package org.apache.shiro.biz.web.filter.authc;

import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.serializer.SerializerFeature;
import java.io.IOException;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.biz.ShiroBizMessageSource;
import org.apache.shiro.biz.authc.AuthcResponse;
import org.apache.shiro.biz.authc.AuthcResponseCode;
import org.apache.shiro.biz.authc.AuthenticationFailureHandler;
import org.apache.shiro.biz.authc.AuthenticationSuccessHandler;
import org.apache.shiro.biz.authc.exception.SessionRestrictedException;
import org.apache.shiro.biz.authc.exception.TerminalRestrictedException;
import org.apache.shiro.biz.utils.StringUtils;
import org.apache.shiro.biz.utils.WebUtils;
import org.apache.shiro.biz.web.filter.authc.listener.LoginListener;
import org.apache.shiro.biz.web.servlet.AuthenticatingHttpServlet;
import org.apache.shiro.biz.web.servlet.http.HttpStatus;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.CollectionUtils;
import org.apache.shiro.util.ThreadContext;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.NoSuchMessageException;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:org/apache/shiro/biz/web/filter/authc/AbstractAuthenticatingFilter.class */
public abstract class AbstractAuthenticatingFilter extends FormAuthenticationFilter {
    private static final Logger LOG = LoggerFactory.getLogger(AbstractAuthenticatingFilter.class);
    private static final String DEFAULT_SESSION_RESTRICTED_ATTR_NAME = "session-restricted";
    private List<LoginListener> loginListeners;
    private List<AuthenticationSuccessHandler> successHandlers;
    private List<AuthenticationFailureHandler> failureHandlers;
    private SessionDAO sessionDao;
    private String unauthorizedUrl;
    protected MessageSourceAccessor messages = ShiroBizMessageSource.getAccessor();
    private boolean sessionStateless = false;
    private boolean sessionRestrictable = false;
    private String sessionRestrictedAttributeName = DEFAULT_SESSION_RESTRICTED_ATTR_NAME;
    private int sessionMaximumRestrict = 1000;
    private int sessionTerminalRestrict = 1;

    public AbstractAuthenticatingFilter() {
        setLoginUrl(AuthenticatingHttpServlet.DEFAULT_LOGIN_URL);
    }

    protected void setHeader(HttpServletResponse httpServletResponse, String str, String str2) {
        if (!StringUtils.hasText(str2) || httpServletResponse.getHeaderNames().stream().anyMatch(str3 -> {
            return StringUtils.equalsIgnoreCase(str3, str);
        })) {
            return;
        }
        httpServletResponse.setHeader(str, str2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Filter:{} Set HTTP HEADER: {}:{}.", new Object[]{getName(), str, str2});
        }
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        if (!http.getMethod().equals(RequestMethod.OPTIONS.name())) {
            if (isSessionStateless()) {
                return false;
            }
            return super.isAccessAllowed(servletRequest, servletResponse, obj);
        }
        setHeader(http2, "Access-Control-Allow-Credentials", "true");
        setHeader(http2, "Access-Control-Allow-Origin", http.getHeader("Origin"));
        http2.setStatus(HttpStatus.SC_OK);
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject getSubject(ServletRequest servletRequest, ServletResponse servletResponse) {
        if (!isSessionStateless()) {
            return super.getSubject(servletRequest, servletResponse);
        }
        Subject buildSubject = new Subject.Builder().buildSubject();
        ThreadContext.bind(buildSubject);
        return buildSubject;
    }

