package org.nuiton.web.security;

import com.google.common.base.Function;
import java.io.IOException;
import java.util.Properties;
import java.util.concurrent.Callable;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.AbstractShiroFilter;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.subject.WebSubject;
import org.nuiton.config.ApplicationConfig;
import org.nuiton.topia.persistence.TopiaApplicationContextCache;
import org.nuiton.topia.persistence.TopiaException;
import org.nuiton.topia.persistence.util.TopiaUtil;
import org.nuiton.web.SecurityEntityEnum;
import org.nuiton.web.SecurityTopiaApplicationContext;
import org.nuiton.web.SecurityTopiaPersistenceContext;

/* loaded from: input_file:org/nuiton/web/security/SecurityShiroFilter.class */
public class SecurityShiroFilter extends AbstractShiroFilter {
    public static final String ANON_LOGIN = "anonymous";
    public static final String SESSION_REQUESTED_URL = "securityRequestedUrl";
    protected ApplicationConfig config;
    protected SecurityTopiaApplicationContext rootContext;
    private static final Log log = LogFactory.getLog(SecurityShiroFilter.class);
    public static final String APP_CONFIG_CONTEXT = SecurityShiroFilter.class.getName() + "#" + ApplicationConfig.class.getName();
    public static final String ROOT_CONTEXT_CONTEXT = SecurityShiroFilter.class.getName() + "#" + SecurityTopiaApplicationContext.class.getName();
    protected static final Function<Properties, SecurityTopiaApplicationContext> CREATE_SECURITY_APPLICATION_CONTEXT = new Function<Properties, SecurityTopiaApplicationContext>() { // from class: org.nuiton.web.security.SecurityShiroFilter.1
        public SecurityTopiaApplicationContext apply(Properties properties) {
            return new SecurityTopiaApplicationContext(properties);
        }
    };

    public void init() throws Exception {
        this.config = (ApplicationConfig) getServletContext().getAttribute(APP_CONFIG_CONTEXT);
        if (this.config == null) {
            throw new IllegalArgumentException("No APP_CONFIG_CONTEXT attribute found in servlet context");
        }
        this.config.setOption("topia.persistence.classes", SecurityEntityEnum.getImplementationClassesAsString());
        this.rootContext = TopiaApplicationContextCache.getContext(this.config.getFlatOptions(), CREATE_SECURITY_APPLICATION_CONTEXT);
        initSchema(this.rootContext);
        getServletContext().setAttribute(ROOT_CONTEXT_CONTEXT, this.rootContext);
        if (log.isInfoEnabled()) {
            log.info("Overriding shiro realms");
        }
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager(new TopiaSecurityRealm(this.rootContext, this.config));
        defaultWebSecurityManager.setSubjectFactory(new SecuritySubjectFactory());
        defaultWebSecurityManager.setSessionManager(new DefaultWebSessionManager());
        setSecurityManager(defaultWebSecurityManager);
        SecurityUtils.setSecurityManager(defaultWebSecurityManager);
    }

    protected static void initSchema(SecurityTopiaApplicationContext securityTopiaApplicationContext) throws TopiaException {
        SecurityTopiaPersistenceContext newPersistenceContext = securityTopiaApplicationContext.m0newPersistenceContext();
        boolean isSchemaExist = TopiaUtil.isSchemaExist(newPersistenceContext.getHibernateSupport(), SecurityUserImpl.class.getName());
        newPersistenceContext.closeContext();
        if (isSchemaExist) {
            if (log.isDebugEnabled()) {
                log.debug("Table SecurityUser found, skip schema creation");
                return;
            }
            return;
        }
        if (log.isInfoEnabled()) {
            log.info("Create database schema");
        }
        securityTopiaApplicationContext.createSchema();
        SecurityTopiaPersistenceContext newPersistenceContext2 = securityTopiaApplicationContext.m0newPersistenceContext();
        ((SecurityUser) newPersistenceContext2.getSecurityUserDao().create()).setLogin(ANON_LOGIN);
        newPersistenceContext2.commit();
        newPersistenceContext2.closeContext();
    }

    protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, final FilterChain filterChain) throws ServletException, IOException {
        String header;
        WebSubject createSubject = createSubject(servletRequest, servletResponse);
        if (log.isDebugEnabled()) {
            log.debug("Testing permission for user " + createSubject.getPrincipal());
        }
        if (createSubject.getPrincipal() == null) {
            createSubject.login(new UsernamePasswordToken(ANON_LOGIN, ""));
        }
        String option = this.config.getOption("topia.security.loginurl");
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String contextPath = httpServletRequest.getContextPath();
        String replaceFirst = httpServletRequest.getRequestURI().replaceFirst(";(jsessionid|JSESSIONID)=[\\w-]*", "");
        if (replaceFirst.startsWith(contextPath)) {
            replaceFirst = replaceFirst.substring(contextPath.length());
        }
        String convertToShiroPerm = SecurityUtil.convertToShiroPerm(replaceFirst, this.config.getOption("topia.security.separators"));
        if (!createSubject.isPermitted("url" + convertToShiroPerm)) {
            if (log.isDebugEnabled()) {
                log.debug("User is NOT permitted to access " + convertToShiroPerm);
            }
            if (createSubject.isAuthenticated()) {
                ((HttpServletResponse) servletResponse).sendError(401, "Not authorized to access " + replaceFirst);
                return;
            }
            if (log.isDebugEnabled()) {
                log.debug("Redirecting user to login page");
            }
            Session session = createSubject.getSession();
            StringBuffer stringBuffer = new StringBuffer(httpServletRequest.getRequestURL());
            if (httpServletRequest.getQueryString() != null) {
                stringBuffer.append('?').append(httpServletRequest.getQueryString());
            }
            session.setAttribute(SESSION_REQUESTED_URL, stringBuffer.toString());
            ((HttpServletResponse) servletResponse).sendRedirect(contextPath + this.config.getOption("topia.security.loginurl"));
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("User is permitted to access " + convertToShiroPerm);
        }
        Session session2 = createSubject.getSession();
        if (replaceFirst.equals(option) && session2.getAttribute(SESSION_REQUESTED_URL) == null && (header = httpServletRequest.getHeader("referer")) != null) {
            String replaceFirst2 = header.replaceFirst(";(jsessionid|JSESSIONID)=[\\w-]*", "");
            if (!replaceFirst2.endsWith(option)) {
                if (log.isDebugEnabled()) {
                    log.debug("Remembering referer as " + replaceFirst2);
                }
                session2.setAttribute(SESSION_REQUESTED_URL, replaceFirst2);
            }
        }
        final ServletRequest prepareServletRequest = prepareServletRequest(servletRequest, servletResponse, filterChain);
        final ServletResponse prepareServletResponse = prepareServletResponse(prepareServletRequest, servletResponse, filterChain);
        createSubject.execute(new Callable() { // from class: org.nuiton.web.security.SecurityShiroFilter.2
            @Override // java.util.concurrent.Callable
            public Object call() throws Exception {
                SecurityShiroFilter.this.updateSessionLastAccessTime(prepareServletRequest, prepareServletResponse);
                SecurityShiroFilter.this.executeChain(prepareServletRequest, prepareServletResponse, filterChain);
                return null;
            }
        });
    }

    public void destroy() {
        super.destroy();
        if (this.rootContext != null) {
            try {
                this.rootContext.closeContext();
            } catch (TopiaException e) {
                if (log.isErrorEnabled()) {
                    log.error("Can't close root context", e);
                }
            }
        }
    }
}
