package cn.trythis.ams.bootconfig;

import cn.trythis.ams.service.SsoClientService;
import cn.trythis.ams.support.config.AmsConfigUtil;
import cn.trythis.ams.support.security.AmsPasswordEncoderFactories;
import cn.trythis.ams.support.security.bo.SessionModel;
import cn.trythis.ams.support.security.bo.UrlPermissionMode;
import cn.trythis.ams.support.security.config.AmsSecurityConfiguration;
import cn.trythis.ams.support.security.config.DefaultAmsSecurityConfiguration;
import cn.trythis.ams.support.security.service.CustomAccessDeineHandler;
import cn.trythis.ams.support.security.service.CustomAuthenticationEntryPoint;
import cn.trythis.ams.support.security.service.CustomAuthenticationFilter;
import cn.trythis.ams.support.security.service.CustomDaoAuthenticationProvider;
import cn.trythis.ams.support.security.service.CustomUserDetailsServiceImpl;
import cn.trythis.ams.support.security.service.DynamicUrlAccessDecisionManager;
import cn.trythis.ams.support.security.service.DynamicUrlFilterSecurityInterceptor;
import cn.trythis.ams.support.security.service.DynamicUrlRolePermissionMetadataSource;
import cn.trythis.ams.support.security.service.LoginFailureAuthenticationHandler;
import cn.trythis.ams.support.security.service.LoginSuccessAuthenticationHandler;
import cn.trythis.ams.support.security.service.LogoutAuthenticationHandler;
import cn.trythis.ams.support.security.service.TokenAuthFilter;
import java.util.ArrayList;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.context.request.RequestContextListener;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.CorsUtils;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
/* loaded from: input_file:cn/trythis/ams/bootconfig/AmsSecurityConfig.class */
public class AmsSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired(required = false)
    private CustomUserDetailsServiceImpl customUserDetailsService;

    @Autowired(required = false)
    private LoginSuccessAuthenticationHandler successAuthenticationHandler;

    @Autowired(required = false)
    private LoginFailureAuthenticationHandler failureAuthenticationHandler;

    @Autowired(required = false)
    private LogoutAuthenticationHandler logoutAuthenticationHandler;

    @Autowired(required = false)
    private DefaultAmsSecurityConfiguration defaultAmsSecurityConfiguration;

    @Autowired(required = false)
    private DynamicUrlRolePermissionMetadataSource dynamicUrlRolePermissionMetadataSource;

    @Autowired(required = false)
    private SsoClientService ssoClientService;
    private List<String> antPatterns = new ArrayList();

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v153, types: [cn.trythis.ams.support.security.config.AmsSecurityConfiguration] */
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        DefaultAmsSecurityConfiguration defaultAmsSecurityConfiguration = this.defaultAmsSecurityConfiguration;
        if (null != AmsConfigUtil.getBean(AmsSecurityConfiguration.class)) {
            defaultAmsSecurityConfiguration = (AmsSecurityConfiguration) AmsConfigUtil.getBean(AmsSecurityConfiguration.class);
        }
        defaultAmsSecurityConfiguration.configureHttpSecurity(httpSecurity);
        httpSecurity.headers().frameOptions().disable();
        httpSecurity.headers().cacheControl().disable();
        httpSecurity.cors().configurationSource(corsConfigurationSource()).and().csrf().disable();
        if (!this.ssoClientService.isSso().booleanValue()) {
            this.antPatterns.add("/static/**");
            this.antPatterns.add("/html/**");
        }
        this.antPatterns.add("/favicon.ico");
        this.antPatterns.add("/actuator/**");
        this.antPatterns.add("/health/**");
        this.antPatterns.add("/services/**");
        this.antPatterns.add("/open/**");
        this.antPatterns.add("/doc.html");
        this.antPatterns.add("/swagger-ui.html");
        this.antPatterns.add("/v2/api-docs");
        this.antPatterns.add("/configuration/**");
        this.antPatterns.add("/swagger-resources");
        this.antPatterns.add("/swagger-resources/**");
        this.antPatterns.add("/swagger-ui.html");
        this.antPatterns.add("/webjars/**");
        this.antPatterns.add("/error");
        this.antPatterns.add("/session/invalid");
        this.antPatterns.add("/index/param");
        this.antPatterns.add("/sso/enable");
        this.antPatterns.add("/sso/url");
        this.antPatterns.add("/sso/url/authorize");
        this.antPatterns.add("/js/**");
        this.antPatterns.add("/css/**");
        this.antPatterns.add("/images/**");
        this.antPatterns.add("/dbconsole");
        defaultAmsSecurityConfiguration.permitMatchers(this.antPatterns);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().requestMatchers(new RequestMatcher[]{CorsUtils::isPreFlightRequest})).permitAll().antMatchers((String[]) this.antPatterns.toArray(new String[this.antPatterns.size()]))).permitAll().anyRequest()).authenticated();
        httpSecurity.formLogin().loginPage(defaultAmsSecurityConfiguration.loginPage()).loginProcessingUrl(defaultAmsSecurityConfiguration.loginProcessingUrl()).successHandler(this.successAuthenticationHandler).failureHandler(this.failureAuthenticationHandler).permitAll().and().logout().logoutUrl("/logout").addLogoutHandler(this.logoutAuthenticationHandler).permitAll();
        httpSecurity.addFilterAt(customAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
        httpSecurity.addFilterAfter(dynamicUrlFilterSecurityInterceptor(), FilterSecurityInterceptor.class);
        httpSecurity.exceptionHandling().authenticationEntryPoint(new CustomAuthenticationEntryPoint("/")).accessDeniedHandler(new CustomAccessDeineHandler());
        httpSecurity.sessionManagement().maximumSessions(1).expiredUrl("/session/invalid").sessionRegistry(sessionRegistry());
        if (SessionModel.TOKEN.equals(defaultAmsSecurityConfiguration.sessionModel())) {
            httpSecurity.addFilterBefore(new TokenAuthFilter(), UsernamePasswordAuthenticationFilter.class);
            httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }
    }

