package org.sakaiproject.rubrics;

import java.util.Arrays;
import javax.servlet.Filter;
import org.sakaiproject.rubrics.security.JwtAuthenticationEntryPoint;
import org.sakaiproject.rubrics.security.JwtAuthenticationProvider;
import org.sakaiproject.rubrics.security.JwtAuthenticationSuccessHandler;
import org.sakaiproject.rubrics.security.JwtAuthenticationTokenFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:WEB-INF/classes/org/sakaiproject/rubrics/SecurityConfig.class */
public class SecurityConfig extends GlobalMethodSecurityConfiguration {

    @Autowired
    private JwtAuthenticationProvider authenticationProvider;

    @Configuration
    /* loaded from: input_file:WEB-INF/classes/org/sakaiproject/rubrics/SecurityConfig$WebSecurityConfig.class */
    public static class WebSecurityConfig extends WebSecurityConfigurerAdapter {

        @Autowired
        private JwtAuthenticationEntryPoint unauthorizedHandler;

        @Bean
        public JwtAuthenticationTokenFilter authenticationTokenFilterBean() throws Exception {
            JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter = new JwtAuthenticationTokenFilter();
            jwtAuthenticationTokenFilter.setAuthenticationManager(authenticationManager());
            jwtAuthenticationTokenFilter.setAuthenticationSuccessHandler(new JwtAuthenticationSuccessHandler());
            return jwtAuthenticationTokenFilter;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.csrf().disable()).exceptionHandling().authenticationEntryPoint(this.unauthorizedHandler).and()).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()).authorizeRequests().antMatchers("/", "/index", "/favicon.ico", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js").permitAll().anyRequest().authenticated();
            httpSecurity.addFilterBefore((Filter) authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
            httpSecurity.headers().cacheControl();
        }
    }

    @Override // org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
    @Bean
    public AuthenticationManager authenticationManager() {
        return new ProviderManager(Arrays.asList(this.authenticationProvider));
    }

    @Bean
    public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
        return new SecurityEvaluationContextExtension();
    }
}
