package org.apache.shiro.grails.annotations;

import java.lang.annotation.Annotation;
import java.util.Arrays;
import java.util.LinkedHashSet;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.authz.aop.AuthorizingAnnotationHandler;

/* loaded from: input_file:WEB-INF/classes/org/apache/shiro/grails/annotations/LegacyRoleAnnotationHandler.class */
public class LegacyRoleAnnotationHandler extends AuthorizingAnnotationHandler {
    public LegacyRoleAnnotationHandler() {
        super(RoleRequired.class);
    }

    @Override // org.apache.shiro.authz.aop.AuthorizingAnnotationHandler
    public void assertAuthorized(Annotation annotation) throws AuthorizationException {
        if (annotation instanceof RoleRequired) {
            String value = ((RoleRequired) annotation).value();
            String[] split = value.split(",");
            if (split.length == 1) {
                if (!getSubject().hasRole(split[0])) {
                    throw new UnauthorizedException("Calling Subject does not have required role [" + value + "].  MethodInvocation denied.");
                }
            } else {
                if (!getSubject().hasAllRoles(new LinkedHashSet(Arrays.asList(split)))) {
                    throw new UnauthorizedException("Calling Subject does not have required roles [" + value + "].  MethodInvocation denied.");
                }
            }
        }
    }
}
