package net.sf.jguard.jee.authentication.http;

import java.io.IOException;
import java.security.AccessControlContext;
import java.security.Permission;
import java.security.Permissions;
import java.security.Policy;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import net.sf.jguard.core.CoreConstants;
import net.sf.jguard.core.authentication.credentials.JGuardCredential;
import net.sf.jguard.core.authorization.permissions.URLPermission;
import net.sf.jguard.ext.SecurityConstants;
import net.sf.jguard.ext.audit.AuditManager;
import net.sf.jguard.ext.authentication.AuthenticationException;
import net.sf.jguard.ext.authentication.manager.AuthenticationManagerFactory;
import net.sf.jguard.ext.registration.SubjectTemplate;
import net.sf.jguard.ext.util.XMLUtils;
import net.sf.jguard.jee.authentication.callbacks.HttpCallbackHandler;
import net.sf.jguard.jee.authorization.http.HttpAccessControllerUtils;
import net.sf.jguard.jee.util.WebappUtil;
import org.apache.bsf.debug.util.DebugConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.dom4j.Element;

/* loaded from: input_file:WEB-INF/lib/jguard-jee-1.0.2.jar:net/sf/jguard/jee/authentication/http/AccessFilter.class */
public class AccessFilter implements Filter, HttpConstants {
    private static final String DOUBLE_STAR = "\\*\\*";
    public static final Log logger;
    private static String indexURI;
    private static URLPermission authenticationFailedURI;
    private static URLPermission logonURI;
    private static String logonURIStr;
    private static URLPermission logonProcessURI;
    private static Permissions logoffURIs;
    private static URLPermission accessDeniedURI;
    private static URLPermission registerProcessURI;
    private static String registerURI;
    private static String applicationName;
    private static String authScheme;
    private static boolean goToLastAccessDeniedUriOnSuccess;
    private boolean local;
    static Class class$net$sf$jguard$jee$authentication$http$AccessFilter;
    private static final String STAR = "\\*";
    private static Pattern starPattern = Pattern.compile(STAR);

    public void init(FilterConfig filterConfig) throws ServletException {
        logger.debug(new StringBuffer().append("server info = ").append(filterConfig.getServletContext().getServerInfo()).toString());
        logger.debug(new StringBuffer().append("servletContextName=").append(filterConfig.getServletContext().getServletContextName()).toString());
        logger.debug(new StringBuffer().append("servlet Real Path=").append(WebappUtil.getWebappHomePath(filterConfig.getServletContext(), "/")).toString());
        logger.debug(new StringBuffer().append("current Policy=").append(Policy.getPolicy()).toString());
        ServletContext servletContext = filterConfig.getServletContext();
        applicationName = servletContext.getServletContextName();
        if (applicationName == null) {
            logger.fatal(" ServletContext.getServletContextName() return null \n you should fix your web.xml by adding the 'display-name' markup with the name of your webapp ");
            throw new ServletException(" ServletContext.getServletContextName() return null \n you should fix your web.xml by adding the 'display-name' markup with the name of your webapp ");
        }
        setFilterSettings(loadFilterConfiguration(WebappUtil.getWebappHomePath(servletContext, filterConfig.getInitParameter(HttpConstants.CONFIGURATION_LOCATION))));
        servletContext.setAttribute(CoreConstants.APPLICATION_NAME, applicationName);
        servletContext.setAttribute("authScheme", authScheme);
        servletContext.setAttribute(HttpConstants.USERS_IN_SESSION, new ArrayList());
        if (SecurityConstants.JVM_SCOPE.equalsIgnoreCase((String) servletContext.getAttribute(SecurityConstants.AUTHENTICATION_SCOPE))) {
            this.local = false;
        } else {
            this.local = true;
        }
    }

