package com.brienwheeler.web.spring.security;

import com.brienwheeler.lib.db.domain.DbId;
import com.brienwheeler.lib.util.ValidationUtils;
import com.brienwheeler.svc.users.IUserService;
import com.brienwheeler.svc.users.domain.User;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:com/brienwheeler/web/spring/security/SetUserInSessionInterceptor.class */
public class SetUserInSessionInterceptor extends HandlerInterceptorAdapter {
    private static final Log log = LogFactory.getLog(SetUserInSessionInterceptor.class);
    private static final String SESSION_ATTR_USER = "com.brienwheeler.web.spring.security.SetUserInSessionInterceptor.user";
    private IUserService userService;

    @Required
    public void setUserService(IUserService iUserService) {
        this.userService = iUserService;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        HttpSession session;
        long loggedInUserId = SecurityUtils.getLoggedInUserId();
        if (loggedInUserId != 0 && (session = httpServletRequest.getSession(false)) != null) {
            User user = (User) session.getAttribute(SESSION_ATTR_USER);
            if (user == null) {
                User findById = this.userService.findById(new DbId(User.class, loggedInUserId));
                if (findById == null) {
                    throw new IllegalStateException("failed to lookup authenticated user");
                }
                log.info("setting user id " + findById.getId() + " into session " + session.getId());
                session.setAttribute(SESSION_ATTR_USER, findById);
            } else if (user.getId() != loggedInUserId) {
                throw new IllegalStateException("id of stored user does not match current authenticated user");
            }
        }
        return super.preHandle(httpServletRequest, httpServletResponse, obj);
    }

    public static User getCachedUser(HttpSession httpSession, boolean z) {
        ValidationUtils.assertNotNull(httpSession, "session cannot be null");
        User user = (User) httpSession.getAttribute(SESSION_ATTR_USER);
        if (user == null && z) {
            throw new IllegalStateException("no cached user found in session");
        }
        return user;
    }

    public static User getCachedUser(HttpSession httpSession) {
        return getCachedUser(httpSession, true);
    }
}
