package net.sf.jguard.jee.authorization.http;

import java.io.IOException;
import java.security.Permission;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.jguard.core.authentication.AccessContext;
import net.sf.jguard.core.authorization.AuthorizationBindings;
import net.sf.jguard.core.filters.FilterChain;
import net.sf.jguard.jee.HttpPermissionFactory;
import net.sf.jguard.jee.PermissionFactory;
import net.sf.jguard.jee.authentication.http.AccessFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/sf/jguard/jee/authorization/http/HttpServletAuthorizationBindings.class */
public class HttpServletAuthorizationBindings implements AuthorizationBindings {
    private static final Logger logger = LoggerFactory.getLogger(HttpServletAuthorizationBindings.class.getName());
    private PermissionFactory permissionFactory = new HttpPermissionFactory();

    public Permission getPermissionRequested(AccessContext accessContext) {
        return this.permissionFactory.getPermission(accessContext);
    }

    public void setLastAccessDeniedPermission(AccessContext accessContext, Permission permission) {
        ((HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST)).getSession(true).setAttribute("lastAccessDeniedPermission", permission);
    }

    public void accessDenied(AccessContext accessContext) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST);
        HttpServletResponse httpServletResponse = (HttpServletResponse) accessContext.getAttribute(AccessFilter.SERVLET_RESPONSE);
        if (logger.isDebugEnabled()) {
            logger.debug(" access denied to " + httpServletRequest.getRequestURI());
        }
        logger.debug(" access is denied to " + httpServletRequest.getRequestURI() + " accessDeniedURI is not defined  jGuard send 401 http code ");
        httpServletResponse.setStatus(401);
        try {
            if (!httpServletResponse.isCommitted()) {
                httpServletResponse.sendError(401, "access is denied to " + httpServletRequest.getRequestURI());
            }
        } catch (IOException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    public void doFilter(AccessContext accessContext, FilterChain filterChain) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST);
        HttpServletResponse httpServletResponse = (HttpServletResponse) accessContext.getAttribute(AccessFilter.SERVLET_RESPONSE);
        javax.servlet.FilterChain filterChain2 = (javax.servlet.FilterChain) accessContext.getAttribute(AccessFilter.FILTER_CHAIN);
        if (logger.isDebugEnabled()) {
            logger.debug("doFilter() -  access authorized to " + httpServletRequest.getRequestURI());
        }
        if (httpServletResponse.isCommitted()) {
            logger.info(" response is commited ");
            return;
        }
        try {
            filterChain2.doFilter(httpServletRequest, httpServletResponse);
        } catch (Throwable th) {
            throw new RuntimeException(th);
        }
    }

    public void sendThrowable(AccessContext accessContext, Throwable th) {
        logger.error(th.getMessage(), th);
        try {
            ((HttpServletResponse) accessContext.getAttribute(AccessFilter.SERVLET_RESPONSE)).sendError(500);
        } catch (IOException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }
}
