package net.cofcool.chaos.server.security.shiro.access;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import net.cofcool.chaos.server.common.security.authorization.UserAuthorizationService;
import net.cofcool.chaos.server.common.util.WebUtils;
import net.cofcool.chaos.server.core.config.WebApplicationContext;
import org.apache.shiro.web.filter.AccessControlFilter;

/* loaded from: input_file:net/cofcool/chaos/server/security/shiro/access/PermissionFilter.class */
public class PermissionFilter extends AccessControlFilter {
    public static final String FILTER_KEY = "check";
    private UserAuthorizationService authorizationService;

    public UserAuthorizationService getAuthorizationService() {
        return this.authorizationService;
    }

    public void setAuthorizationService(UserAuthorizationService userAuthorizationService) {
        this.authorizationService = userAuthorizationService;
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        if (getAuthorizationService().checkPermission(servletRequest, servletResponse)) {
            return true;
        }
        servletRequest.getRequestDispatcher(WebApplicationContext.getConfiguration().getAuth().getUnauthUrl()).forward(servletRequest, servletResponse);
        return false;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) {
        return false;
    }

    protected boolean preHandle(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        return super.preHandle(servletRequest, WebUtils.setupCorsHeader((HttpServletResponse) servletResponse));
    }
}
