package com.bizunited.platform.security.local.config;

import com.bizunited.platform.common.filters.AppFilter;
import com.bizunited.platform.common.filters.TenantFilter;
import com.bizunited.platform.security.local.crypto.password.Aes2PasswordEncoder;
import com.bizunited.platform.security.local.service.CustomAccessDecisionManager;
import com.bizunited.platform.security.local.service.CustomFilterInvocationSecurityMetadataSource;
import com.bizunited.platform.security.local.service.CustomFilterSecurityInterceptor;
import com.bizunited.platform.security.local.service.SimpleAuthenticationDetailsSource;
import com.bizunited.platform.security.local.service.SimpleAuthenticationProvider;
import com.bizunited.platform.security.local.service.handle.SimpleAccessDeniedHandler;
import com.bizunited.platform.security.local.service.handle.SimpleAuthenticationFailureHandler;
import com.bizunited.platform.security.local.service.handle.SimpleAuthenticationSuccessHandler;
import com.bizunited.platform.security.sdk.config.NebulaWebSecurityConfigurerAdapter;
import com.bizunited.platform.security.sdk.config.SimpleSecurityProperties;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.CorsUtils;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
@EnableWebSecurity
@ComponentScan(basePackages = {"com.bizunited.platform.security"})
/* loaded from: input_file:com/bizunited/platform/security/local/config/SecurityConfigAutoConfiguration.class */
public class SecurityConfigAutoConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private SimpleSecurityProperties simpleSecurityProperties;

    @Autowired
    private AuthenticationSuccessHandler authenticationSuccessHandler;

    @Autowired
    private AuthenticationFailureHandler authenticationFailureHandler;

    @Autowired
    private LogoutSuccessHandler logoutSuccessHandler;

    @Autowired
    private AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails> authenticationDetailsSource;

    @Autowired
    private AccessDecisionManager accessDecisionManager;

    @Autowired
    private SimpleAuthenticationProvider authenticationProvider;

    @Autowired
    private FilterInvocationSecurityMetadataSource securityMetadataSource;

    @Autowired(required = false)
    private NebulaWebSecurityConfigurerAdapter nebulaWebSecurityConfigurerAdapter;

    @Autowired
    private AppFilter appFilter;

    @Autowired
    private TenantFilter tenantFilter;

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        CustomFilterSecurityInterceptor customFilterSecurityInterceptor = new CustomFilterSecurityInterceptor(this.securityMetadataSource, this.accessDecisionManager, super.authenticationManager());
        CorsConfigurationSource corsConfigurationSource = corsConfigurationSource();
        SimpleAccessDeniedHandler simpleAccessDeniedHandler = new SimpleAccessDeniedHandler(this.simpleSecurityProperties);
        String[] ignoreUrls = this.simpleSecurityProperties.getIgnoreUrls();
        String loginUrl = this.simpleSecurityProperties.getLoginUrl();
        String logoutUrl = this.simpleSecurityProperties.getLogoutUrl();
        String loginPageUrl = this.simpleSecurityProperties.getLoginPageUrl();
        String logoutSuccessRedirect = this.simpleSecurityProperties.getLogoutSuccessRedirect();
        ArrayList arrayList = new ArrayList();
        if (ignoreUrls != null && ignoreUrls.length > 0) {
            arrayList.addAll(Lists.newArrayList(ignoreUrls));
        }
        arrayList.addAll(Lists.newArrayList(SimpleSecurityProperties.DEFAULT_IGNOREURLS));
        if (StringUtils.isNotBlank(logoutSuccessRedirect)) {
            arrayList.add(logoutSuccessRedirect);
        }
        if (StringUtils.isNotBlank(loginPageUrl)) {
            arrayList.add(loginPageUrl);
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.addFilterAt(customFilterSecurityInterceptor, FilterSecurityInterceptor.class).cors().configurationSource(corsConfigurationSource).and().headers().frameOptions().disable().and().sessionManagement().enableSessionUrlRewriting(true).and().authorizeRequests().requestMatchers(new RequestMatcher[]{CorsUtils::isPreFlightRequest})).permitAll().antMatchers((String[]) arrayList.toArray(new String[0]))).permitAll().anyRequest()).authenticated().and().exceptionHandling().authenticationEntryPoint(simpleAccessDeniedHandler).accessDeniedHandler(simpleAccessDeniedHandler).and().formLogin().loginPage("/v1/rbac/loginFail").loginProcessingUrl(loginUrl).successHandler(this.authenticationSuccessHandler).failureHandler(this.authenticationFailureHandler).authenticationDetailsSource(this.authenticationDetailsSource).permitAll().and().logout().logoutUrl(logoutUrl).logoutSuccessHandler(this.logoutSuccessHandler).permitAll().and().csrf().disable().addFilterBefore(this.appFilter, UsernamePasswordAuthenticationFilter.class).addFilterAfter(this.tenantFilter, UsernamePasswordAuthenticationFilter.class);
        if (this.nebulaWebSecurityConfigurerAdapter != null) {
            this.nebulaWebSecurityConfigurerAdapter.configure(httpSecurity);
        }
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.authenticationProvider(this.authenticationProvider);
    }

    @ConditionalOnMissingBean
    @Bean({"simpleAuthenticationSuccessHandler"})
    public AuthenticationSuccessHandler getAuthenticationSuccessHandler() {
        return new SimpleAuthenticationSuccessHandler();
    }

    @ConditionalOnMissingBean
    @Bean({"simpleAuthenticationFailureHandler"})
    public AuthenticationFailureHandler getAuthenticationFailureHandler() {
        return new SimpleAuthenticationFailureHandler();
    }

    @ConditionalOnMissingBean
    @Bean(name = {"passwordEncoder"})
    public PasswordEncoder passwordEncoder() {
        return new Pbkdf2PasswordEncoder();
    }

    @ConditionalOnMissingBean
    @Bean(name = {"aes2PasswordEncoder"})
    public Aes2PasswordEncoder aes2PasswordEncoder() {
        return new Aes2PasswordEncoder();
    }

    @ConditionalOnMissingBean
    @Bean(name = {"customAccessDecisionManager"})
    public AccessDecisionManager getCustomAccessDecisionManager() {
        return new CustomAccessDecisionManager();
    }

    @ConditionalOnMissingBean
    @Bean(name = {"customFilterInvocationSecurityMetadataSource"})
    public FilterInvocationSecurityMetadataSource getCustomFilterInvocationSecurityMetadataSource() {
        return new CustomFilterInvocationSecurityMetadataSource();
    }

    @ConditionalOnMissingBean
    @Bean(name = {"authenticationDetailsSource"})
    public AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails> getAuthenticationDetailsSource() {
        return new SimpleAuthenticationDetailsSource();
    }

    private CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowedOrigins(Arrays.asList("*"));
        corsConfiguration.setAllowedMethods(Arrays.asList("*"));
        corsConfiguration.setAllowedHeaders(Arrays.asList("*"));
        corsConfiguration.setAllowCredentials(true);
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }
}
