package org.apache.struts2.interceptor;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javassist.compiler.TokenId;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts2.ServletActionContext;

/* loaded from: input_file:WEB-INF/lib/struts2-core-2.2.1.jar:org/apache/struts2/interceptor/RolesInterceptor.class */
public class RolesInterceptor extends AbstractInterceptor {
    private List<String> allowedRoles = new ArrayList();
    private List<String> disallowedRoles = new ArrayList();

    public void setAllowedRoles(String str) {
        this.allowedRoles = stringToList(str);
    }

    public void setDisallowedRoles(String str) {
        this.disallowedRoles = stringToList(str);
    }

    @Override // com.opensymphony.xwork2.interceptor.AbstractInterceptor, com.opensymphony.xwork2.interceptor.Interceptor
    public String intercept(ActionInvocation actionInvocation) throws Exception {
        return !isAllowed(ServletActionContext.getRequest(), actionInvocation.getAction()) ? handleRejection(actionInvocation, ServletActionContext.getResponse()) : actionInvocation.invoke();
    }

    protected List<String> stringToList(String str) {
        return str != null ? Arrays.asList(str.split("[ ]*,[ ]*")) : Collections.EMPTY_LIST;
    }

    protected boolean isAllowed(HttpServletRequest httpServletRequest, Object obj) {
        if (this.allowedRoles.size() > 0) {
            boolean z = false;
            Iterator<String> it = this.allowedRoles.iterator();
            while (it.hasNext()) {
                if (httpServletRequest.isUserInRole(it.next())) {
                    z = true;
                }
            }
            return z;
        }
        if (this.disallowedRoles.size() <= 0) {
            return true;
        }
        Iterator<String> it2 = this.disallowedRoles.iterator();
        while (it2.hasNext()) {
            if (httpServletRequest.isUserInRole(it2.next())) {
                return false;
            }
        }
        return true;
    }

    protected String handleRejection(ActionInvocation actionInvocation, HttpServletResponse httpServletResponse) throws Exception {
        httpServletResponse.sendError(TokenId.LongConstant);
        return null;
    }
}
