package org.springframework.cloud.dataflow.server.config.security;

import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.cloud.dataflow.server.config.security.support.OnSecurityEnabledAndOAuth2Disabled;
import org.springframework.cloud.dataflow.server.controller.UiController;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
import org.springframework.session.ExpiringSession;
import org.springframework.session.MapSessionRepository;
import org.springframework.session.SessionRepository;
import org.springframework.session.web.http.HeaderHttpSessionStrategy;
import org.springframework.session.web.http.SessionRepositoryFilter;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.accept.ContentNegotiationStrategy;

@Configuration
@Conditional({OnSecurityEnabledAndOAuth2Disabled.class})
@EnableWebSecurity
/* loaded from: input_file:BOOT-INF/lib/spring-cloud-dataflow-server-core-1.2.0.M2.jar:org/springframework/cloud/dataflow/server/config/security/BasicAuthSecurityConfiguration.class */
public class BasicAuthSecurityConfiguration extends WebSecurityConfigurerAdapter {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) BasicAuthSecurityConfiguration.class);
    public static final Pattern AUTHORIZATION_RULE = Pattern.compile("(" + StringUtils.arrayToDelimitedString(HttpMethod.values(), "|") + ")\\s+(.+)\\s+=>\\s+(.+)");

    @Autowired
    private ContentNegotiationStrategy contentNegotiationStrategy;

    @Autowired
    private SecurityProperties securityProperties;

    @Autowired
    private AuthorizationConfig authorizationConfig;

    @ConfigurationProperties(prefix = "spring.cloud.dataflow.security.authorization")
    /* loaded from: input_file:BOOT-INF/lib/spring-cloud-dataflow-server-core-1.2.0.M2.jar:org/springframework/cloud/dataflow/server/config/security/BasicAuthSecurityConfiguration$AuthorizationConfig.class */
    public static class AuthorizationConfig {
        private boolean enabled = true;
        private List<String> rules = new ArrayList();

        public List<String> getRules() {
            return this.rules;
        }

        public void setRules(List<String> list) {
            this.rules = list;
        }

        public boolean isEnabled() {
            return this.enabled;
        }

        public void setEnabled(boolean z) {
            this.enabled = z;
        }
    }

    @Bean
    public SessionRepository<ExpiringSession> sessionRepository() {
        return new MapSessionRepository();
    }

    @Bean
    public AuthorizationConfig config() {
        return new AuthorizationConfig();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        MediaTypeRequestMatcher mediaTypeRequestMatcher = new MediaTypeRequestMatcher(this.contentNegotiationStrategy, MediaType.TEXT_HTML);
        String dashboard = UiController.dashboard("/#/login");
        BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
        basicAuthenticationEntryPoint.setRealmName(this.securityProperties.getBasic().getRealm());
        basicAuthenticationEntryPoint.afterPropertiesSet();
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry permitAll = ((HttpSecurity) httpSecurity.csrf().disable()).authorizeRequests().antMatchers("/").authenticated().antMatchers(UiController.dashboard("/**"), "/authenticate", "/security/info", "/features", "/assets/**").permitAll();
        if (this.authorizationConfig.isEnabled()) {
            permitAll = configureSimpleSecurity(permitAll);
        }
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) permitAll.and().formLogin().loginPage(dashboard).loginProcessingUrl(UiController.dashboard("/login")).defaultSuccessUrl(UiController.dashboard("/")).permitAll().and()).logout().logoutUrl(UiController.dashboard("/logout")).logoutSuccessUrl(UiController.dashboard("/logout-success.html")).logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()).permitAll().and()).httpBasic().and()).exceptionHandling().defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint(dashboard), mediaTypeRequestMatcher).defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, AnyRequestMatcher.INSTANCE);
        if (this.authorizationConfig.isEnabled()) {
            permitAll.anyRequest().denyAll();
        } else {
            permitAll.anyRequest().authenticated();
        }
        SessionRepositoryFilter sessionRepositoryFilter = new SessionRepositoryFilter(sessionRepository());
        sessionRepositoryFilter.setHttpSessionStrategy(new HeaderHttpSessionStrategy());
        httpSecurity.addFilterBefore((Filter) sessionRepositoryFilter, ChannelProcessingFilter.class).csrf().disable();
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
    }

    private ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry configureSimpleSecurity(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry) {
        for (String str : this.authorizationConfig.getRules()) {
            Matcher matcher = AUTHORIZATION_RULE.matcher(str);
            Assert.isTrue(matcher.matches(), String.format("Unable to parse security rule [%s], expected format is 'HTTP_METHOD ANT_PATTERN => SECURITY_ATTRIBUTE(S)'", str));
            HttpMethod valueOf = HttpMethod.valueOf(matcher.group(1).trim());
            String trim = matcher.group(2).trim();
            String trim2 = matcher.group(3).trim();
            logger.info("Authorization '{}' | '{}' | '{}'", valueOf, trim2, trim);
            expressionInterceptUrlRegistry = expressionInterceptUrlRegistry.antMatchers(valueOf, trim).access(trim2);
        }
        return expressionInterceptUrlRegistry;
    }
}
