package org.shoulder.autoconfigure.security.browser;

import org.shoulder.code.config.ValidateCodeSecurityConfig;
import org.shoulder.security.SecurityConst;
import org.shoulder.security.authentication.FormAuthenticationSecurityConfig;
import org.shoulder.security.authentication.sms.SmsCodeAuthenticationSecurityConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
import org.springframework.security.web.session.InvalidSessionStrategy;
import org.springframework.security.web.session.SessionInformationExpiredStrategy;

@Configuration
@ConditionalOnClass({SecurityConst.class})
/* loaded from: input_file:org/shoulder/autoconfigure/security/browser/BrowserSecurityConfig.class */
public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private BrowserProperties browserProperties;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired(required = false)
    private ValidateCodeSecurityConfig validateCodeSecurityConfig;

    @Autowired(required = false)
    private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;

    @Autowired
    private FormAuthenticationSecurityConfig formAuthenticationSecurityConfig;

    @Autowired
    private PersistentTokenRepository persistentTokenRepository;

    @Autowired
    private SessionInformationExpiredStrategy sessionInformationExpiredStrategy;

    @Autowired
    private InvalidSessionStrategy invalidSessionStrategy;

    @Autowired
    private LogoutSuccessHandler logoutSuccessHandler;

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        this.formAuthenticationSecurityConfig.configure(httpSecurity);
        if (this.validateCodeSecurityConfig != null) {
            httpSecurity.apply(this.validateCodeSecurityConfig);
        }
        if (this.smsCodeAuthenticationSecurityConfig != null) {
            httpSecurity.apply(this.smsCodeAuthenticationSecurityConfig);
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.rememberMe().tokenRepository(this.persistentTokenRepository).tokenValiditySeconds(this.browserProperties.getRememberMeSeconds()).userDetailsService(this.userDetailsService).and().sessionManagement().invalidSessionStrategy(this.invalidSessionStrategy).maximumSessions(this.browserProperties.getSession().getMaximumSessions()).maxSessionsPreventsLogin(this.browserProperties.getSession().isMaxSessionsPreventsLogin()).expiredSessionStrategy(this.sessionInformationExpiredStrategy).and().and().logout().logoutUrl("/authentication/cancel").logoutSuccessHandler(this.logoutSuccessHandler).deleteCookies(new String[]{"JSESSIONID"}).and().authorizeRequests().antMatchers(new String[]{"/authentication/require", this.browserProperties.getSignUpUrl(), "/code", this.browserProperties.getSignInPage(), "/authentication/sms", "/facade-signUp.html", "/user/register", this.browserProperties.getSession().getSessionInvalidUrl() + ".json", this.browserProperties.getSession().getSessionInvalidUrl() + ".html"})).permitAll().anyRequest()).authenticated().and().csrf().disable();
    }
}
