package org.apache.nifi.web.api.config;

import javax.ws.rs.core.Response;
import javax.ws.rs.ext.ExceptionMapper;
import javax.ws.rs.ext.Provider;
import org.apache.nifi.user.NiFiUser;
import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;

@Provider
/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/web/api/config/AccessDeniedExceptionMapper.class */
public class AccessDeniedExceptionMapper implements ExceptionMapper<AccessDeniedException> {
    private static final Logger logger = LoggerFactory.getLogger(AccessDeniedExceptionMapper.class);

    public Response toResponse(AccessDeniedException accessDeniedException) {
        NiFiUser niFiUser = NiFiUserUtils.getNiFiUser();
        if (niFiUser != null) {
            logger.info(String.format("%s does not have permission to access the requested resource. Returning %s response.", niFiUser.getDn(), Response.Status.FORBIDDEN));
        } else {
            logger.info(String.format("User does not have permission to access the requested resource. Returning %s response.", Response.Status.FORBIDDEN));
        }
        if (logger.isDebugEnabled()) {
            logger.debug("", accessDeniedException);
        }
        return Response.status(Response.Status.FORBIDDEN).entity("Unable to perform the desired action because access is denied.").type("text/plain").build();
    }
}
