package com.agapsys.security.web;

import com.agapsys.security.SecurityManager;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/agapsys/security/web/WebSecurityManager.class */
public abstract class WebSecurityManager extends SecurityManager {
    private final AttributeService attributeService = AttributeService.getInstance();

    public abstract User getCurrentUser();

    public abstract void setCurrentUser(User user);

    public abstract void unregisterCurrentUser();

    protected boolean isAllowed(HttpServletRequest httpServletRequest) {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final HttpServletRequest getRequest() {
        return (HttpServletRequest) this.attributeService.getAttribute(WebSecurityFilter.ATTR_HTTP_REQUEST);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final HttpServletResponse getResponse() {
        return (HttpServletResponse) this.attributeService.getAttribute(WebSecurityFilter.ATTR_HTTP_RESPONSE);
    }

    public final boolean isAllowed(String[] strArr) {
        User currentUser;
        if (!isAllowed(getRequest()) || (currentUser = getCurrentUser()) == null) {
            return false;
        }
        if (currentUser.isAdmin()) {
            return true;
        }
        for (String str : strArr) {
            if (!currentUser.getRoles().contains(str)) {
                return false;
            }
        }
        return true;
    }

    public final void onNotAllowed() throws NotAllowedException {
        throw new NotAllowedException(getCurrentUser());
    }
}
