package org.apache.struts2.interceptor;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import com.opensymphony.xwork2.util.logging.Logger;
import com.opensymphony.xwork2.util.logging.LoggerFactory;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javassist.compiler.TokenId;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts2.ServletActionContext;

/* loaded from: input_file:WEB-INF/lib/struts2-core-2.3.31.jar:org/apache/struts2/interceptor/RolesInterceptor.class */
public class RolesInterceptor extends AbstractInterceptor {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) RolesInterceptor.class);
    private boolean isProperlyConfigured = true;
    protected List<String> allowedRoles = Collections.emptyList();
    protected List<String> disallowedRoles = Collections.emptyList();

    public void setAllowedRoles(String str) {
        this.allowedRoles = stringToList(str);
        checkRoles(this.allowedRoles);
    }

    public void setDisallowedRoles(String str) {
        this.disallowedRoles = stringToList(str);
        checkRoles(this.disallowedRoles);
    }

    private void checkRoles(List<String> list) {
        if (areRolesValid(list)) {
            return;
        }
        LOG.fatal("An unknown Role was configured: #0", list.toString());
        this.isProperlyConfigured = false;
        throw new IllegalArgumentException("An unknown role was configured: " + list);
    }

    @Override // com.opensymphony.xwork2.interceptor.AbstractInterceptor, com.opensymphony.xwork2.interceptor.Interceptor
    public String intercept(ActionInvocation actionInvocation) throws Exception {
        HttpServletRequest request = ServletActionContext.getRequest();
        HttpServletResponse response = ServletActionContext.getResponse();
        if (this.isProperlyConfigured) {
            return !isAllowed(request, actionInvocation.getAction()) ? handleRejection(actionInvocation, response) : actionInvocation.invoke();
        }
        throw new IllegalArgumentException("RolesInterceptor is misconfigured, check logs for erroneous configuration!");
    }

    protected List<String> stringToList(String str) {
        return str != null ? Arrays.asList(str.split("[ ]*,[ ]*")) : Collections.emptyList();
    }

    protected boolean isAllowed(HttpServletRequest httpServletRequest, Object obj) {
        Iterator<String> it = this.disallowedRoles.iterator();
        while (it.hasNext()) {
            if (httpServletRequest.isUserInRole(it.next())) {
                return false;
            }
        }
        if (this.allowedRoles.isEmpty()) {
            return true;
        }
        Iterator<String> it2 = this.allowedRoles.iterator();
        while (it2.hasNext()) {
            if (httpServletRequest.isUserInRole(it2.next())) {
                return true;
            }
        }
        return false;
    }

    protected String handleRejection(ActionInvocation actionInvocation, HttpServletResponse httpServletResponse) throws Exception {
        httpServletResponse.sendError(TokenId.LongConstant);
        return null;
    }

    protected boolean areRolesValid(List<String> list) {
        return true;
    }
}
