package com.feingto.cloud.security.oauth2.config.annotation.web.config;

import com.feingto.cloud.domain.enums.RoleType;
import com.feingto.cloud.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
import com.feingto.cloud.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import java.util.Objects;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.boot.actuate.health.HealthEndpoint;
import org.springframework.boot.actuate.info.InfoEndpoint;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.web.util.matcher.RequestMatcher;

@org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer
@Configuration
/* loaded from: input_file:com/feingto/cloud/security/oauth2/config/annotation/web/config/ResourceServerAutoConfiguration.class */
public class ResourceServerAutoConfiguration extends ResourceServerConfigurerAdapter {
    private ResourceSecurityMatchAdapter resourceSecurityMatchAdapter;

    @Value("${management.endpoints.web.base-path:actuator}")
    private String actuatorPath;

    @Autowired(required = false)
    public ResourceServerAutoConfiguration(ResourceSecurityMatchAdapter resourceSecurityMatchAdapter) {
        this.resourceSecurityMatchAdapter = resourceSecurityMatchAdapter;
    }

    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) {
        resourceServerSecurityConfigurer.authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()).accessDeniedHandler(new OAuth2AccessDeniedHandler());
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        if (Objects.isNull(this.resourceSecurityMatchAdapter)) {
            this.resourceSecurityMatchAdapter = new ResourceSecurityMatchAdapter().setAuthorize("/api/v1/**");
        }
        ((HttpSecurity.RequestMatcherConfigurer) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ResourceSecurityMatchAdapter) httpSecurity.apply(this.resourceSecurityMatchAdapter)).and().authorizeRequests().antMatchers(HttpMethod.OPTIONS)).permitAll().requestMatchers(new RequestMatcher[]{EndpointRequest.to(new Class[]{HealthEndpoint.class, InfoEndpoint.class})})).permitAll().requestMatchers(new RequestMatcher[]{EndpointRequest.toAnyEndpoint()})).hasAnyAuthority(new String[]{"ROLE_" + RoleType.ADMIN, "ROLE_" + RoleType.ACTUATOR}).and().requestMatchers().antMatchers(new String[]{this.actuatorPath + "/**"})).and().headers().frameOptions().sameOrigin();
    }

    public ResourceServerAutoConfiguration() {
    }
}
