package xyz.shodown.upms.config;

import java.util.Iterator;
import javax.annotation.Resource;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.web.filter.CharacterEncodingFilter;
import xyz.shodown.crypto.enums.CharSet;
import xyz.shodown.upms.security.filter.AuthProcessingFilter;
import xyz.shodown.upms.security.filter.TokenAuthFilter;
import xyz.shodown.upms.security.handler.AuthEntryPoint;
import xyz.shodown.upms.security.handler.NoAccessHandler;
import xyz.shodown.upms.security.support.DynamicAccessDecisionManager;
import xyz.shodown.upms.security.support.DynamicSecurityMetadataSource;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:xyz/shodown/upms/config/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource
    private AdditionalProperties additionalProperties;

    @Resource
    private AuthEntryPoint authEntryPoint;

    @Resource
    private NoAccessHandler noAccessHandler;

    @Resource
    private AuthProcessingFilter authProcessingFilter;

    @Resource
    private TokenAuthFilter tokenAuthFilter;

    @Resource
    private DynamicSecurityMetadataSource dynamicSecurityMetadataSource;

    @Resource
    private DynamicAccessDecisionManager dynamicAccessDecisionManager;

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests = httpSecurity.antMatcher("/**").authorizeRequests();
        CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
        characterEncodingFilter.setEncoding(CharSet.UTF8.name());
        characterEncodingFilter.setForceEncoding(true);
        httpSecurity.csrf().disable();
        httpSecurity.exceptionHandling().authenticationEntryPoint(this.authEntryPoint);
        httpSecurity.exceptionHandling().accessDeniedHandler(this.noAccessHandler);
        httpSecurity.addFilterBefore(characterEncodingFilter, UsernamePasswordAuthenticationFilter.class).addFilterAt(this.authProcessingFilter, UsernamePasswordAuthenticationFilter.class).addFilterBefore(this.tokenAuthFilter, BasicAuthenticationFilter.class);
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        authorizeRequests.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() { // from class: xyz.shodown.upms.config.WebSecurityConfig.1
            public <O extends FilterSecurityInterceptor> O postProcess(O o) {
                o.setSecurityMetadataSource(WebSecurityConfig.this.dynamicSecurityMetadataSource);
                o.setAccessDecisionManager(WebSecurityConfig.this.dynamicAccessDecisionManager);
                return o;
            }
        });
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{"/home"})).hasIpAddress("127.0.0.1");
        Iterator<String> it = this.additionalProperties.getAccess().getIgnoreUrls().iterator();
        while (it.hasNext()) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{it.next()})).permitAll();
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(HttpMethod.OPTIONS, new String[]{"/**"})).denyAll();
        authorizeRequests.and().rememberMe();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.anyRequest()).authenticated();
        authorizeRequests.and().headers().frameOptions().disable();
    }
}
