package net.turnbig.pandora.springboot.security.rpc;

import net.turnbig.pandora.springboot.security.ShiroLikeMethodSecurityConfiguration;
import net.turnbig.pandora.springboot.security.rpc.filter.JsonPayloadAuthenticationFilter;
import net.turnbig.pandora.springboot.security.rpc.filter.TokenHeaderAuthenticationFilter;
import net.turnbig.pandora.springboot.security.rpc.handler.RpcAccessDeniedHandler;
import net.turnbig.pandora.springboot.security.rpc.handler.RpcLogoutHandler;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;

@EnableConfigurationProperties({SpringSecurityRpcProperties.class})
@Import({ShiroLikeMethodSecurityConfiguration.class})
/* loaded from: input_file:net/turnbig/pandora/springboot/security/rpc/SpringSecurityRpcConfiguration.class */
public class SpringSecurityRpcConfiguration extends WebSecurityConfigurerAdapter {
    private final SpringSecurityRpcProperties properties;
    private final UserDetailsService userDetailsService;
    private final StringRedisTemplate stringRedisTemplate;

    public SpringSecurityRpcConfiguration(SpringSecurityRpcProperties springSecurityRpcProperties, UserDetailsService userDetailsService, StringRedisTemplate stringRedisTemplate) {
        this.properties = springSecurityRpcProperties;
        this.userDetailsService = userDetailsService;
        this.stringRedisTemplate = stringRedisTemplate;
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeRequests(expressionInterceptUrlRegistry -> {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) expressionInterceptUrlRegistry.antMatchers(HttpMethod.OPTIONS)).permitAll().antMatchers(this.properties.getAnonUrls())).permitAll().antMatchers(new String[]{this.properties.getLoginUrl()})).permitAll().antMatchers(new String[]{this.properties.getLogoutUrl()})).permitAll().anyRequest()).authenticated();
        }).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        if (this.properties.isDisableCsrf()) {
            httpSecurity.csrf().disable();
        }
        configureRpcAuthentication(httpSecurity);
    }

    private void configureRpcAuthentication(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.apply(new RpcLoginConfigurer(RpcSecurityConstants.PATH_USERNAME, RpcSecurityConstants.PATH_PASSWORD, this.properties.getLoginUrl(), this.stringRedisTemplate));
        httpSecurity.addFilterBefore(new TokenHeaderAuthenticationFilter(this.stringRedisTemplate, this.userDetailsService), JsonPayloadAuthenticationFilter.class);
        RpcAccessDeniedHandler rpcAccessDeniedHandler = new RpcAccessDeniedHandler();
        httpSecurity.exceptionHandling().authenticationEntryPoint(rpcAccessDeniedHandler).accessDeniedHandler(rpcAccessDeniedHandler);
        RpcLogoutHandler rpcLogoutHandler = new RpcLogoutHandler(this.stringRedisTemplate);
        httpSecurity.logout().logoutUrl(this.properties.getLogoutUrl()).addLogoutHandler(rpcLogoutHandler).logoutSuccessHandler(rpcLogoutHandler);
    }

    @Bean(name = {"org.springframework.security.authenticationManager"})
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}
