package ir.msob.jima.security.api.restful.it;

import ir.msob.jima.security.commons.JwtReactiveRoleConverter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverter;
import org.springframework.security.web.server.SecurityWebFilterChain;
import reactor.core.publisher.Mono;

@EnableReactiveMethodSecurity
@EnableWebFluxSecurity
@Configuration
/* loaded from: input_file:ir/msob/jima/security/api/restful/it/WebSecurityConfiguration.class */
public class WebSecurityConfiguration {
    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity serverHttpSecurity, JwtReactiveRoleConverter jwtReactiveRoleConverter) {
        ReactiveJwtAuthenticationConverter reactiveJwtAuthenticationConverter = new ReactiveJwtAuthenticationConverter();
        reactiveJwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwtReactiveRoleConverter);
        serverHttpSecurity.oauth2Client(Customizer.withDefaults()).exceptionHandling(exceptionHandlingSpec -> {
            exceptionHandlingSpec.authenticationEntryPoint((serverWebExchange, authenticationException) -> {
                return Mono.fromRunnable(() -> {
                    serverWebExchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
                });
            }).accessDeniedHandler((serverWebExchange2, accessDeniedException) -> {
                return Mono.fromRunnable(() -> {
                    serverWebExchange2.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
                });
            });
        }).csrf((v0) -> {
            v0.disable();
        }).formLogin((v0) -> {
            v0.disable();
        }).httpBasic((v0) -> {
            v0.disable();
        }).authorizeExchange(authorizeExchangeSpec -> {
            ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) authorizeExchangeSpec.pathMatchers(HttpMethod.OPTIONS)).permitAll().pathMatchers(new String[]{"/actuator/**"})).permitAll().pathMatchers(new String[]{"/swagger-ui/**", "/swagger-ui.html", "/webjars/**", "/swagger-resources/**", "/v2/api-docs**"})).permitAll().anyExchange().authenticated();
        }).oauth2ResourceServer(oAuth2ResourceServerSpec -> {
            oAuth2ResourceServerSpec.jwt(jwtSpec -> {
                jwtSpec.jwtAuthenticationConverter(reactiveJwtAuthenticationConverter);
            });
        });
        return serverHttpSecurity.build();
    }
}