    private void setFilterSettings(Map map) throws ServletException {
        indexURI = (String) map.get(HttpConstants.INDEX_URI);
        authenticationFailedURI = new URLPermission(HttpConstants.AUTHENTICATION_FAILED_URI, (String) map.get(HttpConstants.AUTHENTICATION_FAILED_URI));
        logonProcessURI = new URLPermission(HttpConstants.LOGON_PROCESS_URI, (String) map.get(HttpConstants.LOGON_PROCESS_URI));
        logonURIStr = (String) map.get(HttpConstants.LOGON_URI);
        logonURI = new URLPermission(HttpConstants.LOGON_URI, logonURIStr);
        logoffURIs = new Permissions();
        Iterator it = ((Set) map.get(HttpConstants.LOGOFF_URIS)).iterator();
        while (it.hasNext()) {
            logoffURIs.add(new URLPermission(HttpConstants.LOGOFF_URI, (String) it.next()));
        }
        accessDeniedURI = new URLPermission(HttpConstants.ACCESS_DENIED_URI, (String) map.get(HttpConstants.ACCESS_DENIED_URI));
        registerProcessURI = new URLPermission(HttpConstants.REGISTER_PROCESS_URI, (String) map.get(HttpConstants.REGISTER_PROCESS_URI));
        registerURI = (String) map.get(HttpConstants.REGISTER_URI);
        authScheme = (String) map.get("authScheme");
        if (AuthSchemesHelper.validateAuthScheme(authScheme).contains(HttpConstants.FORM_AUTH)) {
            HttpCallbackHandler.setLoginField((String) map.get("loginField"));
            HttpCallbackHandler.setPasswordField((String) map.get("passwordField"));
        }
        String str = (String) map.get(HttpConstants.GO_TO_LAST_ACCESS_DENIED_URI_ON_SUCCESS);
        if (SchemaSymbols.ATTVAL_FALSE.equalsIgnoreCase(str) || "no".equalsIgnoreCase(str)) {
            goToLastAccessDeniedUriOnSuccess = false;
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        URLPermission uRLPermission = (URLPermission) buildPermission(httpServletRequest);
        Subject subject = HttpAuthenticationUtils.getSubject(httpServletRequest.getSession(true));
        if (subject == null) {
            logger.debug(new StringBuffer().append("LAST_ACCESS_DENIED_URI=").append(uRLPermission.getURI()).toString());
            httpServletRequest.getSession(true).setAttribute(HttpConstants.LAST_ACCESS_DENIED_URI, uRLPermission.getURI());
            AuditManager.addEvent(subject, " subject is null ", " logonProcess phase ");
            logonProcess(new AnonymizerRequestWrapper(httpServletRequest), httpServletResponse);
            return;
        }
        if (authenticationFailedURI.implies(uRLPermission)) {
            StringBuffer stringBuffer = new StringBuffer("subject is not null and URI");
            stringBuffer.append(uRLPermission.getURI());
            stringBuffer.append("= authenticationFailedURI( ").append(authenticationFailedURI.getURI()).append(")");
            AuditManager.addEvent(subject, stringBuffer.toString(), " access authorized ");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (accessDeniedURI.implies(uRLPermission)) {
            StringBuffer stringBuffer2 = new StringBuffer("subject is not null and URI");
            stringBuffer2.append(uRLPermission.getURI());
            stringBuffer2.append("= accessDeniedURI( ").append(accessDeniedURI.getURI()).append(")");
            AuditManager.addEvent(subject, stringBuffer2.toString(), " access authorized ");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (logonURI.implies(uRLPermission)) {
            StringBuffer append = new StringBuffer("uri(").append(uRLPermission.getURI()).append(")");
            append.append(" is equals to logonURI(").append(logonURI.getURI()).append(") ");
