package org.apache.shiro.spring.boot.kisso.authz;

import com.baomidou.kisso.SSOAuthorization;
import com.baomidou.kisso.SSOConfig;
import com.baomidou.kisso.SSOHelper;
import com.baomidou.kisso.common.auth.AuthDefaultImpl;
import com.baomidou.kisso.security.token.SSOToken;
import java.io.IOException;
import java.util.HashMap;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.biz.utils.StringUtils;
import org.apache.shiro.biz.utils.WebUtils;
import org.apache.shiro.biz.web.filter.authz.AbstracAuthorizationFilter;
import org.apache.shiro.spring.boot.kisso.exception.URIUnpermittedException;
import org.apache.shiro.spring.boot.kisso.token.KissoAccessToken;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/shiro/spring/boot/kisso/authz/KissoAuthorizationFilter.class */
public class KissoAuthorizationFilter extends AbstracAuthorizationFilter {
    private static final Logger LOG = LoggerFactory.getLogger(KissoAuthorizationFilter.class);
    private SSOAuthorization authorization = new AuthDefaultImpl();

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        String requestURI;
        try {
            SSOToken sSOToken = SSOHelper.getSSOToken(WebUtils.toHttp(servletRequest));
            if (sSOToken == null) {
                return false;
            }
            if (SSOConfig.getInstance().isPermissionUri() && (requestURI = WebUtils.toHttp(servletRequest).getRequestURI()) != null && !getAuthorization().isPermitted(sSOToken, requestURI)) {
                throw new URIUnpermittedException("URI Unpermitted Access.");
            }
            KissoAccessToken kissoAccessToken = new KissoAccessToken(getHost(servletRequest), sSOToken);
            Subject subject = getSubject(servletRequest, servletResponse);
            subject.login(kissoAccessToken);
            return onAccessSuccess(obj, subject, servletRequest, servletResponse);
        } catch (AuthenticationException e) {
            return onAccessFailure(obj, e, servletRequest, servletResponse);
        }
    }

    protected boolean onAccessFailure(Object obj, Exception exc, ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        LOG.error("Host {} Kisso Authentication Failure : {}", getHost(servletRequest), exc.getMessage());
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        if (LOG.isTraceEnabled()) {
            LOG.trace("Attempting to access a path which requires authentication. ");
        }
        HashMap hashMap = new HashMap();
        hashMap.put("status", "fail");
        if (exc instanceof URIUnpermittedException) {
            hashMap.put("message", "URI Unpermitted Access.");
        } else {
            hashMap.put("message", "Attempting to access a path which requires authentication. ");
        }
        if (WebUtils.isAjaxRequest(http)) {
            http2.setStatus(403);
            WebUtils.writeJSONString(http2, hashMap);
            return false;
        }
        String unauthorizedUrl = getUnauthorizedUrl();
        if (StringUtils.hasText(unauthorizedUrl)) {
            WebUtils.issueRedirect(servletRequest, servletResponse, unauthorizedUrl);
            return false;
        }
        WebUtils.toHttp(servletResponse).sendError(401, "Forbidden");
        return false;
    }

    public SSOAuthorization getAuthorization() {
        return this.authorization;
    }

    public void setAuthorization(SSOAuthorization sSOAuthorization) {
        this.authorization = sSOAuthorization;
    }
}