    @Bean
    @Order(0)
    public RequestContextListener requestContextListener() {
        return new RequestContextListener();
    }

    private DynamicUrlFilterSecurityInterceptor dynamicUrlFilterSecurityInterceptor() {
        DynamicUrlFilterSecurityInterceptor dynamicUrlFilterSecurityInterceptor = new DynamicUrlFilterSecurityInterceptor();
        dynamicUrlFilterSecurityInterceptor.setSecurityMetadataSource(this.dynamicUrlRolePermissionMetadataSource);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new RoleVoter());
        dynamicUrlFilterSecurityInterceptor.setAccessDecisionManager(new DynamicUrlAccessDecisionManager(arrayList));
        if (null != AmsConfigUtil.getBean(AmsSecurityConfiguration.class)) {
            if (UrlPermissionMode.FORCE_CHECK == ((AmsSecurityConfiguration) AmsConfigUtil.getBean(AmsSecurityConfiguration.class)).urlPermissionMode()) {
                dynamicUrlFilterSecurityInterceptor.setRejectPublicInvocations(true);
            }
            dynamicUrlFilterSecurityInterceptor.setPermitAntPatterns(this.antPatterns);
        }
        return dynamicUrlFilterSecurityInterceptor;
    }

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowCredentials(true);
        corsConfiguration.addAllowedOrigin("*");
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.addAllowedMethod("*");
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }

    @Bean
    public CustomAuthenticationFilter customAuthenticationFilter() throws Exception {
        CustomAuthenticationFilter customAuthenticationFilter = new CustomAuthenticationFilter();
        customAuthenticationFilter.setAuthenticationSuccessHandler(this.successAuthenticationHandler);
        customAuthenticationFilter.setAuthenticationFailureHandler(this.failureAuthenticationHandler);
        customAuthenticationFilter.setFilterProcessesUrl("/login");
        customAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
        customAuthenticationFilter.setSessionAuthenticationStrategy(compositeSessionAuthenticationStrategy());
        return customAuthenticationFilter;
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) {
        authenticationManagerBuilder.authenticationProvider(daoAuhthenticationProvider());
        authenticationManagerBuilder.eraseCredentials(false);
    }

    @Bean
    public AuthenticationProvider daoAuhthenticationProvider() {
        CustomDaoAuthenticationProvider customDaoAuthenticationProvider = new CustomDaoAuthenticationProvider(passwordEncoder());
        customDaoAuthenticationProvider.setUserDetailsService(this.customUserDetailsService);
        customDaoAuthenticationProvider.setHideUserNotFoundExceptions(false);
        customDaoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
        return customDaoAuthenticationProvider;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v8, types: [cn.trythis.ams.support.security.config.AmsSecurityConfiguration] */
    @Bean
    public PasswordEncoder passwordEncoder() {
        DefaultAmsSecurityConfiguration defaultAmsSecurityConfiguration = this.defaultAmsSecurityConfiguration;
        if (null != AmsConfigUtil.getBean(AmsSecurityConfiguration.class)) {
            defaultAmsSecurityConfiguration = (AmsSecurityConfiguration) AmsConfigUtil.getBean(AmsSecurityConfiguration.class);
        }
        return AmsPasswordEncoderFactories.createDelegatingPasswordEncoder(defaultAmsSecurityConfiguration.encodingId());
    }

    @Bean
    public SessionRegistry sessionRegistry() {
        return new SessionRegistryEhcacheImpl();
    }

    private CompositeSessionAuthenticationStrategy compositeSessionAuthenticationStrategy() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry()));
        arrayList.add(new SessionFixationProtectionStrategy());
        arrayList.add(new RegisterSessionAuthenticationStrategy(sessionRegistry()));
        return new CompositeSessionAuthenticationStrategy(arrayList);
    }
}