            AuditManager.addEvent(subject, append.toString(), " logon phase ");
            HttpCallbackHandler.buildFormChallenge(filterChain, httpServletRequest, httpServletResponse);
            return;
        }
        if (logonProcessURI.implies(uRLPermission)) {
            AuditManager.addEvent(subject, new StringBuffer(" uri(").append(uRLPermission.getURI()).append(")").append("=logonProcessURI(").append(logonProcessURI.getURI()).append(")").toString(), " logonProcess phase ");
            logonProcess(httpServletRequest, httpServletResponse);
            return;
        }
        if (logoffURIs.implies(uRLPermission)) {
            AuditManager.addEvent(subject, new StringBuffer("uri(").append(uRLPermission.getURI()).append(")=logoffURI(").append(uRLPermission.getURI()).append(")").toString(), " logoff phase ");
            logoff(httpServletRequest, httpServletResponse, filterChain);
            return;
        }
        if (registerProcessURI == null || registerURI == null || !registerProcessURI.implies(uRLPermission)) {
            if (HttpAccessControllerUtils.hasPermission(httpServletRequest, uRLPermission)) {
                AuditManager.addEvent(subject, new StringBuffer(" subject has got the permission name=").append(uRLPermission.getName()).append(" actions=").append(uRLPermission.getActions()).toString(), " authorize phase ");
                authorize(filterChain, httpServletRequest, httpServletResponse);
                return;
            } else {
                httpServletRequest.getSession(true).setAttribute(HttpConstants.LAST_ACCESS_DENIED_URI, uRLPermission.getURI());
                AuditManager.addEvent(subject, new StringBuffer(" subject hasn't got the permission name=").append(uRLPermission.getName()).append(" actions=").append(uRLPermission.getActions()).toString(), " accessdenied phase ");
                accessDenied(httpServletRequest, httpServletResponse);
                return;
            }
        }
        AuditManager.addEvent(subject, new StringBuffer("uri(").append(uRLPermission.getURI()).append(")=registerProcessURI(").append(registerProcessURI.getURI()).append(")").toString(), " registerProcess phase ");
        if (authenticate(new AnonymizerRequestWrapper(httpServletRequest), httpServletResponse)) {
            boolean registerProcess = registerProcess(httpServletRequest, httpServletResponse, filterChain);
            if (!registerProcess) {
                AuditManager.addEvent(subject, " registration failed ", " registerProcess phase ");
                if (httpServletResponse.isCommitted()) {
                    logger.warn(new StringBuffer().append(" we cannot redirect to ").append(httpServletRequest.getContextPath()).append(registerURI).append(" because response is already commited ").toString());
                    return;
                } else {
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(new StringBuffer().append(httpServletRequest.getContextPath()).append(registerURI).toString()));
                    return;
                }
            }
            if (registerProcess) {
                AuditManager.addEvent(subject, " registration succeed ", " registerProcess phase ");
                httpServletRequest.getSession(true).removeAttribute(HttpConstants.AUTHN_UTILS);
                httpServletRequest.getSession(true).removeAttribute(HttpConstants.LAST_ACCESS_DENIED_URI);
                authenticateAfterRegistration(httpServletRequest, httpServletResponse);
            }
        }
    }

