package io.xianzhi.security.resource.config;

import io.xianzhi.security.core.properties.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@EnableWebSecurity
@EnableMethodSecurity
/* loaded from: input_file:io/xianzhi/security/resource/config/OAuth2ResourceServerConfig.class */
public class OAuth2ResourceServerConfig {
    private final SecurityProperties securityProperties;
    private final OpaqueTokenIntrospector customOpaqueTokenIntrospector;
    private final AuthenticationEntryPoint authenticationEntryPoint;
    private final AccessDeniedHandler accessDeniedHandler;

    @Bean
    @Order(Integer.MIN_VALUE)
    SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        AntPathRequestMatcher[] antPathRequestMatcherArr = (AntPathRequestMatcher[]) this.securityProperties.getPermitAllList().stream().map(AntPathRequestMatcher::new).toList().toArray(new AntPathRequestMatcher[0]);
        httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(antPathRequestMatcherArr)).permitAll().anyRequest()).authenticated();
        }).oauth2ResourceServer(oAuth2ResourceServerConfigurer -> {
            oAuth2ResourceServerConfigurer.opaqueToken(opaqueTokenConfigurer -> {
                opaqueTokenConfigurer.introspector(this.customOpaqueTokenIntrospector);
            }).accessDeniedHandler(this.accessDeniedHandler).authenticationEntryPoint(this.authenticationEntryPoint).bearerTokenResolver(new DefaultBearerTokenResolver());
        }).headers(headersConfigurer -> {
            headersConfigurer.frameOptions((v0) -> {
                v0.disable();
            });
        }).csrf((v0) -> {
            v0.disable();
        });
        return (SecurityFilterChain) httpSecurity.build();
    }

    public OAuth2ResourceServerConfig(SecurityProperties securityProperties, OpaqueTokenIntrospector opaqueTokenIntrospector, AuthenticationEntryPoint authenticationEntryPoint, AccessDeniedHandler accessDeniedHandler) {
        this.securityProperties = securityProperties;
        this.customOpaqueTokenIntrospector = opaqueTokenIntrospector;
        this.authenticationEntryPoint = authenticationEntryPoint;
        this.accessDeniedHandler = accessDeniedHandler;
    }
}
