package cn.easyproject.easyshiro;

import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.StringUtils;
import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;
import org.apache.shiro.web.util.WebUtils;

/* loaded from: input_file:cn/easyproject/easyshiro/EasyURLPermissionFilter.class */
public class EasyURLPermissionFilter extends PermissionsAuthorizationFilter {
    public static final String DEFAULT_SESSION_MSG = "false";
    public static final String DEFAULT_REQUEST_MSG = "false";
    public static final String DEFAULT_MSG_KEY = "msg";
    public static final String DEFAULT_STATUS_CODE_NAME = "statusCode";
    private static final String DEFAULT_AUTHENTICATION_TIMEOUT_CHECK = "true";
    private static final String DEFAULT_PERMISSION_DENIED_MSG = "Permission denied!";
    private static final String DEFAULT_AUTHENTICATION_TIMEOUT_MSG = "Your login has expired, please login again!";
    private String sessionMsg = "false";
    private String requestMsg = "false";
    private String msgKey = DEFAULT_MSG_KEY;
    private String statusCode = DEFAULT_STATUS_CODE_NAME;
    private String authenticationTimeoutCheck = "true";
    private String permissionDeniedMsg = DEFAULT_PERMISSION_DENIED_MSG;
    private String authenticationTimeoutMsg = DEFAULT_AUTHENTICATION_TIMEOUT_MSG;

    public boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String substring = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length() + 1);
        return substring == null || substring.equals(EasyFormAuthenticationFilter.DEFAULT_AUTO_LOGIN_DOMAIN) || getSubject(httpServletRequest, (HttpServletResponse) servletResponse).isPermitted(substring);
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        Subject subject = getSubject(httpServletRequest, servletResponse);
        String str = this.permissionDeniedMsg;
        int i = 401;
        if (EasyShiroUtils.isTrue(this.authenticationTimeoutCheck) && !subject.isAuthenticated()) {
            str = this.authenticationTimeoutMsg;
            i = 301;
        }
        if (httpServletRequest != null && ("XMLHttpRequest".equalsIgnoreCase(httpServletRequest.getHeader("X-Requested-With")) || "XMLHttpRequest".equalsIgnoreCase(httpServletRequest.getParameter("xRequestedWith")))) {
            servletResponse.setCharacterEncoding("UTF-8");
            servletResponse.setContentType("text/json;charset=utf-8");
            PrintWriter writer = servletResponse.getWriter();
            writer.println("{\"" + this.msgKey + "\":\"" + str + "\",\"" + this.statusCode + "\":\"" + i + "\"}");
            writer.flush();
            writer.close();
            return false;
        }
        if (EasyShiroUtils.isTrue(this.sessionMsg)) {
            subject.getSession().setAttribute(this.msgKey, str);
        }
        if (EasyShiroUtils.isTrue(this.requestMsg)) {
            servletRequest.setAttribute(this.msgKey, str);
        }
        if (subject.getPrincipal() == null) {
            saveRequestAndRedirectToLogin(httpServletRequest, servletResponse);
            return false;
        }
        String unauthorizedUrl = getUnauthorizedUrl();
        if (StringUtils.hasText(unauthorizedUrl)) {
            WebUtils.issueRedirect(httpServletRequest, servletResponse, unauthorizedUrl);
            return false;
        }
        WebUtils.toHttp(servletResponse).sendError(401);
        return false;
    }

    public void setSessionMsg(String str) {
        this.sessionMsg = str;
    }

    public void setRequestMsg(String str) {
        this.requestMsg = str;
    }

    public void setMsgKey(String str) {
        this.msgKey = str;
    }

    public void setPermissionDeniedMsg(String str) {
        this.permissionDeniedMsg = str;
    }

    public void setStatusCode(String str) {
        this.statusCode = str;
    }

    public void setAuthenticationTimeoutCheck(String str) {
        this.authenticationTimeoutCheck = str;
    }

    public void setAuthenticationTimeoutMsg(String str) {
        this.authenticationTimeoutMsg = str;
    }
}
