package be.atbash.ee.security.octopus.filter.authz;

import be.atbash.ee.security.octopus.SecurityUtils;
import be.atbash.ee.security.octopus.config.OctopusJSFConfiguration;
import be.atbash.ee.security.octopus.config.exception.ConfigurationException;
import be.atbash.ee.security.octopus.filter.authc.AbstractUserFilter;
import be.atbash.ee.security.octopus.filter.mgt.FilterChainManager;
import be.atbash.ee.security.octopus.subject.WebSubject;
import be.atbash.ee.security.octopus.util.WebUtils;
import be.atbash.util.StringUtils;
import java.io.IOException;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

@ApplicationScoped
/* loaded from: input_file:be/atbash/ee/security/octopus/filter/authz/JSFAccessDeniedHandler.class */
public class JSFAccessDeniedHandler implements AccessDeniedHandler {

    @Inject
    private OctopusJSFConfiguration jsfConfiguration;

    @Inject
    private FilterChainManager filterChainManager;
    private AbstractUserFilter userFilter;

    @PostConstruct
    public void init() {
        AbstractUserFilter filter = this.filterChainManager.getFilter(this.jsfConfiguration.getDefaultUserFilter());
        if (!(filter instanceof AbstractUserFilter)) {
            throw new ConfigurationException(String.format("(OCT-DEV-???) The filter defined with 'user.filter.default' must be an instance of AbstractUserFilter. %s is not of the correct type", this.jsfConfiguration.getDefaultUserFilter()));
        }
        this.userFilter = filter;
    }

    public boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        WebSubject subject = SecurityUtils.getSubject();
        if (subject.getPrincipal() == null || !(subject.isAuthenticated() || subject.isRemembered())) {
            this.userFilter.saveRequestAndRedirectToLogin(servletRequest, servletResponse);
            return false;
        }
        String unauthorizedExceptionPage = this.jsfConfiguration.getUnauthorizedExceptionPage();
        if (StringUtils.hasText(unauthorizedExceptionPage)) {
            WebUtils.issueRedirect(servletRequest, servletResponse, unauthorizedExceptionPage);
            return false;
        }
        WebUtils.toHttp(servletResponse).sendError(401);
        return false;
    }
}
