package cn.home1.oss.lib.security.starter;

import cn.home1.oss.boot.autoconfigure.AppProperties;
import cn.home1.oss.boot.autoconfigure.AppSecurity;
import cn.home1.oss.boot.autoconfigure.ConditionalOnAppSecurity;
import cn.home1.oss.lib.security.MethodSecurityPermissionEvaluator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.expression.DenyAllPermissionEvaluator;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;

@ConditionalOnBean({PermissionEvaluator.class})
@EnableGlobalMethodSecurity(jsr250Enabled = true, securedEnabled = true, prePostEnabled = true)
@ConditionalOnAppSecurity(AppSecurity.ENABLED)
/* loaded from: input_file:cn/home1/oss/lib/security/starter/MethodSecurityConfiguration.class */
public class MethodSecurityConfiguration extends GlobalMethodSecurityConfiguration {

    @Autowired
    private AppProperties appProperties;

    @Autowired(required = false)
    private PermissionEvaluator projectPermissionEvaluator;

    protected MethodSecurityExpressionHandler createExpressionHandler() {
        MethodSecurityPermissionEvaluator denyAllPermissionEvaluator;
        if (this.projectPermissionEvaluator != null) {
            MethodSecurityPermissionEvaluator methodSecurityPermissionEvaluator = new MethodSecurityPermissionEvaluator();
            methodSecurityPermissionEvaluator.setSecurityEnabled(this.appProperties.getSecurityEnabled());
            methodSecurityPermissionEvaluator.setProjectPermissionEvaluator(this.projectPermissionEvaluator);
            denyAllPermissionEvaluator = methodSecurityPermissionEvaluator;
        } else {
            denyAllPermissionEvaluator = new DenyAllPermissionEvaluator();
        }
        DefaultMethodSecurityExpressionHandler defaultMethodSecurityExpressionHandler = new DefaultMethodSecurityExpressionHandler();
        defaultMethodSecurityExpressionHandler.setPermissionEvaluator(denyAllPermissionEvaluator);
        return defaultMethodSecurityExpressionHandler;
    }
}
