package com.infusers.core.security.common;

import com.infusers.core.user.util.UserUtility;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/* loaded from: input_file:com/infusers/core/security/common/WebSecurityConfiguration.class */
public abstract class WebSecurityConfiguration {
    protected final ApplicationContext applicationContext;

    @Autowired
    protected UserUtility userUtility;

    @Autowired
    protected ApplicationEventPublisher eventPublisher;

    @Autowired
    protected SecurityProperties securityProperties;

    public WebSecurityConfiguration(ApplicationContext applicationContext, UserUtility userUtility, ApplicationEventPublisher applicationEventPublisher) {
        this.applicationContext = applicationContext;
        this.userUtility = userUtility;
        this.eventPublisher = applicationEventPublisher;
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity, AuthenticationManager authenticationManager) throws Exception {
        httpSecurity.cors(Customizer.withDefaults()).csrf(csrfConfigurer -> {
            csrfConfigurer.disable();
        }).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers((String[]) this.securityProperties.getAuthWhitelist().toArray(new String[0]))).permitAll().anyRequest()).authenticated();
        }).addFilterAfter(new AuthorizationFilter(authenticationManager(httpSecurity), this.userUtility), UsernamePasswordAuthenticationFilter.class).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(new InfusersAuthenticationEntryPoint());
        });
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    public AuthenticationManager authenticationManager(HttpSecurity httpSecurity) throws Exception {
        return (AuthenticationManager) ((AuthenticationManagerBuilder) httpSecurity.getSharedObject(AuthenticationManagerBuilder.class)).build();
    }
}
