package org.springframework.webflow.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import org.springframework.beans.DirectFieldAccessor;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.vote.AbstractAccessDecisionManager;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.access.vote.UnanimousBased;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.ClassUtils;
import org.springframework.webflow.definition.FlowDefinition;
import org.springframework.webflow.definition.StateDefinition;
import org.springframework.webflow.definition.TransitionDefinition;
import org.springframework.webflow.execution.EnterStateVetoException;
import org.springframework.webflow.execution.FlowExecutionListenerAdapter;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:spring-webflow-2.4.8.RELEASE.jar:org/springframework/webflow/security/SecurityFlowExecutionListener.class */
public class SecurityFlowExecutionListener extends FlowExecutionListenerAdapter {
    private static final boolean SPRING_SECURITY_3_PRESENT = ClassUtils.hasConstructor(AffirmativeBased.class, new Class[0]);
    private AccessDecisionManager accessDecisionManager;

    public AccessDecisionManager getAccessDecisionManager() {
        return this.accessDecisionManager;
    }

    public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
        this.accessDecisionManager = accessDecisionManager;
    }

    @Override // org.springframework.webflow.execution.FlowExecutionListenerAdapter, org.springframework.webflow.execution.FlowExecutionListener
    public void sessionCreating(RequestContext requestContext, FlowDefinition flowDefinition) {
        SecurityRule securityRule = (SecurityRule) flowDefinition.getAttributes().get(SecurityRule.SECURITY_ATTRIBUTE_NAME);
        if (securityRule != null) {
            decide(securityRule, flowDefinition);
        }
    }

    @Override // org.springframework.webflow.execution.FlowExecutionListenerAdapter, org.springframework.webflow.execution.FlowExecutionListener
    public void stateEntering(RequestContext requestContext, StateDefinition stateDefinition) throws EnterStateVetoException {
        SecurityRule securityRule = (SecurityRule) stateDefinition.getAttributes().get(SecurityRule.SECURITY_ATTRIBUTE_NAME);
        if (securityRule != null) {
            decide(securityRule, stateDefinition);
        }
    }

    @Override // org.springframework.webflow.execution.FlowExecutionListenerAdapter, org.springframework.webflow.execution.FlowExecutionListener
    public void transitionExecuting(RequestContext requestContext, TransitionDefinition transitionDefinition) {
        SecurityRule securityRule = (SecurityRule) transitionDefinition.getAttributes().get(SecurityRule.SECURITY_ATTRIBUTE_NAME);
        if (securityRule != null) {
            decide(securityRule, transitionDefinition);
        }
    }

    protected void decide(SecurityRule securityRule, Object obj) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Collection<ConfigAttribute> configAttributes = getConfigAttributes(securityRule);
        if (this.accessDecisionManager != null) {
            this.accessDecisionManager.decide(authentication, obj, configAttributes);
        } else {
            (SPRING_SECURITY_3_PRESENT ? createManagerWithSpringSecurity3(securityRule) : createManager(securityRule)).decide(authentication, obj, configAttributes);
        }
    }

    private AbstractAccessDecisionManager createManager(SecurityRule securityRule) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new RoleVoter());
        if (securityRule.getComparisonType() == 1) {
            return new AffirmativeBased(arrayList);
        }
        if (securityRule.getComparisonType() == 2) {
            return new UnanimousBased(arrayList);
        }
        throw new IllegalStateException("Unknown SecurityRule match type: " + ((int) securityRule.getComparisonType()));
    }

    private AbstractAccessDecisionManager createManagerWithSpringSecurity3(SecurityRule securityRule) {
        Class cls;
        ArrayList arrayList = new ArrayList();
        arrayList.add(new RoleVoter());
        if (securityRule.getComparisonType() == 1) {
            cls = AffirmativeBased.class;
        } else {
            if (securityRule.getComparisonType() != 2) {
                throw new IllegalStateException("Unknown SecurityRule match type: " + ((int) securityRule.getComparisonType()));
            }
            cls = UnanimousBased.class;
        }
        try {
            AbstractAccessDecisionManager abstractAccessDecisionManager = (AbstractAccessDecisionManager) cls.getConstructor(new Class[0]).newInstance(new Object[0]);
            new DirectFieldAccessor(abstractAccessDecisionManager).setPropertyValue("decisionVoters", arrayList);
            return abstractAccessDecisionManager;
        } catch (Throwable th) {
            throw new IllegalStateException("Failed to initialize AccessDecisionManager", th);
        }
    }

    protected Collection<ConfigAttribute> getConfigAttributes(SecurityRule securityRule) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = securityRule.getAttributes().iterator();
        while (it.hasNext()) {
            arrayList.add(new SecurityConfig(it.next()));
        }
        return arrayList;
    }
}
