package org.tomitribe.crest.interceptor.security;

import javax.annotation.security.RolesAllowed;
import org.tomitribe.crest.api.interceptor.CrestContext;
import org.tomitribe.crest.api.interceptor.CrestInterceptor;
import org.tomitribe.crest.environments.Environment;

/* loaded from: input_file:org/tomitribe/crest/interceptor/security/SecurityInterceptor.class */
public class SecurityInterceptor {
    @CrestInterceptor
    public Object secure(CrestContext crestContext) {
        RolesAllowed annotation = crestContext.getMethod().getAnnotation(RolesAllowed.class);
        if (annotation == null) {
            return crestContext.proceed();
        }
        RoleProvider roleProvider = (RoleProvider) Environment.ENVIRONMENT_THREAD_LOCAL.get().findService(RoleProvider.class);
        if (roleProvider == null) {
            throw new IllegalStateException("No RoleProvider registered, security interceptor can't work.");
        }
        for (String str : annotation.value()) {
            if (roleProvider.hasRole(str)) {
                return crestContext.proceed();
            }
        }
        throw new IllegalArgumentException("User is not allowed to perform this operation");
    }
}
