package com.liuqi.vanasframework.security;

import com.liuqi.vanasframework.core.Vanas;
import com.liuqi.vanasframework.security.access.SecurityDecisionManager;
import com.liuqi.vanasframework.security.access.SecurityInterceptor;
import com.liuqi.vanasframework.security.access.SecurityMetadataSource;
import com.liuqi.vanasframework.security.authentication.VanasUserLoginAuthenticationFilter;
import com.liuqi.vanasframework.security.authentication.VanasUserLoginAuthenticationProvider;
import com.liuqi.vanasframework.security.entity.VanasSecurityConfigSource;
import java.util.Arrays;
import java.util.Collections;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy;
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;
import org.springframework.util.Assert;

@EnableWebSecurity
/* loaded from: input_file:com/liuqi/vanasframework/security/VanasSecurityWebConfig.class */
public class VanasSecurityWebConfig extends WebSecurityConfigurerAdapter {
    private static final Logger log = LogManager.getLogger(VanasSecurityWebConfig.class);

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        Assert.notNull(Vanas.customerConfig.getSecurity().getPermitUrl(), "the PermitURL is require");
        httpSecurity.addFilterAfter(getInterceptor(), FilterSecurityInterceptor.class);
        httpSecurity.addFilterAt(getUserLoginAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
        if (Vanas.customerConfig.getSecurity().getXFrameEnabled().booleanValue()) {
            setFrameAllow(httpSecurity);
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(Vanas.customerConfig.getSecurity().getPermitUrl())).permitAll().anyRequest()).authenticated().and().formLogin().loginPage(Vanas.customerConfig.getSecurity().getLoginUrl()).loginProcessingUrl(Vanas.customerConfig.getSecurity().getLoginFormUrl()).defaultSuccessUrl(Vanas.customerConfig.getSecurity().getLoginSuccessUrl()).failureUrl(Vanas.customerConfig.getSecurity().getLoginFailureUrl()).permitAll();
        if (!Vanas.customerConfig.getSecurity().isCookieEnabled()) {
            httpSecurity.rememberMe().tokenValiditySeconds(Vanas.customerConfig.getSecurity().getCookieValidSeconds().intValue());
        }
        if (Vanas.customerConfig.getSecurity().isCsrfEnabled()) {
            httpSecurity.csrf().ignoringAntMatchers(Vanas.customerConfig.getSecurity().getCsrfPermitUrl());
        } else {
            httpSecurity.csrf().disable();
        }
        httpSecurity.logout().permitAll().logoutSuccessUrl(Vanas.customerConfig.getSecurity().getLoginOutSuccessUrl());
    }

    private void setFrameAllow(HttpSecurity httpSecurity) throws Exception {
        if (Vanas.customerConfig.getSecurity().getXFrameOptions().equals("SAMEORIGIN")) {
            httpSecurity.headers().frameOptions().sameOrigin();
        } else {
            if (!Vanas.customerConfig.getSecurity().getXFrameOptions().equals("FROMURI")) {
                throw new Exception("未知的 XFrameOptions 。仅支持 SAMEORIGIN , FROMURI");
            }
            httpSecurity.headers().frameOptions().disable();
            httpSecurity.headers().addHeaderWriter(new XFrameOptionsHeaderWriter(new WhiteListedAllowFromStrategy(Arrays.asList(Vanas.customerConfig.getSecurity().getXFrameAllowUri()))));
        }
    }

    private SecurityInterceptor getInterceptor() {
        log.info("安全组件 >> 获取全局拦截器");
        SecurityInterceptor securityInterceptor = new SecurityInterceptor();
        securityInterceptor.setSecurityMetadataSource(new SecurityMetadataSource(VanasSecurityConfigSource.getInstance().getCustomerDaoService()));
        securityInterceptor.setSystemAccessDecisionManager(new SecurityDecisionManager());
        return securityInterceptor;
    }

    private VanasUserLoginAuthenticationFilter getUserLoginAuthenticationFilter() {
        log.info("安全组件 >> 获取登陆安全认证过滤器");
        VanasUserLoginAuthenticationFilter vanasUserLoginAuthenticationFilter = new VanasUserLoginAuthenticationFilter();
        vanasUserLoginAuthenticationFilter.setAuthenticationManager(new ProviderManager(Collections.singletonList(getUserLoginAuthenticationProvider())));
        return vanasUserLoginAuthenticationFilter;
    }

    private VanasUserLoginAuthenticationProvider getUserLoginAuthenticationProvider() {
        log.info("安全组件 >> 获取登陆安全认证处理器");
        return new VanasUserLoginAuthenticationProvider();
    }
}
