package net.sf.jguard.core.authorization.filters;

import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permission;
import javax.security.auth.Subject;
import net.sf.jguard.core.authorization.AuthorizationBindings;
import net.sf.jguard.core.authorization.policy.AccessControllerWrapper;
import net.sf.jguard.core.filters.FilterChain;
import net.sf.jguard.core.lifecycle.Request;
import net.sf.jguard.core.lifecycle.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;

/* loaded from: input_file:net/sf/jguard/core/authorization/filters/PolicyDecisionPoint.class */
public abstract class PolicyDecisionPoint<Req, Res> implements AuthorizationFilter<Req, Res> {
    private static final Logger logger = LoggerFactory.getLogger(PolicyDecisionPoint.class.getName());
    protected AuthorizationBindings<Req, Res> authorizationBindings;
    protected AccessControllerWrapper accessControllerWrapper;
    public static final String PERMISSION = "permission";

    public PolicyDecisionPoint(AuthorizationBindings<Req, Res> authorizationBindings, AccessControllerWrapper accessControllerWrapper) {
        this.authorizationBindings = null;
        this.authorizationBindings = authorizationBindings;
        this.accessControllerWrapper = accessControllerWrapper;
    }

    @Override // net.sf.jguard.core.filters.Filter
    public void doFilter(Request<Req> request, Response<Res> response, FilterChain<Req, Res> filterChain) {
        Permission permissionRequested = this.authorizationBindings.getPermissionRequested(request);
        if (null == permissionRequested) {
            throw new IllegalStateException("no permission is requested ... i.e, authorizationBindings cannot represent as a Permission the actual request");
        }
        try {
            MDC.put(PERMISSION, permissionRequested.getClass().getSimpleName() + "|" + permissionRequested.getName() + "|" + permissionRequested.getActions());
            if (!this.accessControllerWrapper.hasPermission(Subject.getSubject(AccessController.getContext()), permissionRequested)) {
                logger.debug(" access is denied ");
                throw new AccessControlException("access denied to Permission ", this.authorizationBindings.getPermissionRequested(request));
            }
            logger.debug(" authorize access to resource protected by permission " + permissionRequested.getClass().getName() + " name=" + permissionRequested.getName() + " actions=" + permissionRequested.getActions());
            filterChain.doFilter(request, response);
            MDC.remove(PERMISSION);
        } catch (Throwable th) {
            MDC.remove(PERMISSION);
            throw th;
        }
    }
}