    private static boolean registerProcess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) {
        boolean z = false;
        try {
            Subject subject = null;
            try {
                subject = AuthenticationManagerFactory.getAuthenticationManager().createUser(buildSubjectTemplate(httpServletRequest));
                z = true;
            } catch (AuthenticationException e) {
                AuditManager.addEvent(subject, new StringBuffer(" registration failed ").toString(), " registrationProcess phase");
            }
            return z;
        } catch (AuthenticationException e2) {
            logger.error(" subject template cannot be built ", e2);
            return false;
        }
    }

    private static SubjectTemplate buildSubjectTemplate(HttpServletRequest httpServletRequest) throws AuthenticationException {
        SubjectTemplate defaultSubjectTemplate = AuthenticationManagerFactory.getAuthenticationManager().getDefaultSubjectTemplate();
        SubjectTemplate subjectTemplate = new SubjectTemplate();
        subjectTemplate.setName(defaultSubjectTemplate.getName());
        subjectTemplate.setPrivateRequiredCredentials(grabRegistrationForm(httpServletRequest, subjectTemplate, defaultSubjectTemplate.getPrivateRequiredCredentials()));
        subjectTemplate.setPublicRequiredCredentials(grabRegistrationForm(httpServletRequest, subjectTemplate, defaultSubjectTemplate.getPublicRequiredCredentials()));
        subjectTemplate.setPublicOptionalCredentials(grabRegistrationForm(httpServletRequest, subjectTemplate, defaultSubjectTemplate.getPublicOptionalCredentials()));
        subjectTemplate.setPrivateOptionalCredentials(grabRegistrationForm(httpServletRequest, subjectTemplate, defaultSubjectTemplate.getPrivateOptionalCredentials()));
        return subjectTemplate;
    }

    private static Set grabRegistrationForm(HttpServletRequest httpServletRequest, SubjectTemplate subjectTemplate, Set set) {
        Iterator it = set.iterator();
        HashSet hashSet = new HashSet();
        while (it.hasNext()) {
            JGuardCredential jGuardCredential = (JGuardCredential) it.next();
            if (httpServletRequest.getParameter(jGuardCredential.getId()) != null) {
                JGuardCredential jGuardCredential2 = new JGuardCredential();
                jGuardCredential2.setId(jGuardCredential.getId());
                try {
                    jGuardCredential2.setValue(httpServletRequest.getParameter(jGuardCredential.getId()));
                    hashSet.add(jGuardCredential2);
                } catch (IllegalArgumentException e) {
                    logger.warn(new StringBuffer().append(" the property ").append(jGuardCredential.getId()).append(" doesn't exist in the HttpServletRequest ").toString());
                }
            }
        }
        return hashSet;
    }

    private static String buildRequest(HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer(httpServletRequest.getServletPath());
        if (httpServletRequest.getQueryString() != null && httpServletRequest.getQueryString().length() > 0) {
            stringBuffer.append("?");
            stringBuffer.append(httpServletRequest.getQueryString());
        }
        String replaceAll = starPattern.matcher(stringBuffer.toString()).replaceAll(DOUBLE_STAR);
        logger.debug(new StringBuffer().append("uriWithQuery=").append(replaceAll).toString());
        return replaceAll;
    }

    private void logonProcess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        HttpSession session = httpServletRequest.getSession(true);
        Subject subject = HttpAuthenticationUtils.getSubject(session);
        if (!HttpConstants.BASIC_AUTH.equalsIgnoreCase(authScheme)) {
            AuditManager.addEvent(subject, new StringBuffer().append(" AUTHENTICATION TYPE =").append(authScheme).toString(), "  authenticate phase  ");
            authenticate(httpServletRequest, httpServletResponse);
            return;
        }
        String header = httpServletRequest.getHeader(HttpCallbackHandler.AUTHORIZATION);
        logger.debug(new StringBuffer().append("authorizationHeader=").append(header).toString());
        if (subject == null) {
            String buildBasicAuthHeader = HttpCallbackHandler.buildBasicAuthHeader(SecurityConstants.GUEST, SecurityConstants.GUEST, httpServletRequest.getCharacterEncoding());
            JGuardServletRequestWrapper jGuardServletRequestWrapper = new JGuardServletRequestWrapper(httpServletRequest);
            jGuardServletRequestWrapper.setHeader(HttpCallbackHandler.AUTHORIZATION, buildBasicAuthHeader);
            AuditManager.addEvent(subject, " BASIC authentication subject is null ", " authenticate phase ");
            authenticate(jGuardServletRequestWrapper, httpServletResponse);
            return;
        }
        if (header == null || !header.startsWith("Basic ")) {
            AuditManager.addEvent(subject, new StringBuffer().append(" subject is not null but BASIC HEADER is incorrect ").append(header).toString(), " jGuard build BASIC challenge  ");
            HttpCallbackHandler.buildBasicChallenge(httpServletResponse, (String) session.getServletContext().getAttribute(CoreConstants.APPLICATION_NAME));
        } else {
            AuditManager.addEvent(subject, " BASIC AUTHENTICATION TYPE ", "  authenticate phase  ");
            authenticate(httpServletRequest, httpServletResponse);
        }
    }

