package org.apache.marmotta.platform.security.filters;

import java.io.IOException;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.marmotta.platform.core.api.config.ConfigurationService;
import org.apache.marmotta.platform.core.api.modules.MarmottaHttpFilter;
import org.apache.marmotta.platform.core.api.user.UserService;
import org.apache.marmotta.platform.core.exception.security.AccessDeniedException;
import org.apache.marmotta.platform.security.api.SecurityService;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/apache/marmotta/platform/security/filters/MarmottaAccessControlFilter.class */
public class MarmottaAccessControlFilter implements MarmottaHttpFilter {

    @Inject
    private Logger log;

    @Inject
    private ConfigurationService configurationService;

    @Inject
    private UserService userService;

    @Inject
    private SecurityService securityService;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.log.info("Access Control Filter starting up. Access control is {}.", this.configurationService.getBooleanConfiguration("security.enabled", true) ? "enabled" : "disabled");
        if (this.configurationService.getBooleanConfiguration("security.configured", true)) {
            this.securityService.ping();
        } else {
            this.securityService.loadSecurityProfile(this.configurationService.getStringConfiguration("security.profile"));
        }
    }

    public String getPattern() {
        return "^/.*";
    }

    public int getPriority() {
        return -2147483638;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!this.configurationService.getBooleanConfiguration("security.enabled", true)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (servletRequest instanceof HttpServletRequest) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            this.log.debug("Checking access for user '{}' with roles '{}'", httpServletRequest.getAttribute("user.name"), httpServletRequest.getAttribute("user.roles"));
            if (!this.securityService.grantAccess(httpServletRequest)) {
                throw new AccessDeniedException();
            }
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void destroy() {
    }
}
