package com.github.alanger.shiroext.web;

import java.io.IOException;
import java.util.Arrays;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.StringUtils;
import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/alanger/shiroext/web/PermissionsAuthzFilter.class */
public class PermissionsAuthzFilter extends PermissionsAuthorizationFilter implements ISilent {
    protected static final String PERMS = RequiresPermissions.class.getCanonicalName();
    private final Logger log = LoggerFactory.getLogger((Class<?>) PermissionsAuthzFilter.class);
    protected Logical logicalGlobal = Logical.AND;
    private boolean silent = false;

    @Override // com.github.alanger.shiroext.web.ISilent
    public boolean isSilent() {
        return this.silent;
    }

    @Override // com.github.alanger.shiroext.web.ISilent
    public void setSilent(boolean z) {
        this.silent = z;
    }

    @Override // org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter, org.apache.shiro.web.filter.AccessControlFilter
    public boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws IOException {
        String[] strArr = (String[]) obj;
        boolean isRequiresPermissions = isRequiresPermissions(this.logicalGlobal, strArr);
        if (!isRequiresPermissions) {
            servletRequest.setAttribute(PERMS, strArr);
        }
        if (this.log.isTraceEnabled()) {
            this.log.trace("isAccessAllowed isPermitted: {} , logical: {} , path: {} , values: {}", Boolean.valueOf(isRequiresPermissions), this.logicalGlobal, WebUtils.toHttp(servletRequest).getPathInfo(), Arrays.toString(strArr));
        }
        return isRequiresPermissions;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.filter.authz.AuthorizationFilter, org.apache.shiro.web.filter.AccessControlFilter
    public boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        Subject subject = getSubject(servletRequest, servletResponse);
        boolean isXMLHttpRequest = Utils.isXMLHttpRequest(servletRequest);
        if (subject.getPrincipal() != null) {
            String unauthorizedUrl = getUnauthorizedUrl();
            if (isSilent()) {
                WebUtils.toHttp(servletResponse).setStatus(403);
            } else if (isSilent() || (!isXMLHttpRequest && StringUtils.hasText(unauthorizedUrl))) {
                WebUtils.issueRedirect(servletRequest, servletResponse, unauthorizedUrl);
            } else {
                WebUtils.toHttp(servletResponse).sendError(403, getErrorMessage(this.logicalGlobal, servletRequest.getAttribute(PERMS)));
            }
        } else if (isSilent()) {
            WebUtils.toHttp(servletResponse).setStatus(401);
        } else if (isSilent() || !isXMLHttpRequest) {
            saveRequestAndRedirectToLogin(servletRequest, servletResponse);
        } else {
            WebUtils.toHttp(servletResponse).sendError(401);
        }
        if (!this.log.isTraceEnabled()) {
            return false;
        }
        this.log.trace("onAccessDenied principal: {} , logical: {} , path: {}", subject.getPrincipal(), this.logicalGlobal, WebUtils.toHttp(servletRequest).getPathInfo());
        return false;
    }

    public static boolean isRequiresPermissions(RequiresPermissions requiresPermissions) {
        if (requiresPermissions == null) {
            return true;
        }
        return isRequiresPermissions(requiresPermissions.logical(), requiresPermissions.value());
    }

    public static boolean isRequiresPermissions(Logical logical, String[] strArr) {
        Subject subject = SecurityUtils.getSubject();
        boolean z = false;
        if (Logical.OR.equals(logical)) {
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (subject.isPermitted(strArr[i])) {
                    z = true;
                    break;
                }
                i++;
            }
        } else if (Logical.AND.equals(logical)) {
            z = subject.isPermittedAll(strArr);
        }
        return z;
    }

    public static String getErrorMessage(RequiresPermissions requiresPermissions) {
        return getErrorMessage(requiresPermissions.logical(), requiresPermissions.value());
    }

    public static String getErrorMessage(Logical logical, Object obj) {
        return getErrorMessage(logical) + (obj != null ? Arrays.toString((String[]) obj) : "");
    }

    public static String getErrorMessage(Logical logical) {
        return "Forbidden - Subject " + SecurityUtils.getSubject().getPrincipal() + " does not have required " + (Logical.OR.equals(logical) ? "permission " : "permissions ");
    }
}
