package com.lifeonwalden.app.gateway.auth.filter;

import com.lifeonwalden.app.util.logger.LoggerUtil;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.Logger;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

/* loaded from: input_file:WEB-INF/lib/app-gateway-auth-1.0.8.jar:com/lifeonwalden/app/gateway/auth/filter/BaseAuthorizationFilter.class */
public class BaseAuthorizationFilter extends AuthorizationFilter {
    private static final Logger logger = LoggerUtil.getLogger(BaseAuthorizationFilter.class);

    @Override // org.apache.shiro.web.filter.AccessControlFilter
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        logger.debug("isAccessAllowed");
        Subject subject = getSubject(servletRequest, servletResponse);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String requestURI = httpServletRequest.getRequestURI();
        String contextPath = httpServletRequest.getContextPath();
        if (StringUtils.startsWithIgnoreCase(requestURI, contextPath.concat("/open/"))) {
            logger.debug("isAccessAllowed : user : {}, mappedValue : {}, resource : {}, isAllowed : Open Resource", subject.getPrincipal(), obj, requestURI);
            if (!StringUtils.equalsIgnoreCase(requestURI, contextPath.concat("/open/sso/preLogin"))) {
                return true;
            }
            ssoPreLogin(httpServletRequest);
            return true;
        }
        if (isPermitted(subject, requestURI, httpServletRequest)) {
            logger.debug("isAccessAllowed : user : {}, mappedValue : {}, resource : {}, isAllowed : True", subject.getPrincipal(), obj, requestURI);
            return true;
        }
        logger.debug("isAccessAllowed : user : {}, mappedValue : {}, resource : {}, isAllowed : False", subject.getPrincipal(), obj, requestURI);
        if (!requestURI.isEmpty() && StringUtils.containsIgnoreCase(requestURI, ".do")) {
            return false;
        }
        logger.error("Invalid request : user : {}, mappedValue : {}, resource : {}", subject.getPrincipal(), obj, requestURI);
        return false;
    }

    protected void ssoPreLogin(HttpServletRequest httpServletRequest) {
    }

    protected boolean isPermitted(Subject subject, String str, HttpServletRequest httpServletRequest) {
        return null != subject.getPrincipal() && subject.isPermitted(str);
    }
}
