package org.apache.geode.tools.pulse.internal.security;

import java.util.HashMap;
import org.apache.geode.tools.pulse.internal.data.PulseConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;

@Configuration
@EnableWebSecurity
@Profile({PulseConstants.APPLICATION_PROPERTY_PULSE_SEC_PROFILE_DEFAULT})
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:WEB-INF/classes/org/apache/geode/tools/pulse/internal/security/DefaultSecurityConfig.class */
public class DefaultSecurityConfig extends WebSecurityConfigurerAdapter {
    private final RepositoryLogoutHandler repositoryLogoutHandler;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Autowired
    public DefaultSecurityConfig(RepositoryLogoutHandler repositoryLogoutHandler) {
        this.repositoryLogoutHandler = repositoryLogoutHandler;
    }

    @Bean
    public AuthenticationFailureHandler failureHandler() {
        ExceptionMappingAuthenticationFailureHandler exceptionMappingAuthenticationFailureHandler = new ExceptionMappingAuthenticationFailureHandler();
        HashMap hashMap = new HashMap();
        hashMap.put(BadCredentialsException.class.getName(), "/login.html?error=BAD_CREDS");
        hashMap.put(CredentialsExpiredException.class.getName(), "/login.html?error=CRED_EXP");
        hashMap.put(LockedException.class.getName(), "/login.html?error=ACC_LOCKED");
        hashMap.put(DisabledException.class.getName(), "/login.html?error=ACC_DISABLED");
        exceptionMappingAuthenticationFailureHandler.setExceptionMappings(hashMap);
        return exceptionMappingAuthenticationFailureHandler;
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeRequests(expressionInterceptUrlRegistry -> {
            expressionInterceptUrlRegistry.mvcMatchers2("/login.html", "/authenticateUser", "/pulseVersion", "/scripts/**", "/images/**", "/css/**", "/properties/**").permitAll().mvcMatchers2("/dataBrowser*", "/getQueryStatisticsGridModel*").access("hasRole('CLUSTER:READ') and hasRole('DATA:READ')").mvcMatchers2("/*").hasRole("CLUSTER:READ").anyRequest().authenticated();
        }).formLogin(formLoginConfigurer -> {
            formLoginConfigurer.loginPage("/login.html").loginProcessingUrl(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL).failureHandler(failureHandler()).defaultSuccessUrl("/clusterDetail.html", true);
        }).logout(logoutConfigurer -> {
            logoutConfigurer.logoutUrl("/clusterLogout").addLogoutHandler(this.repositoryLogoutHandler).logoutSuccessUrl("/login.html");
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.accessDeniedPage("/accessDenied.html");
        }).headers(headersConfigurer -> {
            headersConfigurer.frameOptions().deny().xssProtection(xXssConfig -> {
                xXssConfig.xssProtectionEnabled(true).block(true);
            }).contentTypeOptions();
        }).csrf().disable();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        ((InMemoryUserDetailsManagerConfigurer) authenticationManagerBuilder.inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance())).withUser("admin").password("admin").roles("CLUSTER:READ", "DATA:READ");
    }
}
