package be.atbash.ee.security.octopus.filter.authc;

import be.atbash.ee.security.octopus.config.OctopusJSFConfiguration;
import be.atbash.ee.security.octopus.context.OctopusSecurityContext;
import be.atbash.ee.security.octopus.filter.AdviceFilter;
import be.atbash.ee.security.octopus.util.WebUtils;
import be.atbash.ee.security.octopus.view.OctopusJSFSecurityContext;
import be.atbash.util.CDIUtils;
import java.lang.annotation.Annotation;
import java.util.Locale;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

@ApplicationScoped
/* loaded from: input_file:be/atbash/ee/security/octopus/filter/authc/LogoutFilter.class */
public class LogoutFilter extends AdviceFilter {
    private boolean postOnlyLogout = false;
    private OctopusSecurityContext securityContext;

    @PostConstruct
    public void initInstance() {
        setName("logout");
        this.securityContext = (OctopusSecurityContext) CDIUtils.retrieveInstance(OctopusJSFSecurityContext.class, new Annotation[0]);
        this.postOnlyLogout = ((OctopusJSFConfiguration) CDIUtils.retrieveInstance(OctopusJSFConfiguration.class, new Annotation[0])).getLogoutFilterPostOnly();
    }

    protected boolean preHandle(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (this.postOnlyLogout && !WebUtils.toHttp(servletRequest).getMethod().toUpperCase(Locale.ENGLISH).equals("POST")) {
            return onLogoutRequestNotAPost(servletRequest, servletResponse);
        }
        this.securityContext.logout();
        return false;
    }

    protected boolean onLogoutRequestNotAPost(ServletRequest servletRequest, ServletResponse servletResponse) {
        HttpServletResponse http = WebUtils.toHttp(servletResponse);
        http.setStatus(405);
        http.setHeader("Allow", "POST");
        return false;
    }
}
