package org.shoulder.autoconfigure.security.browser;

import org.shoulder.autoconfigure.condition.ConditionalOnAuthType;
import org.shoulder.autoconfigure.security.AuthenticationBeanConfig;
import org.shoulder.autoconfigure.security.code.ValidateCodeSecurityConfig;
import org.shoulder.core.log.LoggerFactory;
import org.shoulder.security.SecurityConst;
import org.shoulder.security.authentication.AuthenticationType;
import org.shoulder.security.authentication.FormAuthenticationSecurityConfig;
import org.shoulder.security.authentication.sms.PhoneNumAuthenticationSecurityConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
import org.springframework.security.web.session.InvalidSessionStrategy;
import org.springframework.security.web.session.SessionInformationExpiredStrategy;

@Configuration(proxyBeanMethods = false)
@ConditionalOnClass({SecurityConst.class})
@AutoConfigureAfter({AuthenticationBeanConfig.class, BrowserSessionAuthBeanConfiguration.class})
@ConditionalOnMissingBean({WebSecurityConfigurerAdapter.class})
@ConditionalOnAuthType(type = AuthenticationType.SESSION)
@ConditionalOnProperty(name = {"shoulder.security.auth.session.default-config"}, havingValue = "enable", matchIfMissing = true)
/* loaded from: input_file:org/shoulder/autoconfigure/security/browser/BrowserSecurityConfiguration.class */
public class BrowserSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private BrowserSessionAuthProperties browserSessionAuthProperties;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private FormAuthenticationSecurityConfig formAuthenticationSecurityConfig;

    @Autowired
    private SessionInformationExpiredStrategy sessionInformationExpiredStrategy;

    @Autowired
    private InvalidSessionStrategy invalidSessionStrategy;

    @Autowired(required = false)
    private ValidateCodeSecurityConfig validateCodeSecurityConfig;

    @Autowired(required = false)
    private PhoneNumAuthenticationSecurityConfig phoneNumAuthenticationSecurityConfig;

    @Autowired(required = false)
    private PersistentTokenRepository persistentTokenRepository;

    public BrowserSecurityConfiguration() {
        LoggerFactory.getLogger(getClass()).warn("use default BrowserSecurityConfiguration, csrf protect was closed.");
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        this.formAuthenticationSecurityConfig.setLoginPageUrl(this.browserSessionAuthProperties.getSignInPage());
        this.formAuthenticationSecurityConfig.configure(httpSecurity);
        if (this.validateCodeSecurityConfig != null) {
            httpSecurity.apply(this.validateCodeSecurityConfig);
        }
        if (this.phoneNumAuthenticationSecurityConfig != null) {
            httpSecurity.apply(this.phoneNumAuthenticationSecurityConfig);
        }
        if (this.persistentTokenRepository != null) {
            httpSecurity.rememberMe().tokenRepository(this.persistentTokenRepository).tokenValiditySeconds((int) this.browserSessionAuthProperties.getRememberMeSeconds().toSeconds()).userDetailsService(this.userDetailsService);
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.sessionManagement().invalidSessionStrategy(this.invalidSessionStrategy).maximumSessions(this.browserSessionAuthProperties.getSession().getMaximumSessions()).maxSessionsPreventsLogin(this.browserSessionAuthProperties.getSession().isMaxSessionsPreventsLogin()).expiredSessionStrategy(this.sessionInformationExpiredStrategy).and().and().logout().logoutUrl("/authentication/cancel").logoutSuccessUrl(this.browserSessionAuthProperties.getSignOutSuccessUrl()).deleteCookies(new String[]{"JSESSIONID"}).and().authorizeRequests().antMatchers(new String[]{"/error", "/authentication/require", this.browserSessionAuthProperties.getSignUpUrl(), "/code", this.browserSessionAuthProperties.getSignInPage(), "/authentication/sms", this.browserSessionAuthProperties.getSignOutSuccessUrl(), "/signUp.html", "/user/register", this.browserSessionAuthProperties.getSession().getSessionInvalidUrl()})).permitAll().anyRequest()).authenticated().and().csrf().disable();
    }
}
