package be.atbash.ee.security.octopus.filter.authc;

import be.atbash.ee.security.octopus.config.OctopusJSFConfiguration;
import be.atbash.ee.security.octopus.filter.AccessControlFilter;
import be.atbash.ee.security.octopus.subject.WebSubject;
import java.io.IOException;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

@ApplicationScoped
/* loaded from: input_file:be/atbash/ee/security/octopus/filter/authc/UserFilter.class */
public class UserFilter extends AccessControlFilter {

    @Inject
    private OctopusJSFConfiguration octopusJSFConfiguration;
    private static final String FACES_REDIRECT_XML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><partial-response><redirect url=\"%s\"></redirect></partial-response>";

    @PostConstruct
    public void initInstance() {
        setName("user");
        setLoginUrl(this.octopusJSFConfiguration.getLoginPage());
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        if (isLoginRequest(servletRequest, servletResponse)) {
            return true;
        }
        WebSubject subject = getSubject(servletRequest, servletResponse);
        return subject.getPrincipal() != null && (subject.isAuthenticated() || subject.isRemembered());
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        boolean postIsAllowedSavedRequest = this.octopusJSFConfiguration.getPostIsAllowedSavedRequest();
        if (!"POST".equals(((HttpServletRequest) servletRequest).getMethod()) || postIsAllowedSavedRequest) {
            saveRequestAndRedirectToLogin(servletRequest, servletResponse);
            return false;
        }
        redirectToLogin(servletRequest, servletResponse);
        return false;
    }

    protected void redirectToLogin(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (!"partial/ajax".equals(httpServletRequest.getHeader("Faces-Request"))) {
            super.redirectToLogin(servletRequest, servletResponse);
            return;
        }
        servletResponse.setContentType("text/xml");
        servletResponse.setCharacterEncoding("UTF-8");
        String loginUrl = getLoginUrl();
        if (loginUrl.startsWith(LogoutFilter.DEFAULT_REDIRECT_URL) || !loginUrl.startsWith("http")) {
            loginUrl = httpServletRequest.getContextPath() + loginUrl;
        }
        servletResponse.getWriter().printf(FACES_REDIRECT_XML, loginUrl);
    }

    protected boolean isLoginRequest(ServletRequest servletRequest, ServletResponse servletResponse) {
        prepareLoginURL(servletRequest, servletResponse);
        return super.isLoginRequest(servletRequest, servletResponse);
    }

    public void prepareLoginURL(ServletRequest servletRequest, ServletResponse servletResponse) {
    }
}
