package cn.home1.oss.lib.security.starter;

import cn.home1.oss.boot.autoconfigure.AppProperties;
import cn.home1.oss.lib.errorhandle.starter.ErrorHandleAutoConfiguration;
import cn.home1.oss.lib.security.CompositeAuthenticationProvider;
import cn.home1.oss.lib.security.api.BaseUserDetailsAuthenticationProvider;
import cn.home1.oss.lib.security.internal.feign.FeignTokenConfiguration;
import cn.home1.oss.lib.security.internal.zuul.ZuulTokenConfiguration;
import cn.home1.oss.lib.webmvc.starter.WebApplicationAutoConfiguration;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.security.FallbackWebSecurityAutoConfiguration;
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.context.NullSecurityContextRepository;

@AutoConfigureBefore({FallbackWebSecurityAutoConfiguration.class})
@ConditionalOnClass({WebSecurityConfigurerAdapter.class})
@Configuration
@AutoConfigureAfter({WebApplicationAutoConfiguration.class, ErrorHandleAutoConfiguration.class, SecurityAutoConfiguration.class})
@Import({VerifyCodeConfiguration.class, PermitedRequestConfiguration.class, PreAuthConfiguration.class, BasicAuthConfiguration.class, FormAuthConfiguration.class, CsrfConfiguration.class, MethodSecurityConfiguration.class, FeignTokenConfiguration.class, ZuulTokenConfiguration.class, SwaggerConfiguration.class})
@Order(WebApplicationSecurityAutoConfiguration.ORDER_AFTER_MANAGEMENT_BEFORE_FALLBACK)
/* loaded from: input_file:cn/home1/oss/lib/security/starter/WebApplicationSecurityAutoConfiguration.class */
public class WebApplicationSecurityAutoConfiguration extends WebSecurityConfigurerAdapter {
    private static final Logger log = LoggerFactory.getLogger(WebApplicationSecurityAutoConfiguration.class);
    public static final int ORDER_AFTER_MANAGEMENT_BEFORE_FALLBACK = 2147483641;

    @Autowired
    private AppProperties appProperties;

    @Autowired
    @Qualifier(PermitedRequestConfiguration.PERMITED_REQUESTS)
    public Map<String, List<String>> permitedRequests;

    @Autowired
    private AuthenticationManager parentAuthenticationManager;

    @Autowired(required = false)
    @Qualifier("preAuthAuthenticationProvider")
    private AuthenticationProvider preAuthAuthenticationProvider;

    @Autowired(required = false)
    private BaseUserDetailsAuthenticationProvider userDetailsAuthenticationProvider;

    @Autowired(required = false)
    private List<SecurityConfigurer> securityConfigurers;

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        Iterator<SecurityConfigurer> it = securityConfigurers().iterator();
        while (it.hasNext()) {
            it.next().configure(authenticationManagerBuilder);
        }
        List list = (List) Lists.newArrayList(new AuthenticationProvider[]{this.preAuthAuthenticationProvider, this.userDetailsAuthenticationProvider}).stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
        if (list.isEmpty()) {
            return;
        }
        CompositeAuthenticationProvider compositeAuthenticationProvider = new CompositeAuthenticationProvider();
        compositeAuthenticationProvider.setDelegates(ImmutableList.copyOf(list));
        authenticationManagerBuilder.eraseCredentials(false).parentAuthenticationManager(this.parentAuthenticationManager).authenticationProvider(compositeAuthenticationProvider);
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.securityContext().securityContextRepository(new NullSecurityContextRepository());
        if (this.appProperties.getSecurityEnabled().booleanValue()) {
            ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests = httpSecurity.authorizeRequests();
            for (Map.Entry<String, List<String>> entry : this.permitedRequests.entrySet()) {
                String key = entry.getKey();
                HttpMethod valueOf = StringUtils.isBlank(key) ? null : HttpMethod.valueOf(key);
                String[] strArr = (String[]) entry.getValue().stream().toArray(i -> {
                    return new String[i];
                });
                authorizeRequests = valueOf == null ? ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(strArr)).permitAll() : ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(valueOf, strArr)).permitAll();
            }
        }
        Iterator<SecurityConfigurer> it = securityConfigurers().iterator();
        while (it.hasNext()) {
            it.next().configure(httpSecurity);
        }
        if (this.appProperties.getSecurityEnabled().booleanValue()) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).authenticated();
        } else {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).permitAll();
        }
        httpSecurity.headers().frameOptions().sameOrigin();
    }

    public void init(WebSecurity webSecurity) throws Exception {
        Iterator<SecurityConfigurer> it = securityConfigurers().iterator();
        while (it.hasNext()) {
            it.next().init(webSecurity);
        }
        super.init(webSecurity);
    }

    public List<SecurityConfigurer> securityConfigurers() {
        List<SecurityConfigurer> list = (List) (this.securityConfigurers != null ? this.securityConfigurers : Lists.newArrayList()).stream().sorted().collect(Collectors.toList());
        for (SecurityConfigurer securityConfigurer : list) {
            log.info("security configurer '{}', order '{}'", securityConfigurer.getClass().getName(), Integer.valueOf(securityConfigurer.getOrder()));
        }
        return list;
    }
}
