package org.apache.pluto.driver.security;

import java.io.IOException;
import java.util.regex.Pattern;
import javax.enterprise.inject.Vetoed;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.util.matcher.RequestMatcher;

@Configuration
@EnableWebSecurity
@Vetoed
/* loaded from: input_file:org/apache/pluto/driver/security/PortalSecurityConfigurer.class */
public class PortalSecurityConfigurer extends WebSecurityConfigurerAdapter {
    private static RequestMatcher ACTION_REQUEST_MATCHER = new ActionRequestMatcher();

    /* loaded from: input_file:org/apache/pluto/driver/security/PortalSecurityConfigurer$ActionRequestMatcher.class */
    private static class ActionRequestMatcher implements RequestMatcher {
        private static final Pattern ACTION_URL_PATTERN = Pattern.compile(".*[/]__ac[0-9]+.*");
        private static final Pattern AJAX_ACTION_URL_PATTERN = Pattern.compile(".*[/]__aa[0-9]+.*");
        private static final Pattern PARTIAL_ACTION_URL_PATTERN = Pattern.compile(".*[/]__pa[0-9]+.*");

        private ActionRequestMatcher() {
        }

        public boolean matches(HttpServletRequest httpServletRequest) {
            String requestURI = httpServletRequest.getRequestURI();
            return ACTION_URL_PATTERN.matcher(requestURI).matches() || AJAX_ACTION_URL_PATTERN.matcher(requestURI).matches() || PARTIAL_ACTION_URL_PATTERN.matcher(requestURI).matches();
        }
    }

    /* loaded from: input_file:org/apache/pluto/driver/security/PortalSecurityConfigurer$PortletAccessDeniedHandler.class */
    private static class PortletAccessDeniedHandler implements AccessDeniedHandler {
        private PortletAccessDeniedHandler() {
        }

        public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException accessDeniedException) throws IOException, ServletException {
            throw accessDeniedException;
        }
    }

    public PortalSecurityConfigurer() {
        super(true);
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().requireCsrfProtectionMatcher(ACTION_REQUEST_MATCHER).and().exceptionHandling().accessDeniedHandler(new PortletAccessDeniedHandler());
    }
}
