package com.bizunited.nebula.security.local.service;

import com.bizunited.nebula.security.sdk.event.AuthenticationRbacEventListener;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:com/bizunited/nebula/security/local/service/CustomAccessDecisionManager.class */
public class CustomAccessDecisionManager implements AccessDecisionManager {

    @Autowired(required = false)
    private AuthenticationRbacEventListener authenticationRbacEventListener;

    public void decide(Authentication authentication, Object obj, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
        if (collection == null || collection.isEmpty()) {
            throw new AccessDeniedException("not author!");
        }
        Iterator<ConfigAttribute> it = collection.iterator();
        while (it.hasNext()) {
            if (StringUtils.equals(it.next().getAttribute(), "ANONYMOUS")) {
                return;
            }
        }
        Collection<GrantedAuthority> authorities = authentication.getAuthorities();
        if (authorities == null || authorities.isEmpty()) {
            throw new AccessDeniedException("not found any author from this single in user!");
        }
        if (this.authenticationRbacEventListener != null) {
            Set onRequestIgnoreMethodCheckRoles = this.authenticationRbacEventListener.onRequestIgnoreMethodCheckRoles();
            if (!CollectionUtils.isEmpty(onRequestIgnoreMethodCheckRoles)) {
                for (GrantedAuthority grantedAuthority : authorities) {
                    Iterator it2 = onRequestIgnoreMethodCheckRoles.iterator();
                    while (it2.hasNext()) {
                        if (StringUtils.equals(grantedAuthority.getAuthority(), (String) it2.next())) {
                            return;
                        }
                    }
                }
            }
        }
        for (ConfigAttribute configAttribute : collection) {
            Iterator it3 = authorities.iterator();
            while (it3.hasNext()) {
                if (StringUtils.equalsIgnoreCase(configAttribute.getAttribute(), ((GrantedAuthority) it3.next()).getAuthority())) {
                    return;
                }
            }
        }
        throw new AccessDeniedException("not author!");
    }

    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    public boolean supports(Class<?> cls) {
        return true;
    }
}
