package com.anji.plus.gaea.security.security;

import com.anji.plus.gaea.security.GaeaSecurityProperties;
import com.anji.plus.gaea.security.security.handler.GaeaAccessDeniedHandler;
import com.anji.plus.gaea.security.security.handler.GaeaAuthenticationEntryPoint;
import com.anji.plus.gaea.security.security.handler.GaeaLoginFailureHandler;
import com.anji.plus.gaea.security.security.handler.GaeaLoginSuccessHandler;
import com.anji.plus.gaea.security.security.handler.GaeaLogoutSuccessHandler;
import com.anji.plus.gaea.security.security.url.UrlAccessDecisionManager;
import com.anji.plus.gaea.security.security.url.UrlFilterInvocationSecurityMetadataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:com/anji/plus/gaea/security/security/SecurityConfiguration.class */
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private JwtTokenAuthenticationFilter jwtTokenAuthenticationFilter;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private UrlAccessDecisionManager urlAccessDecisionManager;

    @Autowired
    private GaeaSecurityProperties gaeaSecurityProperties;

    @Autowired
    private UrlFilterInvocationSecurityMetadataSource urlFilterInvocationSecurityMetadataSource;

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(this.userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
    }

    @Bean
    public AccessDeniedHandler accessDeniedHandler() {
        return new GaeaAccessDeniedHandler();
    }

    @Bean
    public AuthenticationEntryPoint authenticationEntryPoint() {
        return new GaeaAuthenticationEntryPoint();
    }

    @ConditionalOnMissingBean
    @Bean
    public GaeaLoginSuccessHandler gaeaLoginSuccessHandler() {
        return new GaeaLoginSuccessHandler();
    }

    @ConditionalOnMissingBean
    @Bean
    public GaeaLoginFailureHandler gaeaLoginFailureHandler() {
        return new GaeaLoginFailureHandler();
    }

    @ConditionalOnMissingBean
    @Bean
    public GaeaLogoutSuccessHandler gaeaLogoutSuccessHandler() {
        return new GaeaLogoutSuccessHandler();
    }

    @ConditionalOnMissingBean
    @Bean
    public GaeaUsernamePasswordAuthenticationFilter gaeaUsernamePasswordAuthenticationFilter() {
        AuthenticationManager authenticationManager = null;
        try {
            authenticationManager = authenticationManager();
        } catch (Exception e) {
            e.printStackTrace();
        }
        return new GaeaUsernamePasswordAuthenticationFilter(authenticationManager, gaeaLoginSuccessHandler(), gaeaLoginFailureHandler());
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.addAllowedOriginPattern("*");
        corsConfiguration.addAllowedMethod("*");
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.setAllowCredentials(true);
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.antMatcher("/**").authorizeRequests().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() { // from class: com.anji.plus.gaea.security.security.SecurityConfiguration.1
            public <O extends FilterSecurityInterceptor> O postProcess(O o) {
                o.setSecurityMetadataSource(SecurityConfiguration.this.urlFilterInvocationSecurityMetadataSource);
                o.setAccessDecisionManager(SecurityConfiguration.this.urlAccessDecisionManager);
                return o;
            }
        });
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.exceptionHandling().accessDeniedHandler(accessDeniedHandler()).authenticationEntryPoint(authenticationEntryPoint()).and().csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers(new String[]{"/login/**", "/logout", "/health", "/user/loginCode/**"})).permitAll().mvcMatchers(HttpMethod.GET, new String[]{"/dict/item/**"}).permitAll().anyRequest()).authenticated().and().formLogin().successHandler(gaeaLoginSuccessHandler()).failureHandler(gaeaLoginFailureHandler()).and().logout().logoutSuccessHandler(gaeaLogoutSuccessHandler());
        httpSecurity.addFilterBefore(gaeaUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
        if (this.gaeaSecurityProperties.isCorsEnabled()) {
            httpSecurity.cors(Customizer.withDefaults());
        }
        if (this.gaeaSecurityProperties.getAuthDisabled()) {
            return;
        }
        httpSecurity.addFilterBefore(this.jwtTokenAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
    }
}
