package fish.focus.uvms.rest.security;

import fish.focus.uvms.constants.AuthConstants;
import fish.focus.uvms.exception.ServiceException;
import fish.focus.uvms.rest.security.bean.USMService;
import fish.focus.wsdl.user.types.Context;
import java.io.IOException;
import java.util.Set;
import javax.ejb.EJB;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/usm4uvms-4.1.10.jar:fish/focus/uvms/rest/security/AuthorizationFilter.class */
public class AuthorizationFilter extends AbstractUSMHandler implements Filter, AuthConstants {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizationFilter.class);

    @EJB
    private USMService usmService;

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (servletRequest instanceof UserRoleRequestWrapper) {
            UserRoleRequestWrapper userRoleRequestWrapper = (UserRoleRequestWrapper) servletRequest;
            Set<String> set = null;
            String applicationName = getApplicationName(servletRequest.getServletContext());
            String header = userRoleRequestWrapper.getHeader(AuthConstants.HTTP_HEADER_SCOPE_NAME);
            String header2 = userRoleRequestWrapper.getHeader(AuthConstants.HTTP_HEADER_ROLE_NAME);
            LOGGER.debug("Current requests is with scope '{}', and role '{}'", header, header2);
            try {
                Context userContext = this.usmService.getUserContext(userRoleRequestWrapper.getRemoteUser(), applicationName, header2, header);
                if (userContext == null) {
                    ((HttpServletResponse) servletResponse).sendError(403);
                } else {
                    set = this.usmService.getUserFeatures(userRoleRequestWrapper.getRemoteUser(), userContext);
                }
                if (set == null) {
                    LOGGER.warn("Unauthorized attempt to access resource with scope '{}' and role '{}', which don't exist for the current user.", header, header2);
                } else {
                    userRoleRequestWrapper.setRoles(set);
                }
            } catch (ServiceException | IOException e) {
                ((HttpServletResponse) servletResponse).sendError(401, "Unable to get user context and/or user features.");
                return;
            }
        }
        try {
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (IOException e2) {
            LOGGER.error("failed to call WebFilter chain.doFilter(request,response). Caused by: {}", e2.getMessage());
        }
    }

    public void destroy() {
    }
}
