package cn.wjee.boot.autoconfigure.security.config;

import cn.wjee.boot.autoconfigure.WJeeConstants;
import cn.wjee.boot.autoconfigure.WJeeProperties;
import cn.wjee.boot.autoconfigure.security.authentication.SpringAuthenticationManager;
import cn.wjee.boot.autoconfigure.security.overrides.AjaxAccessDeniedHandler;
import cn.wjee.boot.autoconfigure.security.overrides.AjaxLoginUrlAuthenticationEntryPoint;
import cn.wjee.boot.autoconfigure.security.overrides.ProviderAuthenticationProvider;
import cn.wjee.boot.autoconfigure.security.overrides.ProviderDefaultUserDetailsService;
import cn.wjee.boot.autoconfigure.security.overrides.ProviderUserDetailsService;
import cn.wjee.boot.autoconfigure.security.overrides.RandomFormLoginConfigurer;
import cn.wjee.boot.commons.utils.CollectionUtils;
import javax.annotation.PostConstruct;
import javax.sql.DataSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;

@EnableConfigurationProperties({WJeeProperties.class})
@Configuration
@ConditionalOnClass({DataSource.class, AuthenticationManager.class, GlobalAuthenticationConfigurerAdapter.class})
@ConditionalOnProperty(prefix = "wjee.security.basic", name = {"enabled"}, havingValue = "true")
@EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true, prePostEnabled = true)
/* loaded from: input_file:cn/wjee/boot/autoconfigure/security/config/SpringSecurityBasicConfiguration.class */
public class SpringSecurityBasicConfiguration {
    private static final Logger log = LoggerFactory.getLogger(SpringSecurityBasicConfiguration.class);
    private final WJeeProperties properties;
    private final DataSource dataSource;
    private final JdbcTemplate jdbcTemplate;

    @Value("${spring.jersey.application-path:}")
    private String apiPath;

    @Configuration
    @ConditionalOnClass({WebSecurityConfigurerAdapter.class})
    @Order(2147483622)
    /* loaded from: input_file:cn/wjee/boot/autoconfigure/security/config/SpringSecurityBasicConfiguration$ListeningWebSecurityBasicConfiguration.class */
    class ListeningWebSecurityBasicConfiguration extends WebSecurityConfigurerAdapter {
        private final SecurityProperties securityProperties;

        @Autowired
        public ListeningWebSecurityBasicConfiguration(SecurityProperties securityProperties) {
            this.securityProperties = securityProperties;
        }

        protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
            SecurityProperties.User user = this.securityProperties.getUser();
            authenticationManagerBuilder.inMemoryAuthentication().withUser(user.getName()).password(new BCryptPasswordEncoder().encode(user.getPassword())).roles((String[]) user.getRoles().toArray(new String[0])).and().passwordEncoder(new BCryptPasswordEncoder());
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((HttpSecurity.RequestMatcherConfigurer) ((HttpSecurity.RequestMatcherConfigurer) httpSecurity.requestMatchers().regexMatchers(new String[]{"/eureka/.*|/config/.*"})).antMatchers(CollectionUtils.tokenizeToArray(SpringSecurityBasicConfiguration.this.properties.getSecurity().getBasic().getBasicAuthAntPath()))).and().authorizeRequests().anyRequest()).hasRole(WJeeConstants.Security.ADMIN).and().httpBasic();
        }
    }

    @Configuration
    @ConditionalOnClass({WebSecurityConfigurerAdapter.class, Endpoint.class})
    @Order(2147483612)
    /* loaded from: input_file:cn/wjee/boot/autoconfigure/security/config/SpringSecurityBasicConfiguration$ListeningWebSecurityEndPointsConfiguration.class */
    class ListeningWebSecurityEndPointsConfiguration extends ListeningWebSecurityBasicConfiguration {
        public ListeningWebSecurityEndPointsConfiguration(SecurityProperties securityProperties) {
            super(securityProperties);
        }

        @Override // cn.wjee.boot.autoconfigure.security.config.SpringSecurityBasicConfiguration.ListeningWebSecurityBasicConfiguration
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((HttpSecurity.RequestMatcherConfigurer) httpSecurity.requestMatchers().requestMatchers(new RequestMatcher[]{EndpointRequest.toAnyEndpoint()})).and().authorizeRequests().anyRequest()).hasRole(WJeeConstants.Security.ADMIN).and().httpBasic();
        }
    }