    private void accessDenied(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append(" access denied to ").append(httpServletRequest.getRequestURI()).toString());
        }
        if (accessDeniedURI == null) {
            AuditManager.addEvent(HttpAuthenticationUtils.getSubject(httpServletRequest.getSession(true)), new StringBuffer().append(" access is denied to ").append(httpServletRequest.getRequestURI()).append(" accessDeniedURI is not defined ").toString(), " jGuard send 401 http code ");
            httpServletResponse.sendError(DebugConstants.JE_GET_CONTEXT_AT, " access denied ");
            return;
        }
        AuditManager.addEvent(HttpAuthenticationUtils.getSubject(httpServletRequest.getSession(true)), new StringBuffer().append(" access is denied to").append(httpServletRequest.getRequestURI()).toString(), new StringBuffer().append(" user is redirected to accessDeniedURI").append(accessDeniedURI.getURI()).toString());
        if (httpServletResponse.isCommitted()) {
            logger.warn(new StringBuffer().append(" we cannot redirect to req.getContextPath()+").append(accessDeniedURI.getURI()).append(" because response is already commited ").toString());
        } else {
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(new StringBuffer().append(httpServletRequest.getContextPath()).append(accessDeniedURI.getURI()).toString()));
        }
    }

    private void authorize(FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("doFilter() -  access authorized to ").append(httpServletRequest.getRequestURI()).toString());
        }
        if (System.getSecurityManager() == null) {
            try {
                filterChain.doFilter(new JGuardServletRequestWrapper(httpServletRequest), httpServletResponse);
                return;
            } catch (Throwable th) {
                logger.fatal(th.getMessage());
                httpServletResponse.sendError(DebugConstants.JO_DELETE_BY_NAME);
                return;
            }
        }
        try {
            propagateSecurity(new JGuardServletRequestWrapper(httpServletRequest), httpServletResponse, filterChain);
        } catch (PrivilegedActionException e) {
            logger.warn(" access denied ", e);
            AuditManager.addEvent(HttpAuthenticationUtils.getSubject(httpServletRequest.getSession(true)), new StringBuffer().append(" a security exception ").append(e.getMessage()).toString(), new StringBuffer().append(" user is redirected to accessDeniedURI(").append(accessDeniedURI.getURI()).append(")").toString());
            if (httpServletResponse.isCommitted()) {
                logger.warn(new StringBuffer().append(" we cannot redirect to ").append(httpServletRequest.getContextPath()).append(accessDeniedURI.getURI()).append(" because response is already commited ").toString());
            } else {
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(new StringBuffer().append(httpServletRequest.getContextPath()).append(accessDeniedURI.getURI()).toString()));
            }
        }
    }

    private static void logoff(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpSession session = httpServletRequest.getSession();
        HttpAuthenticationUtils httpAuthenticationUtils = (HttpAuthenticationUtils) session.getAttribute(HttpConstants.AUTHN_UTILS);
        if (httpAuthenticationUtils != null) {
            httpAuthenticationUtils.logout();
            AuditManager.addEvent(httpAuthenticationUtils.getSubject(), " ", " user logoff ");
        }
        session.removeAttribute(HttpConstants.AUTHN_UTILS);
        if (logger.isDebugEnabled()) {
            logger.debug("doFilter() -  user logoff ");
        }
        try {
            session.invalidate();
        } catch (IllegalStateException e) {
            logger.debug(" session is already invalidated ");
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private static void propagateSecurity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws PrivilegedActionException {
        Subject.doAsPrivileged(HttpAuthenticationUtils.getSubject(httpServletRequest.getSession()), new PrivilegedExceptionAction(filterChain, httpServletRequest, httpServletResponse) { // from class: net.sf.jguard.jee.authentication.http.AccessFilter.1
            private final FilterChain val$chain;
            private final HttpServletRequest val$request;
            private final HttpServletResponse val$response;

