package org.apache.shiro.biz.web.filter.authz;

import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.serializer.SerializerFeature;
import java.io.IOException;
import java.util.List;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.biz.authc.AuthcResponse;
import org.apache.shiro.biz.authz.AuthorizationFailureHandler;
import org.apache.shiro.biz.authz.AuthorizationSuccessHandler;
import org.apache.shiro.biz.utils.StringUtils;
import org.apache.shiro.biz.utils.WebUtils;
import org.apache.shiro.biz.web.servlet.http.HttpStatus;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.CollectionUtils;
import org.apache.shiro.util.ThreadContext;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:org/apache/shiro/biz/web/filter/authz/AbstracAuthorizationFilter.class */
public abstract class AbstracAuthorizationFilter extends AuthorizationFilter {
    private static final Logger LOG = LoggerFactory.getLogger(AbstracAuthorizationFilter.class);
    private boolean sessionStateless = false;
    private List<AuthorizationSuccessHandler> successHandlers;
    private List<AuthorizationFailureHandler> failureHandlers;

    protected void setHeader(HttpServletResponse httpServletResponse, String str, String str2) {
        if (!StringUtils.hasText(str2) || httpServletResponse.getHeaderNames().stream().anyMatch(str3 -> {
            return StringUtils.equalsIgnoreCase(str3, str);
        })) {
            return;
        }
        httpServletResponse.setHeader(str, str2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Filter:{} Set HTTP HEADER: {}:{}.", new Object[]{getName(), str, str2});
        }
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        if (!http.getMethod().equals(RequestMethod.OPTIONS.name())) {
            return !isSessionStateless();
        }
        setHeader(http2, "Access-Control-Allow-Credentials", "true");
        setHeader(http2, "Access-Control-Allow-Origin", http.getHeader("Origin"));
        http2.setStatus(HttpStatus.SC_OK);
        return false;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        if (getSubject(servletRequest, servletResponse).getPrincipal() == null) {
            if (WebUtils.isAjaxResponse(servletRequest)) {
                WebUtils.toHttp(servletResponse).setStatus(HttpStatus.SC_UNAUTHORIZED);
                servletResponse.setContentType("application/json;charset=UTF-8");
                JSONObject.writeJSONString(servletResponse.getWriter(), AuthcResponse.error("Unauthentication."), new SerializerFeature[0]);
                return false;
            }
            if (isSessionStateless()) {
                redirectToLogin(servletRequest, servletResponse);
                return false;
            }
            saveRequestAndRedirectToLogin(servletRequest, servletResponse);
            return false;
        }
        if (WebUtils.isAjaxResponse(servletRequest)) {
            WebUtils.toHttp(servletResponse).setStatus(HttpStatus.SC_FORBIDDEN);
            servletResponse.setContentType("application/json;charset=UTF-8");
            JSONObject.writeJSONString(servletResponse.getWriter(), AuthcResponse.error("Forbidden."), new SerializerFeature[0]);
            return false;
        }
        String unauthorizedUrl = getUnauthorizedUrl();
        if (StringUtils.hasText(unauthorizedUrl)) {
            WebUtils.issueRedirect(servletRequest, servletResponse, unauthorizedUrl);
            return false;
        }
        WebUtils.toHttp(servletResponse).sendError(HttpStatus.SC_UNAUTHORIZED);
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject getSubject(ServletRequest servletRequest, ServletResponse servletResponse) {
        if (!isSessionStateless()) {
            return super.getSubject(servletRequest, servletResponse);
        }
        Subject buildSubject = new Subject.Builder().buildSubject();
        ThreadContext.bind(buildSubject);
        return buildSubject;
    }

    protected boolean onAccessSuccess(Object obj, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.error("Host {} Authorization Success : {}", getHost(servletRequest), JSONObject.toJSONString(subject.getPrincipal()));
        }
        if (CollectionUtils.isEmpty(this.successHandlers)) {
            return true;
        }
        for (AuthorizationSuccessHandler authorizationSuccessHandler : this.successHandlers) {
            if (authorizationSuccessHandler != null && authorizationSuccessHandler.supports(this)) {
                return authorizationSuccessHandler.onAuthorizationSuccess(obj, subject, servletRequest, servletResponse);
            }
        }
        return true;
    }

    protected boolean onAccessFailure(Object obj, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        LOG.error("Host {} Authorization Failure : {}", getHost(servletRequest), authenticationException.getMessage());
        if (CollectionUtils.isEmpty(this.failureHandlers)) {
            return false;
        }
        for (AuthorizationFailureHandler authorizationFailureHandler : this.failureHandlers) {
            if (authorizationFailureHandler != null && authorizationFailureHandler.supports(authenticationException)) {
                return authorizationFailureHandler.onAuthorizationFailure(obj, authenticationException, servletRequest, servletResponse);
            }
        }
        return false;
    }

    protected String getHost(ServletRequest servletRequest) {
        return WebUtils.getRemoteAddr(servletRequest);
    }

    public boolean isSessionStateless() {
        return this.sessionStateless;
    }

    public void setSessionStateless(boolean z) {
        this.sessionStateless = z;
    }

    public List<AuthorizationSuccessHandler> getSuccessHandlers() {
        return this.successHandlers;
    }

    public void setSuccessHandlers(List<AuthorizationSuccessHandler> list) {
        this.successHandlers = list;
    }

    public List<AuthorizationFailureHandler> getFailureHandlers() {
        return this.failureHandlers;
    }

    public void setFailureHandlers(List<AuthorizationFailureHandler> list) {
        this.failureHandlers = list;
    }
}
