package cn.morethank.open.admin.common.config;

import cn.morethank.open.admin.common.constant.GlobalConstant;
import cn.morethank.open.admin.common.security.CaptchaFilter;
import cn.morethank.open.admin.common.security.JwtAccessDeniedHandler;
import cn.morethank.open.admin.common.security.JwtAuthenticationEntryPoint;
import cn.morethank.open.admin.common.security.JwtAuthenticationFilter;
import cn.morethank.open.admin.common.security.JwtAuthenticationProvider;
import cn.morethank.open.admin.common.security.JwtLogoutSuccessHandler;
import cn.morethank.open.admin.common.security.UserDetailServiceImpl;
import java.util.Collections;
import javax.annotation.Resource;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:cn/morethank/open/admin/common/config/SecurityConfig.class */
public class SecurityConfig {

    @Resource
    private WhiteListConfig whiteListConfig;

    @Resource
    private JwtLogoutSuccessHandler jwtLogoutSuccessHandler;

    @Resource
    private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;

    @Resource
    private JwtAccessDeniedHandler jwtAccessDeniedHandler;

    @Resource
    private JwtAuthenticationFilter jwtAuthenticationFilter;

    @Resource
    private CaptchaFilter captchaFilter;

    @Resource
    private UserDetailServiceImpl userDetailService;

    @Resource
    private JwtAuthenticationProvider jwtAuthenticationProvider;

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.cors().and().csrf().disable().logout().logoutSuccessHandler(this.jwtLogoutSuccessHandler).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers((String[]) this.whiteListConfig.getWhiteList().toArray(new String[0]))).permitAll().anyRequest()).authenticated().and().exceptionHandling().authenticationEntryPoint(this.jwtAuthenticationEntryPoint).accessDeniedHandler(this.jwtAccessDeniedHandler).and().userDetailsService(this.userDetailService).authenticationProvider(this.jwtAuthenticationProvider).addFilterBefore(this.jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class).addFilterBefore(this.captchaFilter, UsernamePasswordAuthenticationFilter.class);
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.addExposedHeader(GlobalConstant.AUTHORIZATION);
        corsConfiguration.setAllowedOriginPatterns(Collections.singletonList("*"));
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.addAllowedMethod("*");
        corsConfiguration.setAllowCredentials(true);
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }
}
