package fr.zebasto.spring.identity.configuration;

import fr.zebasto.spring.identity.security.IdentityUserDetailsService;
import fr.zebasto.spring.identity.security.impl.RestAuthenticationFailureHandler;
import fr.zebasto.spring.identity.security.impl.RestAuthenticationSuccessHandler;
import fr.zebasto.spring.identity.security.impl.RestHttpAuthenticationEntryPoint;
import fr.zebasto.spring.identity.security.impl.RestLogoutSuccessHandler;
import fr.zebasto.spring.identity.support.beans.SecurityBean;
import fr.zebasto.spring.identity.support.properties.WebappProperties;
import java.util.ArrayList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.expression.WebExpressionVoter;
import org.springframework.util.ClassUtils;

@EnableWebMvcSecurity
@Configuration
@EnableWebSecurity
@ConditionalOnProperty(prefix = "spring.identity.security", value = {"enabled"}, matchIfMissing = true)
/* loaded from: input_file:fr/zebasto/spring/identity/configuration/IdentitySecurityConfig.class */
public class IdentitySecurityConfig extends WebSecurityConfigurerAdapter {
    private static final String LIST_VIEW = "list.html";
    private static final String CREATE_VIEW = "create.html";
    private static final String UPDATE_VIEW = "update.html";
    private static final String LIST_ACTION = "read";
    private static final String CREATE_ACTION = "create";
    private static final String UPDATE_ACTION = "update";
    private static final String ACTION_TARGET = "actions";
    private static final String APPLICATION_TARGET = "applications";
    private static final String GROUP_TARGET = "groups";
    private static final String PERMISSION_TARGET = "permissions";
    private static final String ROLE_TARGET = "roles";
    private static final String USER_TARGET = "users";
    private static final String HTML_WILDCARD = "*.html";

    @Autowired
    private WebappProperties webappProperties;

    @Autowired
    private SecurityBean securityBean;

    @Autowired
    private IdentityUserDetailsService userDetailsService;

    @Autowired
    private RestAuthenticationFailureHandler restAuthenticationFailureHandler;

    @Autowired
    private RestAuthenticationSuccessHandler restAuthenticationSuccessHandler;

    @Autowired
    private RestHttpAuthenticationEntryPoint restHttpAuthenticationEntryPoint;

    @Autowired
    private RestLogoutSuccessHandler restLogoutSuccessHandler;

    @Autowired
    private ObjectPostProcessor<Object> objectPostProcessor;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean(name = {"webExpressionVoter"})
    public WebExpressionVoter webExpressionVoter() {
        return new WebExpressionVoter();
    }

    @Bean(name = {"webAccessDecisionManager"})
    public AccessDecisionManager defaultAccessDecisionManager() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(webExpressionVoter());
        return new AffirmativeBased(arrayList);
    }

    @Bean(name = {"authenticationManager"})
    public AuthenticationManager authenticationManager() throws Exception {
        AuthenticationManagerBuilder authenticationManagerBuilder = new AuthenticationManagerBuilder(this.objectPostProcessor);
        authenticationManagerBuilder.userDetailsService(this.userDetailsService);
        authenticationManagerBuilder.authenticationProvider(this.userDetailsService);
        return (AuthenticationManager) authenticationManagerBuilder.build();
    }

    public UserDetailsService userDetailsServiceBean() throws Exception {
        return this.userDetailsService;
    }

    public void init(WebSecurity webSecurity) throws Exception {
        super.init(webSecurity);
        if (ClassUtils.isPresent("org.h2.server.web.WebServlet", IdentitySecurityConfig.class.getClassLoader())) {
            webSecurity.ignoring().antMatchers(new String[]{"/console/*"});
        }
        webSecurity.ignoring().antMatchers(new String[]{"/css/**", "/images/**", "/fonts/**", "/js/**", this.webappProperties.getViews() + "/" + HTML_WILDCARD, "/index.html", "/favicon.ico"});
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().accessDecisionManager(defaultAccessDecisionManager()).and().authorizeRequests().antMatchers(new String[]{this.webappProperties.getViews() + "/" + HTML_WILDCARD, "/index.html", "/favicon.ico"})).permitAll().antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getActions() + "/" + CREATE_VIEW})).hasAuthority(this.securityBean.getPermission(CREATE_ACTION, ACTION_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getActions() + "/" + LIST_VIEW})).hasAuthority(this.securityBean.getPermission(LIST_ACTION, ACTION_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getActions() + "/" + UPDATE_VIEW})).hasAuthority(this.securityBean.getPermission(UPDATE_ACTION, ACTION_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getApplications() + "/" + CREATE_VIEW})).hasAuthority(this.securityBean.getPermission(CREATE_ACTION, APPLICATION_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getApplications() + "/" + LIST_VIEW})).hasAuthority(this.securityBean.getPermission(LIST_ACTION, APPLICATION_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getApplications() + "/" + UPDATE_VIEW})).hasAuthority(this.securityBean.getPermission(UPDATE_ACTION, APPLICATION_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getGroups() + "/" + CREATE_VIEW})).hasAuthority(this.securityBean.getPermission(CREATE_ACTION, GROUP_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getGroups() + "/" + LIST_VIEW})).hasAuthority(this.securityBean.getPermission(LIST_ACTION, GROUP_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getGroups() + "/" + UPDATE_VIEW})).hasAuthority(this.securityBean.getPermission(UPDATE_ACTION, GROUP_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getPermissions() + "/" + CREATE_VIEW})).hasAuthority(this.securityBean.getPermission(CREATE_ACTION, PERMISSION_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getPermissions() + "/" + LIST_VIEW})).hasAuthority(this.securityBean.getPermission(LIST_ACTION, PERMISSION_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getPermissions() + "/" + UPDATE_VIEW})).hasAuthority(this.securityBean.getPermission(UPDATE_ACTION, PERMISSION_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getRoles() + "/" + CREATE_VIEW})).hasAuthority(this.securityBean.getPermission(CREATE_ACTION, ROLE_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getRoles() + "/" + LIST_VIEW})).hasAuthority(this.securityBean.getPermission(LIST_ACTION, ROLE_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getRoles() + "/" + UPDATE_VIEW})).hasAuthority(this.securityBean.getPermission(UPDATE_ACTION, ROLE_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getUsers() + "/" + CREATE_VIEW})).hasAuthority(this.securityBean.getPermission(CREATE_ACTION, USER_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getUsers() + "/" + LIST_VIEW})).hasAuthority(this.securityBean.getPermission(LIST_ACTION, USER_TARGET)).antMatchers(new String[]{this.webappProperties.getViews() + "/" + this.webappProperties.getUsers() + "/" + UPDATE_VIEW})).hasAuthority(this.securityBean.getPermission(UPDATE_ACTION, USER_TARGET)).and().formLogin().successHandler(this.restAuthenticationSuccessHandler).failureHandler(this.restAuthenticationFailureHandler).loginProcessingUrl("/j_spring_security_check").and().logout().logoutUrl("/j_spring_security_logout").logoutSuccessHandler(this.restLogoutSuccessHandler).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).sessionFixation().none().and().exceptionHandling().authenticationEntryPoint(this.restHttpAuthenticationEntryPoint).and().csrf().disable();
    }
}
