package com.baomidou.shaun.core.filter;

import com.baomidou.shaun.core.config.CoreConfig;
import com.baomidou.shaun.core.context.ProfileHolder;
import com.baomidou.shaun.core.profile.TokenProfile;
import com.baomidou.shaun.core.util.HttpActionInstance;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.exception.http.HttpAction;
import org.pac4j.core.matching.matcher.Matcher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/baomidou/shaun/core/filter/SecurityFilter.class */
public class SecurityFilter extends AbstractShaunFilter {
    private static final Logger log = LoggerFactory.getLogger(SecurityFilter.class);

    public SecurityFilter(Matcher matcher) {
        super(matcher);
    }

    @Override // com.baomidou.shaun.core.filter.AbstractShaunFilter
    protected HttpAction matchThen(CoreConfig coreConfig, CallContext callContext) {
        if (log.isDebugEnabled()) {
            log.debug("access security for path : \"{}\" -> \"{}\"", callContext.webContext().getPath(), callContext.webContext().getRequestMethod());
        }
        TokenProfile profile = coreConfig.getProfileTokenManager().getProfile(callContext);
        if (profile != null && coreConfig.getProfileStateManager().isOnline(profile)) {
            if (!coreConfig.authorizationChecker(callContext, profile)) {
                return HttpActionInstance.FORBIDDEN;
            }
            ProfileHolder.setProfile(profile);
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("authenticated and authorized -> grant access");
            return null;
        }
        return HttpActionInstance.UNAUTHORIZED;
    }

    @Override // com.baomidou.shaun.core.filter.ShaunFilter
    public int order() {
        return 200;
    }
}
