package com.giffing.wicket.spring.boot.starter.configuration.extensions.external.spring.security;

import java.util.Iterator;
import org.apache.wicket.authroles.authentication.AuthenticatedWebSession;
import org.apache.wicket.authroles.authorization.strategies.role.Roles;
import org.apache.wicket.injection.Injector;
import org.apache.wicket.request.Request;
import org.apache.wicket.spring.injection.annot.SpringBean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:BOOT-INF/lib/wicket-spring-boot-starter-1.0.9.jar:com/giffing/wicket/spring/boot/starter/configuration/extensions/external/spring/security/SecureWebSession.class */
public class SecureWebSession extends AuthenticatedWebSession {
    private static final long serialVersionUID = 1;
    private static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";

    @SpringBean(name = "authenticationManager")
    private AuthenticationManager authenticationManager;

    public SecureWebSession(Request request) {
        super(request);
        Injector.get().inject(this);
    }

    @Override // org.apache.wicket.authroles.authentication.AuthenticatedWebSession
    public boolean authenticate(String str, String str2) {
        try {
            Authentication authenticate = this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(str, str2));
            if (!authenticate.isAuthenticated()) {
                return false;
            }
            SecurityContextHolder.getContext().setAuthentication(authenticate);
            setAttribute(SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
            return true;
        } catch (AuthenticationException e) {
            return false;
        }
    }

    @Override // org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession
    public Roles getRoles() {
        Roles roles = new Roles();
        if (isSignedIn()) {
            Iterator it = SecurityContextHolder.getContext().getAuthentication().getAuthorities().iterator();
            while (it.hasNext()) {
                roles.add(((GrantedAuthority) it.next()).getAuthority());
            }
        }
        return roles;
    }
}
