package io.camunda.operate.webapp.security.identity;

import io.camunda.operate.webapp.security.BaseWebConfigurer;
import io.camunda.operate.webapp.security.OperateURIs;
import io.camunda.operate.webapp.security.oauth2.IdentityOAuth2WebConfigurer;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.stereotype.Component;

@Profile({"identity-auth"})
@EnableWebSecurity
@Component("webSecurityConfig")
/* loaded from: input_file:io/camunda/operate/webapp/security/identity/IdentityWebSecurityConfig.class */
public class IdentityWebSecurityConfig extends BaseWebConfigurer {

    @Autowired
    protected IdentityOAuth2WebConfigurer oAuth2WebConfigurer;

    @Override // io.camunda.operate.webapp.security.BaseWebConfigurer
    protected void applySecurityFilterSettings(HttpSecurity httpSecurity) throws Exception {
        if (this.operateProperties.isCsrfPreventionEnabled()) {
            this.logger.info("CSRF Protection enabled");
            configureCSRF(httpSecurity);
        } else {
            httpSecurity.csrf(csrfConfigurer -> {
                csrfConfigurer.disable();
            });
        }
        httpSecurity.authorizeRequests(expressionInterceptUrlRegistry -> {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) expressionInterceptUrlRegistry.requestMatchers(OperateURIs.AUTH_WHITELIST)).permitAll().requestMatchers(new String[]{OperateURIs.API, OperateURIs.PUBLIC_API, OperateURIs.ROOT})).authenticated();
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint((httpServletRequest, httpServletResponse, authenticationException) -> {
                this.failureHandler(httpServletRequest, httpServletResponse, authenticationException);
            });
        });
    }

    @Override // io.camunda.operate.webapp.security.BaseWebConfigurer
    protected void applyOAuth2Settings(HttpSecurity httpSecurity) throws Exception {
        this.oAuth2WebConfigurer.configure(httpSecurity);
    }
}