    @Configuration
    @ConditionalOnClass({WebSecurityConfigurerAdapter.class})
    @Order(2147483632)
    /* loaded from: input_file:cn/wjee/boot/autoconfigure/security/config/SpringSecurityBasicConfiguration$ListeningWebSecurityFormConfiguration.class */
    class ListeningWebSecurityFormConfiguration extends WebSecurityConfigurerAdapter {
        private final SessionRegistry sessionRegistry;
        private final ProviderUserDetailsService providerUserDetailsService;

        @Autowired
        public ListeningWebSecurityFormConfiguration(SessionRegistry sessionRegistry, ProviderUserDetailsService providerUserDetailsService) {
            this.sessionRegistry = sessionRegistry;
            this.providerUserDetailsService = providerUserDetailsService;
        }

        protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) {
            authenticationManagerBuilder.authenticationProvider(SpringSecurityBasicConfiguration.this.getListeningAuthenticationProvider(this.providerUserDetailsService));
        }

        public void configure(WebSecurity webSecurity) {
            ((WebSecurity.IgnoredRequestConfigurer) webSecurity.ignoring().antMatchers(HttpMethod.OPTIONS, new String[]{WJeeConstants.Cors.DEFAULT_ALLOWED_PATH})).regexMatchers(new String[]{"/static/.*|/webjars/.*|/css/.*|/js/.*|/images/.*|/index.html|/"});
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((RandomFormLoginConfigurer) httpSecurity.exceptionHandling().authenticationEntryPoint(new AjaxLoginUrlAuthenticationEntryPoint("/login")).accessDeniedHandler(new AjaxAccessDeniedHandler("/403")).and().apply(new RandomFormLoginConfigurer()).defaultSetting(true, "/").permitAll()).and().rememberMe().useSecureCookie(true).rememberMeCookieName("rm-co").and().authorizeRequests().regexMatchers(new String[]{SpringSecurityBasicConfiguration.this.apiPath + "(/login/.*|/logout|/commons/.*)"})).permitAll().regexMatchers(new String[]{"/login/.*|/logout|/commons/.*"})).permitAll().anyRequest()).authenticated().and().sessionManagement().maximumSessions(1).maxSessionsPreventsLogin(false).sessionRegistry(this.sessionRegistry).expiredUrl("/logout").and().and().logout().deleteCookies(new String[]{"JSESSIONID", "SESSION"}).logoutSuccessUrl("/login").and().headers().frameOptions().sameOrigin().and().csrf().disable().headers().frameOptions().sameOrigin().and().httpBasic();
        }

        @Bean
        protected AuthenticationManager authenticationManager() throws Exception {
            return super.authenticationManager();
        }
    }

    public SpringSecurityBasicConfiguration(JdbcTemplate jdbcTemplate, WJeeProperties wJeeProperties, DataSource dataSource) {
        this.jdbcTemplate = jdbcTemplate;
        this.properties = wJeeProperties;
        this.dataSource = dataSource;
    }

    @PostConstruct
    public void postConstructLog() {
        log.debug("WJeeBoot::SpringSecurityBasicConfiguration Post Construct...");
    }

    @Bean
    public ProviderUserDetailsService getProviderUserDetailsService() {
        return new ProviderDefaultUserDetailsService(this.properties, this.jdbcTemplate);
    }

    @Bean
    public SpringAuthenticationManager springAuthenticationManager(AuthenticationManager authenticationManager, AuthenticationManagerBuilder authenticationManagerBuilder) {
        return new SpringAuthenticationManager(authenticationManager, authenticationManagerBuilder);
    }

    @Bean
    public SessionRegistry sessionRegistry() {
        return new SessionRegistryImpl();
    }

    @Bean
    public ProviderAuthenticationProvider getListeningAuthenticationProvider(ProviderUserDetailsService providerUserDetailsService) {
        Assert.notNull(providerUserDetailsService, "ListeningUserDetailsService实例缺失");
        WJeeProperties.Security.Basic basic = this.properties.getSecurity().getBasic();
        return new ProviderAuthenticationProvider().withDataSource(this.dataSource, this.jdbcTemplate, "MYSQL").withSchema(basic.isInitSchema()).withDefaultUser(basic.isWithDefaultUser()).customSchemaLocation(basic.getCustomSchemaLocation()).customDataLocation(basic.getCustomDataLocation()).setUserDetailsService(providerUserDetailsService);
    }
}