    protected boolean executeLogin(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        AuthenticationToken createToken = createToken(servletRequest, servletResponse);
        if (createToken == null) {
            throw new IllegalStateException("createToken method implementation returned null. A valid non-null AuthenticationToken must be created in order to execute a login attempt.");
        }
        try {
            Subject subject = getSubject(servletRequest, servletResponse);
            if (isSessionRestrictable()) {
                if (this.sessionDao == null) {
                    throw new IllegalStateException("sessionDao must be set for this filter");
                }
                Collection activeSessions = getSessionDao().getActiveSessions();
                if (activeSessions.size() >= getSessionMaximumRestrict()) {
                    throw new SessionRestrictedException("Online user quota is full, please login again later.");
                }
                int i = 0;
                Iterator it = activeSessions.iterator();
                while (it.hasNext()) {
                    Object attribute = ((Session) it.next()).getAttribute(getSessionRestrictedAttributeName());
                    if (attribute != null && attribute.equals(createToken.getPrincipal())) {
                        i++;
                    }
                    if (i >= getSessionTerminalRestrict()) {
                        throw new TerminalRestrictedException("This user terminal login quota is full, please log in later.");
                    }
                }
                subject.getSession().setAttribute(getSessionRestrictedAttributeName(), createToken.getPrincipal());
            }
            subject.login(createToken);
            return onLoginSuccess(createToken, subject, servletRequest, servletResponse);
        } catch (AuthenticationException e) {
            return onLoginFailure(createToken, e, servletRequest, servletResponse);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean onLoginSuccess(AuthenticationToken authenticationToken, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (getLoginListeners() != null && getLoginListeners().size() > 0) {
            Iterator<LoginListener> it = getLoginListeners().iterator();
            while (it.hasNext()) {
                it.next().onSuccess(authenticationToken, subject, servletRequest, servletResponse);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.error("Host {} Authentication Success : {}", getHost(servletRequest), JSONObject.toJSONString(subject.getPrincipal()));
        }
        if (!WebUtils.isAjaxResponse(servletRequest)) {
            issueSuccessRedirect(servletRequest, servletResponse);
            return false;
        }
        if (CollectionUtils.isEmpty(this.successHandlers)) {
            writeSuccessString(authenticationToken, subject, servletRequest, servletResponse);
            return false;
        }
        boolean z = false;
        Iterator<AuthenticationSuccessHandler> it2 = this.successHandlers.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            AuthenticationSuccessHandler next = it2.next();
            if (next != null && next.supports(authenticationToken)) {
                next.onAuthenticationSuccess(authenticationToken, servletRequest, servletResponse, subject);
                z = true;
                break;
            }
        }
        if (z) {
            return false;
        }
        writeSuccessString(authenticationToken, subject, servletRequest, servletResponse);
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void writeSuccessString(AuthenticationToken authenticationToken, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
        WebUtils.toHttp(servletResponse).setStatus(HttpStatus.SC_OK);
        servletResponse.setContentType("application/json;charset=UTF-8");
        JSONObject.writeJSONString(servletResponse.getWriter(), AuthcResponse.success(this.messages.getMessage(AuthcResponseCode.SC_AUTHC_SUCCESS.getMsgKey())), new SerializerFeature[0]);
    }

    protected boolean onLoginFailure(AuthenticationToken authenticationToken, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse) {
        if (getLoginListeners() != null && getLoginListeners().size() > 0) {
            Iterator<LoginListener> it = getLoginListeners().iterator();
            while (it.hasNext()) {
                it.next().onFailure(authenticationToken, authenticationException, servletRequest, servletResponse);
            }
        }
        LOG.error("Host {} Authentication Failure : {}", getHost(servletRequest), authenticationException.getMessage());
        if (!WebUtils.isAjaxResponse(servletRequest)) {
            setFailureAttribute(servletRequest, authenticationException);
            return true;
        }
        if (CollectionUtils.isEmpty(this.failureHandlers)) {
            writeFailureString(authenticationToken, authenticationException, servletRequest, servletResponse);
            return false;
        }
        boolean z = false;
        Iterator<AuthenticationFailureHandler> it2 = this.failureHandlers.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            AuthenticationFailureHandler next = it2.next();
            if (next != null && next.supports(authenticationException)) {
                next.onAuthenticationFailure(authenticationToken, servletRequest, servletResponse, authenticationException);
                z = true;
                break;
            }
        }
        if (z) {
            return false;
        }
        writeFailureString(authenticationToken, authenticationException, servletRequest, servletResponse);
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void writeFailureString(AuthenticationToken authenticationToken, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse) {
        try {
            WebUtils.toHttp(servletResponse).setStatus(HttpStatus.SC_UNAUTHORIZED);
            servletResponse.setContentType("application/json;charset=UTF-8");
            JSONObject.writeJSONString(servletResponse.getWriter(), AuthcResponse.fail(this.messages.getMessage(AuthcResponseCode.SC_AUTHC_FAIL.getMsgKey())), new SerializerFeature[0]);
        } catch (NoSuchMessageException e) {
            throw new AuthenticationException(e);
        } catch (IOException e2) {
            throw new AuthenticationException(e2);
        }
    }