            {
                this.val$chain = filterChain;
                this.val$request = httpServletRequest;
                this.val$response = httpServletResponse;
            }

            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws IOException, ServletException {
                try {
                    this.val$chain.doFilter(new JGuardServletRequestWrapper(this.val$request), this.val$response);
                    return null;
                } catch (Throwable th) {
                    AccessFilter.logger.fatal(th.getMessage());
                    this.val$response.sendError(DebugConstants.JO_DELETE_BY_NAME);
                    return null;
                }
            }
        }, (AccessControlContext) null);
    }

    private boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        return postAuthenticationProcess(httpServletRequest, httpServletResponse, !HttpAuthenticationUtils.authenticate(httpServletRequest, httpServletResponse, false, this.local));
    }

    private boolean authenticateAfterRegistration(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        return postAuthenticationProcess(httpServletRequest, httpServletResponse, !HttpAuthenticationUtils.authenticate(httpServletRequest, httpServletResponse, true, this.local));
    }

    private boolean postAuthenticationProcess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException {
        Subject subject = HttpAuthenticationUtils.getSubject(httpServletRequest.getSession(true));
        if (z) {
            if (httpServletResponse.isCommitted()) {
                logger.warn(" response is already committed ");
            }
            if (HttpConstants.BASIC_AUTH.equalsIgnoreCase(authScheme)) {
                HttpCallbackHandler.buildBasicChallenge(httpServletResponse, (String) httpServletRequest.getSession(true).getServletContext().getAttribute(CoreConstants.APPLICATION_NAME));
                return !z;
            }
            AuditManager.addEvent(subject, "authentication failed", new StringBuffer().append(" redirect to ").append(authenticationFailedURI.getURI()).toString());
            if (authenticationFailedURI == null || authenticationFailedURI.getURI().equals("")) {
                httpServletResponse.sendError(DebugConstants.JE_GET_CONTEXT_AT, " access denied ");
                AuditManager.addEvent(subject, " user is not authentication and authenticationFailedURI is not defined ", " send401 code ");
            } else {
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(new StringBuffer().append(httpServletRequest.getContextPath()).append(authenticationFailedURI.getURI()).toString()));
                AuditManager.addEvent(subject, " NOT BASIC AUTHENTICATION - user is not authenticated ", new StringBuffer().append(" redirect to ").append(httpServletRequest.getContextPath()).append(authenticationFailedURI.getURI()).toString());
            }
        } else {
            HttpSession session = httpServletRequest.getSession(true);
            String str = indexURI;
            String str2 = (String) session.getAttribute(HttpConstants.LAST_ACCESS_DENIED_URI);
            HttpAuthenticationUtils httpAuthenticationUtils = HttpAuthenticationUtils.getHttpAuthenticationUtils(httpServletRequest, this.local);
            Subject subject2 = httpAuthenticationUtils.getSubject();
            if (!httpServletResponse.isCommitted()) {
                session.removeAttribute(HttpConstants.AUTHN_UTILS);
                session.invalidate();
                httpServletRequest.getSession(true).setAttribute(HttpConstants.AUTHN_UTILS, httpAuthenticationUtils);
            }
            if (str2 != null && str2 != "") {
                if (goToLastAccessDeniedUriOnSuccess) {
                    str = str2;
                } else if (!HttpAccessControllerUtils.hasPermission(httpServletRequest, new URLPermission(HttpConstants.INDEX_URI, indexURI))) {
                    str = logonURIStr;
                }
            }
            if (logger.isDebugEnabled()) {
                logger.debug(new StringBuffer().append(" user is authenticated and redirected to .").append(str).toString());
            }
            if (httpServletResponse.isCommitted()) {
                logger.warn(" response is already committed ");
            }
            AuditManager.addEvent(subject2, " user is authenticated ", new StringBuffer().append(" redirect to ").append(str).toString());
            if (!httpServletResponse.isCommitted()) {
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(new StringBuffer().append(httpServletRequest.getContextPath()).append(str).toString()));
            }
        }
        return !z;
    }

