package org.lightadmin.core.config.context;

import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.LinkedHashMap;
import javax.servlet.Filter;
import org.lightadmin.core.config.LightAdminConfiguration;
import org.lightadmin.core.util.LightAdminConfigurationUtils;
import org.lightadmin.core.web.security.LightAdminRequestCache;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.core.io.Resource;
import org.springframework.core.io.support.PropertiesLoaderUtils;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.RememberMeAuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;

@Configuration
/* loaded from: input_file:org/lightadmin/core/config/context/LightAdminSecurityConfiguration.class */
public class LightAdminSecurityConfiguration {
    private static final String REMEMBER_ME_DIGEST_KEY = "LightAdmin";
    private static final String ROLE_ADMIN = "ROLE_ADMIN";
    private static final String[] PUBLIC_RESOURCES = {"/images/**", "/scripts/**", "/styles/**", "/rest/**/file", "/login", "/page-not-found", "/access-denied", LightAdminConfigurationUtils.LIGHT_ADMIN_LOGO_SERVLET_URL};

    @Value("classpath:users.properties")
    private Resource usersResource;

    @Autowired
    private LightAdminConfiguration lightAdminConfiguration;

    @Autowired
    @Bean
    public FilterChainProxy springSecurityFilterChain(Filter filter, Filter filter2, Filter filter3, Filter filter4, Filter filter5, Filter filter6) {
        ArrayList newArrayList = Lists.newArrayList();
        for (String str : PUBLIC_RESOURCES) {
            newArrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher(applicationUrl(str)), new Filter[0]));
        }
        newArrayList.add(new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, new Filter[]{filter6, filter5, filter4, filter2, filter3, filter}));
        return new FilterChainProxy(newArrayList);
    }

    @Autowired
    @Bean
    public Filter filterSecurityInterceptor(AuthenticationManager authenticationManager) throws Exception {
        FilterSecurityInterceptor filterSecurityInterceptor = new FilterSecurityInterceptor();
        filterSecurityInterceptor.setAuthenticationManager(authenticationManager);
        filterSecurityInterceptor.setAccessDecisionManager(new AffirmativeBased(Arrays.asList(new RoleVoter())));
        filterSecurityInterceptor.setSecurityMetadataSource(securityMetadataSource());
        filterSecurityInterceptor.afterPropertiesSet();
        return filterSecurityInterceptor;
    }

    private FilterInvocationSecurityMetadataSource securityMetadataSource() {
        LinkedHashMap newLinkedHashMap = Maps.newLinkedHashMap();
        newLinkedHashMap.put(AnyRequestMatcher.INSTANCE, Arrays.asList(new SecurityConfig(ROLE_ADMIN)));
        return new DefaultFilterInvocationSecurityMetadataSource(newLinkedHashMap);
    }

    @Autowired
    @Bean
    public Filter authenticationFilter(AuthenticationManager authenticationManager, RequestCache requestCache) {
        UsernamePasswordAuthenticationFilter usernamePasswordAuthenticationFilter = new UsernamePasswordAuthenticationFilter();
        usernamePasswordAuthenticationFilter.setFilterProcessesUrl(applicationUrl("/j_spring_security_check"));
        usernamePasswordAuthenticationFilter.setAuthenticationManager(authenticationManager);
        SavedRequestAwareAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        savedRequestAwareAuthenticationSuccessHandler.setRequestCache(requestCache);
        usernamePasswordAuthenticationFilter.setAuthenticationSuccessHandler(savedRequestAwareAuthenticationSuccessHandler);
        usernamePasswordAuthenticationFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler(applicationUrl("/login?login_error=1")));
        return usernamePasswordAuthenticationFilter;
    }

    @Bean
    public Filter exceptionTranslationFilter(RequestCache requestCache) {
        AccessDeniedHandlerImpl accessDeniedHandlerImpl = new AccessDeniedHandlerImpl();
        accessDeniedHandlerImpl.setErrorPage(applicationUrl("/access-denied"));
        ExceptionTranslationFilter exceptionTranslationFilter = new ExceptionTranslationFilter(new LoginUrlAuthenticationEntryPoint(applicationUrl("/login")), requestCache);
        exceptionTranslationFilter.setAccessDeniedHandler(accessDeniedHandlerImpl);
        return exceptionTranslationFilter;
    }

    @Bean
    public Filter logoutFilter() {
        LogoutHandler securityContextLogoutHandler = new SecurityContextLogoutHandler();
        securityContextLogoutHandler.setInvalidateHttpSession(false);
        LogoutFilter logoutFilter = new LogoutFilter(applicationUrl("/"), new LogoutHandler[]{securityContextLogoutHandler});
        logoutFilter.setFilterProcessesUrl(applicationUrl(LightAdminConfigurationUtils.LIGHT_ADMIN_SECURITY_LOGOUT_URL_DEFAULT));
        return logoutFilter;
    }

    @Bean
    public Filter securityContextPersistenceFilter() {
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
        httpSessionSecurityContextRepository.setSpringSecurityContextKey(keyWithNamespace("SPRING_SECURITY_CONTEXT"));
        return new SecurityContextPersistenceFilter(httpSessionSecurityContextRepository);
    }

    @Bean
    public Filter rememberMeAuthenticationFilter(AuthenticationManager authenticationManager, UserDetailsService userDetailsService) {
        TokenBasedRememberMeServices tokenBasedRememberMeServices = new TokenBasedRememberMeServices(REMEMBER_ME_DIGEST_KEY, userDetailsService);
        tokenBasedRememberMeServices.setCookieName(keyWithNamespace("SPRING_SECURITY_REMEMBER_ME_COOKIE"));
        return new RememberMeAuthenticationFilter(authenticationManager, tokenBasedRememberMeServices);
    }

    @Bean
    public RequestCache requestCache() {
        return new LightAdminRequestCache();
    }

    @Autowired
    @Bean
    public AuthenticationManager authenticationManager(AuthenticationProvider authenticationProvider, AuthenticationProvider authenticationProvider2) {
        return new ProviderManager(Arrays.asList(authenticationProvider, authenticationProvider2));
    }

    @Autowired
    @Bean
    public AuthenticationProvider authenticationProvider(UserDetailsService userDetailsService) throws Exception {
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setPasswordEncoder(new ShaPasswordEncoder());
        daoAuthenticationProvider.setUserDetailsService(userDetailsService);
        daoAuthenticationProvider.afterPropertiesSet();
        return daoAuthenticationProvider;
    }

    @Bean
    @Primary
    public UserDetailsService userDetailsService() throws IOException {
        return new InMemoryUserDetailsManager(PropertiesLoaderUtils.loadProperties(this.usersResource));
    }

    @Bean
    public AuthenticationProvider rememberMeAuthenticationProvider() {
        return new RememberMeAuthenticationProvider(REMEMBER_ME_DIGEST_KEY);
    }

    private String applicationUrl(String str) {
        return this.lightAdminConfiguration.getApplicationUrl(str);
    }

    private String keyWithNamespace(String str) {
        return "lightadmin:" + str;
    }
}
