package de.codecentric.boot.admin;

import de.codecentric.boot.admin.server.config.AdminServerProperties;
import java.util.UUID;
import org.apache.http.cookie.ClientCookie;
import org.hsqldb.Tokens;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Profile({ClientCookie.SECURE_ATTR})
@Configuration(proxyBeanMethods = false)
/* loaded from: input_file:BOOT-INF/classes/de/codecentric/boot/admin/SecuritySecureConfig.class */
public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
    private final AdminServerProperties adminServer;
    private final SecurityProperties security;

    public SecuritySecureConfig(AdminServerProperties adminServerProperties, SecurityProperties securityProperties) {
        this.adminServer = adminServerProperties;
        this.security = securityProperties;
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        SavedRequestAwareAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        savedRequestAwareAuthenticationSuccessHandler.setTargetUrlParameter("redirectTo");
        savedRequestAwareAuthenticationSuccessHandler.setDefaultTargetUrl(this.adminServer.path("/"));
        httpSecurity.authorizeRequests(expressionInterceptUrlRegistry -> {
            expressionInterceptUrlRegistry.antMatchers(this.adminServer.path("/assets/**")).permitAll().antMatchers(this.adminServer.path("/variables.css")).permitAll().antMatchers(this.adminServer.path("/actuator/info")).permitAll().antMatchers(this.adminServer.path("/actuator/health")).permitAll().antMatchers(this.adminServer.path(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL)).permitAll().anyRequest().authenticated();
        }).formLogin(formLoginConfigurer -> {
            formLoginConfigurer.loginPage(this.adminServer.path(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL)).successHandler(savedRequestAwareAuthenticationSuccessHandler).and();
        }).logout(logoutConfigurer -> {
            logoutConfigurer.logoutUrl(this.adminServer.path("/logout"));
        }).httpBasic(Customizer.withDefaults()).csrf(csrfConfigurer -> {
            csrfConfigurer.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).ignoringRequestMatchers(new AntPathRequestMatcher(this.adminServer.path("/instances"), HttpMethod.POST.toString()), new AntPathRequestMatcher(this.adminServer.path("/instances/*"), HttpMethod.DELETE.toString()), new AntPathRequestMatcher(this.adminServer.path("/actuator/**")));
        }).rememberMe(rememberMeConfigurer -> {
            rememberMeConfigurer.key(UUID.randomUUID().toString()).tokenValiditySeconds(AbstractRememberMeServices.TWO_WEEKS_S);
        });
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.inMemoryAuthentication().withUser(this.security.getUser().getName()).password("{noop}" + this.security.getUser().getPassword()).roles(Tokens.T_USER);
    }
}
