package org.apache.geronimo.tomcat.security.jacc;

import java.security.AccessControlContext;
import java.security.AccessControlException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebUserDataPermission;
import org.apache.catalina.connector.Request;
import org.apache.geronimo.tomcat.security.AuthResult;
import org.apache.geronimo.tomcat.security.Authorizer;
import org.apache.geronimo.tomcat.security.UserIdentity;

/* loaded from: input_file:org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.class */
public class JACCAuthorizer implements Authorizer {
    private final AccessControlContext defaultACC;

    public JACCAuthorizer(AccessControlContext accessControlContext) {
        this.defaultACC = accessControlContext;
    }

    @Override // org.apache.geronimo.tomcat.security.Authorizer
    public Object getConstraints(Request request) {
        return null;
    }

    @Override // org.apache.geronimo.tomcat.security.Authorizer
    public boolean hasUserDataPermissions(Request request, Object obj) {
        try {
            this.defaultACC.checkPermission(new WebUserDataPermission(request));
            return true;
        } catch (AccessControlException e) {
            return false;
        }
    }

    @Override // org.apache.geronimo.tomcat.security.Authorizer
    public boolean isAuthMandatory(Request request, Object obj) {
        try {
            this.defaultACC.checkPermission(new WebResourcePermission(request));
            return false;
        } catch (AccessControlException e) {
            return true;
        }
    }

    @Override // org.apache.geronimo.tomcat.security.Authorizer
    public boolean hasResourcePermissions(Request request, AuthResult authResult, Object obj, UserIdentity userIdentity) {
        if (!(userIdentity instanceof JACCUserIdentity)) {
            return false;
        }
        try {
            ((JACCUserIdentity) userIdentity).getAccessControlContext().checkPermission(new WebResourcePermission(request));
            return true;
        } catch (AccessControlException e) {
            return false;
        }
    }
}
