package org.springframework.security.config.annotation.method.configuration;

import java.util.ArrayList;
import java.util.List;
import org.aopalliance.intercept.MethodInterceptor;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.SmartInitializingSingleton;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.AdviceMode;
import org.springframework.context.annotation.AdviceModeImportSelector;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportAware;
import org.springframework.core.annotation.AnnotationAttributes;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.core.type.AnnotationMetadata;
import org.springframework.integration.config.xml.IntegrationNamespaceUtils;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource;
import org.springframework.security.access.annotation.Jsr250Voter;
import org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory;
import org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice;
import org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.access.intercept.AfterInvocationManager;
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
import org.springframework.security.access.intercept.RunAsManager;
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
import org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor;
import org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource;
import org.springframework.security.access.method.MethodSecurityMetadataSource;
import org.springframework.security.access.prepost.PostInvocationAdviceProvider;
import org.springframework.security.access.prepost.PreInvocationAuthorizationAdvice;
import org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter;
import org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.AuthenticatedVoter;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.util.Assert;

@Configuration
/* loaded from: input_file:BOOT-INF/lib/spring-security-config-4.1.3.RELEASE.jar:org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.class */
public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInitializingSingleton {
    private static final Log logger = LogFactory.getLog(GlobalMethodSecurityConfiguration.class);
    private ObjectPostProcessor<Object> objectPostProcessor = new ObjectPostProcessor<Object>() { // from class: org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration.1
        @Override // org.springframework.security.config.annotation.ObjectPostProcessor
        public <T> T postProcess(T t) {
            throw new IllegalStateException(ObjectPostProcessor.class.getName() + " is a required bean. Ensure you have used @" + EnableGlobalMethodSecurity.class.getName());
        }
    };
    private DefaultMethodSecurityExpressionHandler defaultMethodExpressionHandler = new DefaultMethodSecurityExpressionHandler();
    private AuthenticationManager authenticationManager;
    private AuthenticationManagerBuilder auth;
    private boolean disableAuthenticationRegistry;
    private AnnotationAttributes enableMethodSecurity;
    private ApplicationContext context;
    private MethodSecurityExpressionHandler expressionHandler;
    private Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource;
    private MethodSecurityInterceptor methodSecurityInterceptor;

    @Bean
    public MethodInterceptor methodSecurityInterceptor() throws Exception {
        this.methodSecurityInterceptor = isAspectJ() ? new AspectJMethodSecurityInterceptor() : new MethodSecurityInterceptor();
        this.methodSecurityInterceptor.setAccessDecisionManager(accessDecisionManager());
        this.methodSecurityInterceptor.setAfterInvocationManager(afterInvocationManager());
        this.methodSecurityInterceptor.setSecurityMetadataSource(methodSecurityMetadataSource());
        RunAsManager runAsManager = runAsManager();
        if (runAsManager != null) {
            this.methodSecurityInterceptor.setRunAsManager(runAsManager);
        }
        return this.methodSecurityInterceptor;
    }

    @Override // org.springframework.beans.factory.SmartInitializingSingleton
    public void afterSingletonsInstantiated() {
        try {
            initializeMethodSecurityInterceptor();
            PermissionEvaluator permissionEvaluator = (PermissionEvaluator) getSingleBeanOrNull(PermissionEvaluator.class);
            if (permissionEvaluator != null) {
                this.defaultMethodExpressionHandler.setPermissionEvaluator(permissionEvaluator);
            }
            RoleHierarchy roleHierarchy = (RoleHierarchy) getSingleBeanOrNull(RoleHierarchy.class);
            if (roleHierarchy != null) {
                this.defaultMethodExpressionHandler.setRoleHierarchy(roleHierarchy);
            }
            AuthenticationTrustResolver authenticationTrustResolver = (AuthenticationTrustResolver) getSingleBeanOrNull(AuthenticationTrustResolver.class);
            if (authenticationTrustResolver != null) {
                this.defaultMethodExpressionHandler.setTrustResolver(authenticationTrustResolver);
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private <T> T getSingleBeanOrNull(Class<T> cls) {
        String[] beanNamesForType = this.context.getBeanNamesForType((Class<?>) cls);
        if (beanNamesForType == null || beanNamesForType.length != 1) {
            return null;
        }
        return (T) this.context.getBean(beanNamesForType[0], cls);
    }

    private void initializeMethodSecurityInterceptor() throws Exception {
        if (this.methodSecurityInterceptor == null) {
            return;
        }
        this.methodSecurityInterceptor.setAuthenticationManager(authenticationManager());
    }

    protected AfterInvocationManager afterInvocationManager() {
        if (!prePostEnabled()) {
            return null;
        }
        AfterInvocationProviderManager afterInvocationProviderManager = new AfterInvocationProviderManager();
        PostInvocationAdviceProvider postInvocationAdviceProvider = new PostInvocationAdviceProvider(new ExpressionBasedPostInvocationAdvice(getExpressionHandler()));
        ArrayList arrayList = new ArrayList();
        arrayList.add(postInvocationAdviceProvider);
        afterInvocationProviderManager.setProviders(arrayList);
        return afterInvocationProviderManager;
    }

    protected RunAsManager runAsManager() {
        return null;
    }

    protected AccessDecisionManager accessDecisionManager() {
        ArrayList arrayList = new ArrayList();
        ExpressionBasedPreInvocationAdvice expressionBasedPreInvocationAdvice = new ExpressionBasedPreInvocationAdvice();
        expressionBasedPreInvocationAdvice.setExpressionHandler(getExpressionHandler());
        if (prePostEnabled()) {
            arrayList.add(new PreInvocationAuthorizationAdviceVoter(expressionBasedPreInvocationAdvice));
        }
        if (jsr250Enabled()) {
            arrayList.add(new Jsr250Voter());
        }
        arrayList.add(new RoleVoter());
        arrayList.add(new AuthenticatedVoter());
        return new AffirmativeBased(arrayList);
    }

