package net.savantly.sprout.starter;

import java.io.IOException;
import java.util.LinkedHashMap;
import javax.servlet.Filter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.RegexRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:net/savantly/sprout/starter/SproutWebSecurityConfiguration.class */
public class SproutWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
    UserDetailsService userDetailsService;
    Filter ssoFilter;
    Filter oauth2ClientContextFilter;
    PasswordEncoder passwordEncoder;

    public SproutWebSecurityConfiguration(UserDetailsService userDetailsService, Filter filter, Filter filter2, PasswordEncoder passwordEncoder) {
        this.userDetailsService = userDetailsService;
        this.ssoFilter = filter;
        this.oauth2ClientContextFilter = filter2;
        this.passwordEncoder = passwordEncoder;
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers(new String[]{"/", "/*.js", "/js/**", "/*.html", "**/*.html", "/css/**", "/img/**", "favicon.ico*", "**/favicon.ico*"});
        webSecurity.debug(true);
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.headers().frameOptions().disable().and().authorizeRequests().antMatchers(new String[]{"/", "/index", "/rest/**", "/api/**", "/admin", "/admin/**"})).permitAll().anyRequest()).authenticated().and().formLogin().permitAll().loginProcessingUrl("/login").successHandler(successHandler()).and().logout().logoutSuccessHandler(logoutSuccessHandler()).permitAll().and().csrf().disable().httpBasic().and().exceptionHandling().accessDeniedPage("/errors/403").authenticationEntryPoint(new DelegatingAuthenticationEntryPoint(entryPoints())).and().addFilterBefore(this.oauth2ClientContextFilter, BasicAuthenticationFilter.class).addFilterBefore(this.ssoFilter, BasicAuthenticationFilter.class);
    }

    private LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints() {
        LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> linkedHashMap = new LinkedHashMap<>(2);
        linkedHashMap.put(restMatcher(), auth403());
        return linkedHashMap;
    }

    private AuthenticationEntryPoint auth403() {
        return new Http403ForbiddenEntryPoint();
    }

    private RequestMatcher restMatcher() {
        return new RegexRequestMatcher("/rest/*", (String) null);
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(this.userDetailsService).passwordEncoder(this.passwordEncoder).and().eraseCredentials(true);
    }

    LogoutSuccessHandler logoutSuccessHandler() {
        return new LogoutSuccessHandler() { // from class: net.savantly.sprout.starter.SproutWebSecurityConfiguration.1
            public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
                httpServletResponse.setStatus(200);
            }
        };
    }

    AuthenticationSuccessHandler successHandler() {
        return new SimpleUrlAuthenticationSuccessHandler("/rest/users/token");
    }
}
