package com.blossomproject.autoconfigure.ui.web;

import com.blossomproject.autoconfigure.ui.web.WebInterfaceAutoConfiguration;
import com.blossomproject.core.common.utils.privilege.Privilege;
import com.blossomproject.ui.BlossomAuthenticationSuccessHandlerImpl;
import com.blossomproject.ui.security.LimitLoginAuthenticationProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.switchuser.SwitchUserFilter;
import org.springframework.security.web.session.HttpSessionEventPublisher;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;

@ConditionalOnBean({WebInterfaceAutoConfiguration.class})
@Configuration
@AutoConfigureAfter({WebInterfaceAutoConfiguration.class})
/* loaded from: input_file:com/blossomproject/autoconfigure/ui/web/FormLoginWebSecurityConfigurerAdapter.class */
public class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
    private final UserDetailsService userDetailsService;
    private final BlossomAuthenticationSuccessHandlerImpl blossomAuthenticationSuccessHandler;
    private final SessionRegistry sessionRegistry;
    private final Privilege switchUserPrivilege;
    private final LimitLoginAuthenticationProvider limitLoginAuthenticationProvider;
    private final BlossomWebBackOfficeProperties webBackOfficeProperties;

    public FormLoginWebSecurityConfigurerAdapter(UserDetailsService userDetailsService, BlossomAuthenticationSuccessHandlerImpl blossomAuthenticationSuccessHandlerImpl, SessionRegistry sessionRegistry, LimitLoginAuthenticationProvider limitLoginAuthenticationProvider, @Qualifier("switchUserPrivilege") Privilege privilege, BlossomWebBackOfficeProperties blossomWebBackOfficeProperties) {
        this.userDetailsService = userDetailsService;
        this.blossomAuthenticationSuccessHandler = blossomAuthenticationSuccessHandlerImpl;
        this.sessionRegistry = sessionRegistry;
        this.limitLoginAuthenticationProvider = limitLoginAuthenticationProvider;
        this.switchUserPrivilege = privilege;
        this.webBackOfficeProperties = blossomWebBackOfficeProperties;
    }

    @Bean
    public static ServletListenerRegistrationBean httpSessionEventPublisher() {
        return new ServletListenerRegistrationBean(new HttpSessionEventPublisher());
    }

    @Bean
    public SwitchUserFilter switchUserProcessingFilter() {
        SwitchUserFilter switchUserFilter = new SwitchUserFilter();
        switchUserFilter.setUserDetailsService(this.userDetailsService);
        switchUserFilter.setSwitchAuthorityRole(this.switchUserPrivilege.privilege());
        switchUserFilter.setSwitchUserUrl("/blossom/administration/_impersonate");
        switchUserFilter.setExitUserUrl("/blossom/administration/_impersonate/logout");
        switchUserFilter.setTargetUrl("/blossom");
        switchUserFilter.setSwitchFailureUrl("/blossom");
        return switchUserFilter;
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.authenticationProvider(this.limitLoginAuthenticationProvider);
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.addFilterAfter(switchUserProcessingFilter(), FilterSecurityInterceptor.class);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.antMatcher("/blossom/**").authorizeRequests().anyRequest()).fullyAuthenticated().and().formLogin().loginPage("/blossom/login").failureUrl("/blossom/login?error").successHandler(this.blossomAuthenticationSuccessHandler).permitAll().and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/blossom/logout")).deleteCookies(new String[]{"blossom"}).logoutSuccessUrl("/blossom/login").permitAll().and().rememberMe().rememberMeCookieName("blossom").and().exceptionHandling().defaultAuthenticationEntryPointFor((httpServletRequest, httpServletResponse, authenticationException) -> {
            httpServletResponse.sendError(401);
        }, new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest")).and().sessionManagement().maximumSessions(this.webBackOfficeProperties.getMaxSessionsPerUser()).maxSessionsPreventsLogin(true).expiredSessionStrategy(new WebInterfaceAutoConfiguration.BlossomInvalidSessionStrategy("/blossom/login")).sessionRegistry(this.sessionRegistry);
    }
}
