package com.github.surpassm.security.config;

import com.github.surpassm.security.authorize.AuthorizeCofigManager;
import com.github.surpassm.security.filter.SurpassmAuthenticationManager;
import com.github.surpassm.security.handler.SurpassmAuthenctiationFailureHandler;
import com.github.surpassm.security.handler.SurpassmAuthenticationSuccessHandler;
import com.github.surpassm.security.properties.SecurityProperties;
import javax.annotation.Resource;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.session.InvalidSessionStrategy;
import org.springframework.security.web.session.SessionInformationExpiredStrategy;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.cors.CorsUtils;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:com/github/surpassm/security/config/SecurityConfiguration.class */
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Resource
    private SecurityProperties securityProperties;

    @Resource
    private SurpassmAuthenctiationFailureHandler surpassmAuthenctiationFailureHandler;

    @Resource
    private SurpassmAuthenticationSuccessHandler surpassmAuthenticationSuccessHandler;

    @Resource
    private AuthorizeCofigManager authorizeCofigManager;

    @Resource
    private InvalidSessionStrategy invalidSessionStrategy;

    @Resource
    private SessionInformationExpiredStrategy sessionInformationExpiredStrategy;

    @Resource
    private LogoutSuccessHandler logoutSuccessHandler;

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.formLogin().loginPage(this.securityProperties.getDefaultUnauthenticatedUrl()).loginProcessingUrl(this.securityProperties.getDefaultLoginProcessingUrlFrom()).successHandler(this.surpassmAuthenticationSuccessHandler).failureHandler(this.surpassmAuthenctiationFailureHandler).usernameParameter(this.securityProperties.getUsernameParameter()).passwordParameter(this.securityProperties.getPasswordParameter()).and().logout().logoutUrl(this.securityProperties.getDefaultLoginOutUrl()).logoutSuccessHandler(this.logoutSuccessHandler).deleteCookies(new String[]{"SESSION_ID"}).and().cors().and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).disable();
        httpSecurity.headers().frameOptions().sameOrigin();
        this.authorizeCofigManager.config(httpSecurity.authorizeRequests());
        SurpassmAuthenticationManager surpassmAuthenticationManager = new SurpassmAuthenticationManager();
        surpassmAuthenticationManager.setAuthenticationManager((AuthenticationManager) httpSecurity.getSharedObject(AuthenticationManager.class));
        httpSecurity.addFilterAfter(surpassmAuthenticationManager, UsernamePasswordAuthenticationFilter.class);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().requestMatchers(new RequestMatcher[]{CorsUtils::isPreFlightRequest})).permitAll();
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}