    protected MethodSecurityExpressionHandler createExpressionHandler() {
        return this.defaultMethodExpressionHandler;
    }

    protected final MethodSecurityExpressionHandler getExpressionHandler() {
        if (this.expressionHandler == null) {
            this.expressionHandler = createExpressionHandler();
        }
        return this.expressionHandler;
    }

    protected MethodSecurityMetadataSource customMethodSecurityMetadataSource() {
        return null;
    }

    protected AuthenticationManager authenticationManager() throws Exception {
        if (this.authenticationManager == null) {
            DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher = (DefaultAuthenticationEventPublisher) this.objectPostProcessor.postProcess(new DefaultAuthenticationEventPublisher());
            this.auth = new AuthenticationManagerBuilder(this.objectPostProcessor);
            this.auth.authenticationEventPublisher(defaultAuthenticationEventPublisher);
            configure(this.auth);
            if (this.disableAuthenticationRegistry) {
                this.authenticationManager = getAuthenticationConfiguration().getAuthenticationManager();
            } else {
                this.authenticationManager = this.auth.build();
            }
        }
        return this.authenticationManager;
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        this.disableAuthenticationRegistry = true;
    }

    @Bean
    public MethodSecurityMetadataSource methodSecurityMetadataSource() {
        ArrayList arrayList = new ArrayList();
        ExpressionBasedAnnotationAttributeFactory expressionBasedAnnotationAttributeFactory = new ExpressionBasedAnnotationAttributeFactory(getExpressionHandler());
        MethodSecurityMetadataSource customMethodSecurityMetadataSource = customMethodSecurityMetadataSource();
        if (customMethodSecurityMetadataSource != null) {
            arrayList.add(customMethodSecurityMetadataSource);
        }
        if (prePostEnabled()) {
            arrayList.add(new PrePostAnnotationSecurityMetadataSource(expressionBasedAnnotationAttributeFactory));
        }
        if (securedEnabled()) {
            arrayList.add(new SecuredAnnotationSecurityMetadataSource());
        }
        if (jsr250Enabled()) {
            arrayList.add(this.jsr250MethodSecurityMetadataSource);
        }
        return new DelegatingMethodSecurityMetadataSource(arrayList);
    }

    @Bean
    public PreInvocationAuthorizationAdvice preInvocationAuthorizationAdvice() {
        ExpressionBasedPreInvocationAdvice expressionBasedPreInvocationAdvice = new ExpressionBasedPreInvocationAdvice();
        expressionBasedPreInvocationAdvice.setExpressionHandler(getExpressionHandler());
        return expressionBasedPreInvocationAdvice;
    }

    @Override // org.springframework.context.annotation.ImportAware
    public final void setImportMetadata(AnnotationMetadata annotationMetadata) {
        this.enableMethodSecurity = AnnotationAttributes.fromMap(annotationMetadata.getAnnotationAttributes(EnableGlobalMethodSecurity.class.getName()));
    }

    @Autowired(required = false)
    public void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor) {
        this.objectPostProcessor = objectPostProcessor;
        this.defaultMethodExpressionHandler = (DefaultMethodSecurityExpressionHandler) objectPostProcessor.postProcess(this.defaultMethodExpressionHandler);
    }

    @Autowired(required = false)
    public void setJsr250MethodSecurityMetadataSource(Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource) {
        this.jsr250MethodSecurityMetadataSource = jsr250MethodSecurityMetadataSource;
    }

    @Autowired(required = false)
    public void setMethodSecurityExpressionHandler(List<MethodSecurityExpressionHandler> list) {
        if (list.size() != 1) {
            logger.debug("Not autwiring PermissionEvaluator since size != 1. Got " + list);
        } else {
            this.expressionHandler = list.get(0);
        }
    }

    @Autowired
    public void setApplicationContext(ApplicationContext applicationContext) {
        this.context = applicationContext;
    }

    private AuthenticationConfiguration getAuthenticationConfiguration() {
        return (AuthenticationConfiguration) this.context.getBean(AuthenticationConfiguration.class);
    }

    private boolean prePostEnabled() {
        return enableMethodSecurity().getBoolean("prePostEnabled");
    }

    private boolean securedEnabled() {
        return enableMethodSecurity().getBoolean("securedEnabled");
    }

    private boolean jsr250Enabled() {
        return enableMethodSecurity().getBoolean("jsr250Enabled");
    }

    private int order() {
        return ((Integer) enableMethodSecurity().get(IntegrationNamespaceUtils.ORDER)).intValue();
    }

    private boolean isAspectJ() {
        return enableMethodSecurity().getEnum(AdviceModeImportSelector.DEFAULT_ADVICE_MODE_ATTRIBUTE_NAME) == AdviceMode.ASPECTJ;
    }

    private AnnotationAttributes enableMethodSecurity() {
        if (this.enableMethodSecurity == null) {
            EnableGlobalMethodSecurity enableGlobalMethodSecurity = (EnableGlobalMethodSecurity) AnnotationUtils.findAnnotation(getClass(), EnableGlobalMethodSecurity.class);
            Assert.notNull(enableGlobalMethodSecurity, EnableGlobalMethodSecurity.class.getName() + " is required");
            this.enableMethodSecurity = AnnotationAttributes.fromMap(AnnotationUtils.getAnnotationAttributes(enableGlobalMethodSecurity));
        }
        return this.enableMethodSecurity;
    }
}
