package org.apache.struts2.interceptor;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.struts2.ServletActionContext;

/* loaded from: input_file:WEB-INF/lib/struts2-core-2.5.20.jar:org/apache/struts2/interceptor/RolesInterceptor.class */
public class RolesInterceptor extends AbstractInterceptor {
    private static final Logger LOG = LogManager.getLogger((Class<?>) RolesInterceptor.class);
    private boolean isProperlyConfigured = true;
    protected List<String> allowedRoles = Collections.emptyList();
    protected List<String> disallowedRoles = Collections.emptyList();

    public void setAllowedRoles(String str) {
        this.allowedRoles = stringToList(str);
        checkRoles(this.allowedRoles);
    }

    public void setDisallowedRoles(String str) {
        this.disallowedRoles = stringToList(str);
        checkRoles(this.disallowedRoles);
    }

    private void checkRoles(List<String> list) {
        if (areRolesValid(list)) {
            return;
        }
        LOG.fatal("An unknown Role was configured: {}", list);
        this.isProperlyConfigured = false;
        throw new IllegalArgumentException("An unknown role was configured: " + list);
    }

    @Override // com.opensymphony.xwork2.interceptor.AbstractInterceptor, com.opensymphony.xwork2.interceptor.Interceptor
    public String intercept(ActionInvocation actionInvocation) throws Exception {
        HttpServletRequest request = ServletActionContext.getRequest();
        HttpServletResponse response = ServletActionContext.getResponse();
        if (!this.isProperlyConfigured) {
            throw new IllegalArgumentException("RolesInterceptor is misconfigured, check logs for erroneous configuration!");
        }
        if (isAllowed(request, actionInvocation.getAction())) {
            LOG.debug("Request is allowed. Invoking.");
            return actionInvocation.invoke();
        }
        LOG.debug("Request is NOT allowed. Rejecting.");
        return handleRejection(actionInvocation, response);
    }

    protected List<String> stringToList(String str) {
        return str != null ? Arrays.asList(str.split("[ ]*,[ ]*")) : Collections.emptyList();
    }

    protected boolean isAllowed(HttpServletRequest httpServletRequest, Object obj) {
        for (String str : this.disallowedRoles) {
            if (httpServletRequest.isUserInRole(str)) {
                LOG.debug("User role '{}' is in the disallowedRoles list.", str);
                return false;
            }
        }
        if (this.allowedRoles.isEmpty()) {
            LOG.debug("The allowedRoles list is empty.");
            return true;
        }
        for (String str2 : this.allowedRoles) {
            if (httpServletRequest.isUserInRole(str2)) {
                LOG.debug("User role '{}' is in the allowedRoles list.", str2);
                return true;
            }
        }
        return false;
    }

    protected String handleRejection(ActionInvocation actionInvocation, HttpServletResponse httpServletResponse) throws Exception {
        httpServletResponse.sendError(403);
        return null;
    }

    protected boolean areRolesValid(List<String> list) {
        return true;
    }
}
