package org.shoulder.autoconfigure.security.token;

import org.shoulder.autoconfigure.condition.ConditionalOnAuthType;
import org.shoulder.autoconfigure.security.code.ValidateCodeSecurityConfig;
import org.shoulder.core.log.LoggerFactory;
import org.shoulder.security.SecurityConst;
import org.shoulder.security.authentication.AuthenticationType;
import org.shoulder.security.authentication.FormAuthenticationSecurityConfig;
import org.shoulder.security.authentication.sms.PhoneNumAuthenticationSecurityConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider;
import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;

@EnableWebSecurity
@AutoConfiguration(after = {TokenAuthBeanConfiguration.class})
@ConditionalOnClass({SecurityConst.class})
@ConditionalOnMissingBean({WebSecurityConfigurerAdapter.class})
@ConditionalOnAuthType(type = AuthenticationType.TOKEN)
@ConditionalOnProperty(name = {"shoulder.security.auth.token.default-config"}, havingValue = "enable", matchIfMissing = true)
/* loaded from: input_file:org/shoulder/autoconfigure/security/token/TokenSecurityConfiguration.class */
public class TokenSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private FormAuthenticationSecurityConfig formAuthenticationSecurityConfig;

    @Autowired(required = false)
    private ValidateCodeSecurityConfig validateCodeSecurityConfig;

    @Autowired(required = false)
    private PhoneNumAuthenticationSecurityConfig phoneNumAuthenticationSecurityConfig;

    @Autowired(required = false)
    AuthenticationEntryPoint authenticationEntryPoint;

    @Autowired(required = false)
    AccessDeniedHandler accessDeniedHandler;

    @Autowired(required = false)
    private OpaqueTokenAuthenticationProvider tokenAuthenticationProvider;

    @Autowired
    @Lazy
    private AuthenticationManager authenticationManager = null;

    public TokenSecurityConfiguration() {
        LoggerFactory.getLogger(getClass()).warn("use default TokenSecurityConfiguration, csrf protect was closed.");
    }

    @ConditionalOnMissingBean
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        AuthenticationManager authenticationManagerBean = super.authenticationManagerBean();
        this.authenticationManager = authenticationManagerBean;
        return authenticationManagerBean;
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        this.formAuthenticationSecurityConfig.configure(httpSecurity);
        if (this.validateCodeSecurityConfig != null) {
            httpSecurity.apply(this.validateCodeSecurityConfig);
        }
        if (this.phoneNumAuthenticationSecurityConfig != null) {
            httpSecurity.apply(this.phoneNumAuthenticationSecurityConfig);
        }
        if (this.accessDeniedHandler != null) {
            httpSecurity.exceptionHandling().accessDeniedHandler(this.accessDeniedHandler);
        }
        if (this.authenticationEntryPoint != null) {
            httpSecurity.exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint);
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.userDetailsService(this.userDetailsService).authorizeRequests().antMatchers(new String[]{"/error", "/authentication/require", "/code", "/authentication/form", "/authentication/sms"})).permitAll().anyRequest()).authenticated().and().csrf().disable();
        if (this.tokenAuthenticationProvider != null) {
            httpSecurity.addFilter(new BearerTokenAuthenticationFilter(this.authenticationManager)).authenticationProvider(this.tokenAuthenticationProvider);
        }
    }
}
