package cn.wic4j.security.resource.config;

import cn.wi4j.security.core.config.SecurityProperties;
import jakarta.annotation.Resource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
import org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;

/* loaded from: input_file:cn/wic4j/security/resource/config/ResourceServerConfig.class */
public class ResourceServerConfig {

    @Resource
    private SecurityProperties securityProperties;

    @Autowired
    @Qualifier("resourceServerAuthenticationFailureHandler")
    private AuthenticationFailureHandler authenticationFailureHandler;

    @Resource
    private AuthenticationEntryPoint authenticationEntryPoint;

    @Resource
    private AccessDeniedHandler accessDeniedHandler;

    @Resource
    private OpaqueTokenIntrospector opaqueTokenIntrospector;

    @Bean
    @Order(2)
    public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers((String[]) this.securityProperties.getIgnoreUrls().toArray(new String[0]))).permitAll().anyRequest()).authenticated();
        }).oauth2ResourceServer().accessDeniedHandler(this.accessDeniedHandler).authenticationEntryPoint(this.authenticationEntryPoint).opaqueToken(opaqueTokenConfigurer -> {
            opaqueTokenConfigurer.introspector(this.opaqueTokenIntrospector);
        }).and().headers().frameOptions().disable().and().csrf().disable();
        DefaultSecurityFilterChain defaultSecurityFilterChain = (DefaultSecurityFilterChain) httpSecurity.build();
        for (BearerTokenAuthenticationFilter bearerTokenAuthenticationFilter : defaultSecurityFilterChain.getFilters()) {
            if (bearerTokenAuthenticationFilter instanceof BearerTokenAuthenticationFilter) {
                bearerTokenAuthenticationFilter.setAuthenticationFailureHandler(this.authenticationFailureHandler);
            }
        }
        return defaultSecurityFilterChain;
    }
}
