package xyz.shodown.boot.upms.config;

import java.util.Iterator;
import javax.annotation.Resource;
import javax.servlet.Filter;
import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.web.filter.CharacterEncodingFilter;
import xyz.shodown.boot.upms.filter.AuthProcessingFilter;
import xyz.shodown.boot.upms.filter.TokenAuthFilter;
import xyz.shodown.boot.upms.handler.AuthEntryPoint;
import xyz.shodown.boot.upms.handler.NoAccessHandler;
import xyz.shodown.boot.upms.support.DynamicAccessDecisionManager;
import xyz.shodown.boot.upms.support.DynamicSecurityMetadataSource;
import xyz.shodown.common.consts.Charsets;
import xyz.shodown.common.util.basic.ListUtil;

@Configuration
@EnableOAuth2Client
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
/* loaded from: input_file:xyz/shodown/boot/upms/config/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource
    private AdditionalProperties additionalProperties;

    @Resource
    private AuthEntryPoint authEntryPoint;

    @Resource
    private NoAccessHandler noAccessHandler;

    @Resource
    private AuthProcessingFilter authProcessingFilter;

    @Resource
    private TokenAuthFilter tokenAuthFilter;

    @Resource
    private DynamicSecurityMetadataSource dynamicSecurityMetadataSource;

    @Resource
    private DynamicAccessDecisionManager dynamicAccessDecisionManager;

    @Resource
    private OAuth2ClientContext oAuth2ClientContext;

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests = httpSecurity.antMatcher("/**").authorizeRequests();
        CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
        characterEncodingFilter.setEncoding(Charsets.UTF8.name());
        characterEncodingFilter.setForceEncoding(true);
        httpSecurity.csrf().disable();
        httpSecurity.exceptionHandling().authenticationEntryPoint(this.authEntryPoint);
        httpSecurity.exceptionHandling().accessDeniedHandler(this.noAccessHandler);
        httpSecurity.addFilterBefore(characterEncodingFilter, UsernamePasswordAuthenticationFilter.class).addFilterAt(this.authProcessingFilter, UsernamePasswordAuthenticationFilter.class).addFilterBefore(this.tokenAuthFilter, BasicAuthenticationFilter.class);
        Filter oauth2ClientFilter = oauth2ClientFilter();
        if (oauth2ClientFilter != null) {
            httpSecurity.addFilterBefore(oauth2ClientFilter, BasicAuthenticationFilter.class);
        }
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        authorizeRequests.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() { // from class: xyz.shodown.boot.upms.config.WebSecurityConfig.1
            public <O extends FilterSecurityInterceptor> O postProcess(O o) {
                o.setSecurityMetadataSource(WebSecurityConfig.this.dynamicSecurityMetadataSource);
                o.setAccessDecisionManager(WebSecurityConfig.this.dynamicAccessDecisionManager);
                return o;
            }
        });
        if (this.additionalProperties != null && !ListUtil.isEmpty(this.additionalProperties.getAccess().getIgnoreUrls())) {
            Iterator<String> it = this.additionalProperties.getAccess().getIgnoreUrls().iterator();
            while (it.hasNext()) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{it.next()})).permitAll();
            }
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(HttpMethod.OPTIONS, new String[]{"/**"})).denyAll();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{"/login"})).permitAll();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.anyRequest()).authenticated();
        authorizeRequests.and().headers().frameOptions().disable();
    }

    private Filter oauth2ClientFilter() {
        if (this.additionalProperties.getOauth2() == null) {
            return null;
        }
        OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationProcessingFilter = new OAuth2ClientAuthenticationProcessingFilter(this.additionalProperties.getOauth2().getRedirectUrl());
        OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(authCodeResourceDetails(), this.oAuth2ClientContext);
        oAuth2ClientAuthenticationProcessingFilter.setRestTemplate(oAuth2RestTemplate);
        UserInfoTokenServices userInfoTokenServices = new UserInfoTokenServices(resServerProperties().getUserInfoUri(), authCodeResourceDetails().getClientId());
        userInfoTokenServices.setRestTemplate(oAuth2RestTemplate);
        oAuth2ClientAuthenticationProcessingFilter.setTokenServices(userInfoTokenServices);
        return oAuth2ClientAuthenticationProcessingFilter;
    }

    @ConfigurationProperties("shodown.upms.oauth2.resource")
    @Bean
    public ResourceServerProperties resServerProperties() {
        return new ResourceServerProperties();
    }

    @ConfigurationProperties("shodown.upms.oauth2.client")
    @Bean
    public AuthorizationCodeResourceDetails authCodeResourceDetails() {
        return new AuthorizationCodeResourceDetails();
    }
}