    protected String getHost(ServletRequest servletRequest) {
        return WebUtils.getRemoteAddr(servletRequest);
    }

    protected boolean onAccessSuccess(AuthenticationToken authenticationToken, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) {
        return true;
    }

    protected boolean onAccessFailure(AuthenticationToken authenticationToken, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse) {
        LOG.error("Host {} Authentication Failure : {}", getHost(servletRequest), authenticationException.getMessage());
        if (!WebUtils.isAjaxResponse(servletRequest)) {
            setFailureAttribute(servletRequest, authenticationException);
            return false;
        }
        if (CollectionUtils.isEmpty(this.failureHandlers)) {
            writeFailureString(authenticationToken, authenticationException, servletRequest, servletResponse);
            return false;
        }
        boolean z = false;
        Iterator<AuthenticationFailureHandler> it = this.failureHandlers.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            AuthenticationFailureHandler next = it.next();
            if (next != null && next.supports(authenticationException)) {
                next.onAuthenticationFailure(authenticationToken, servletRequest, servletResponse, authenticationException);
                z = true;
                break;
            }
        }
        if (z) {
            return false;
        }
        writeFailureString(authenticationToken, authenticationException, servletRequest, servletResponse);
        return false;
    }

    public List<LoginListener> getLoginListeners() {
        return this.loginListeners;
    }

    public void setLoginListeners(List<LoginListener> list) {
        this.loginListeners = list;
    }

    public SessionDAO getSessionDao() {
        return this.sessionDao;
    }

    public void setSessionDao(SessionDAO sessionDAO) {
        this.sessionDao = sessionDAO;
    }

    public boolean isSessionStateless() {
        return this.sessionStateless;
    }

    public void setSessionStateless(boolean z) {
        this.sessionStateless = z;
    }

    public boolean isSessionRestrictable() {
        return this.sessionRestrictable;
    }

    public void setSessionRestrictable(boolean z) {
        this.sessionRestrictable = z;
    }

    public String getSessionRestrictedAttributeName() {
        return this.sessionRestrictedAttributeName;
    }

    public void setSessionRestrictedAttributeName(String str) {
        this.sessionRestrictedAttributeName = str;
    }

    public int getSessionMaximumRestrict() {
        return this.sessionMaximumRestrict;
    }

    public void setSessionMaximumRestrict(int i) {
        this.sessionMaximumRestrict = i;
    }

    public int getSessionTerminalRestrict() {
        return this.sessionTerminalRestrict;
    }

    public void setSessionTerminalRestrict(int i) {
        this.sessionTerminalRestrict = i;
    }

    public String getUnauthorizedUrl() {
        return this.unauthorizedUrl;
    }

    public void setUnauthorizedUrl(String str) {
        this.unauthorizedUrl = str;
    }

    public List<AuthenticationSuccessHandler> getSuccessHandlers() {
        return this.successHandlers;
    }

    public void setSuccessHandlers(List<AuthenticationSuccessHandler> list) {
        this.successHandlers = list;
    }

    public List<AuthenticationFailureHandler> getFailureHandlers() {
        return this.failureHandlers;
    }

    public void setFailureHandlers(List<AuthenticationFailureHandler> list) {
        this.failureHandlers = list;
    }
}
