
    }

    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    public boolean supports(Class<?> cls) {
        return FilterInvocation.class.isAssignableFrom(cls);
    }
}
