package io.lsn.spring.auth.configuration;

import io.lsn.spring.auth.configuration.properties.SecurityProperties;
import io.lsn.spring.auth.middleware.HttpStatusEntryPoint;
import io.lsn.spring.auth.provider.AuthenticationProvider;
import io.lsn.spring.auth.transport.cookie.InAuthCookieFilter;
import io.lsn.spring.auth.transport.header.InAuthHeaderFilter;
import java.util.Arrays;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.firewall.DefaultHttpFirewall;
import org.springframework.security.web.firewall.HttpFirewall;

@EnableConfigurationProperties({SecurityProperties.class})
@Configuration
/* loaded from: input_file:io/lsn/spring/auth/configuration/LsnSecurityConfiguration.class */
public class LsnSecurityConfiguration extends WebSecurityConfigurerAdapter {
    public static List<String> DISABLED_TOKEN_VERIFICATION_PATHS = Arrays.asList("/api/user/init", "/api/user/login", "/api/public/");

    @Autowired
    private AuthenticationProvider provider;

    @Autowired
    private SecurityProperties properties;

    @Bean
    public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
        DefaultHttpFirewall defaultHttpFirewall = new DefaultHttpFirewall();
        defaultHttpFirewall.setAllowUrlEncodedSlash(true);
        return defaultHttpFirewall;
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.httpFirewall(allowUrlEncodedSlashHttpFirewall());
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().addFilterBefore(this.properties.getTransportMethod().equals(SecurityProperties.TransportMethod.COOKIE) ? new InAuthCookieFilter() : new InAuthHeaderFilter(), BasicAuthenticationFilter.class).authenticationProvider(this.provider).exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(this.properties.getTransportMethod())).and().authorizeRequests().antMatchers(new String[]{"/"})).permitAll().antMatchers(new String[]{"/api/user/init"})).permitAll().antMatchers(new String[]{"/api/user/login"})).permitAll().antMatchers(new String[]{"/api/user/logout"})).permitAll().antMatchers(new String[]{"/api/user/password/reset"})).permitAll().antMatchers(new String[]{"/api/user/password/change"})).permitAll().antMatchers(new String[]{"/api/public/**"})).permitAll().antMatchers(new String[]{"/api/**"})).fullyAuthenticated();
    }
}