    public void destroy() {
    }

    private Map loadFilterConfiguration(String str) {
        Element element = XMLUtils.read(str).getRootElement().element(HttpConstants.FILTER);
        HashMap hashMap = new HashMap();
        hashMap.put(HttpConstants.INDEX_URI, element.element(HttpConstants.INDEX_URI).getTextTrim());
        hashMap.put(HttpConstants.AUTHENTICATION_FAILED_URI, element.element(HttpConstants.AUTHENTICATION_FAILED_URI).getTextTrim());
        if (element.element(HttpConstants.REGISTER_PROCESS_URI) != null) {
            hashMap.put(HttpConstants.REGISTER_PROCESS_URI, element.element(HttpConstants.REGISTER_PROCESS_URI).getTextTrim());
        }
        if (element.element(HttpConstants.REGISTER_URI) != null) {
            hashMap.put(HttpConstants.REGISTER_URI, element.element(HttpConstants.REGISTER_URI).getTextTrim());
        }
        hashMap.put(HttpConstants.LOGON_PROCESS_URI, element.element(HttpConstants.LOGON_PROCESS_URI).getTextTrim());
        hashMap.put(HttpConstants.LOGON_URI, element.element(HttpConstants.LOGON_URI).getTextTrim());
        HashSet hashSet = new HashSet();
        Iterator it = element.element(HttpConstants.LOGOFF_URIS).elements(HttpConstants.LOGOFF_URI).iterator();
        while (it.hasNext()) {
            hashSet.add(((Element) it.next()).getTextTrim());
        }
        hashMap.put(HttpConstants.LOGOFF_URIS, hashSet);
        hashMap.put(HttpConstants.ACCESS_DENIED_URI, element.element(HttpConstants.ACCESS_DENIED_URI).getTextTrim());
        hashMap.put("authScheme", element.element("authScheme").getTextTrim());
        Element element2 = element.element("loginField");
        if (element2 != null) {
            hashMap.put("loginField", element2.getTextTrim());
        }
        Element element3 = element.element("passwordField");
        if (element3 != null) {
            hashMap.put("passwordField", element3.getTextTrim());
        }
        Element element4 = element.element(HttpConstants.GO_TO_LAST_ACCESS_DENIED_URI_ON_SUCCESS);
        if (element4 != null) {
            hashMap.put(HttpConstants.GO_TO_LAST_ACCESS_DENIED_URI_ON_SUCCESS, element4.getTextTrim());
        }
        return hashMap;
    }

    public Permission buildPermission(HttpServletRequest httpServletRequest) {
        String buildRequest = buildRequest(httpServletRequest);
        logger.debug(new StringBuffer().append("uriWithQuery=").append(buildRequest).toString());
        StringBuffer stringBuffer = new StringBuffer(URLPermission.removeRegexpFromURI(buildRequest));
        stringBuffer.append(',').append(httpServletRequest.getProtocol()).append(',').append(httpServletRequest.getMethod()).append("permission build from the user request");
        return new URLPermission("permissionFromUser", stringBuffer.toString());
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$net$sf$jguard$jee$authentication$http$AccessFilter == null) {
            cls = class$("net.sf.jguard.jee.authentication.http.AccessFilter");
            class$net$sf$jguard$jee$authentication$http$AccessFilter = cls;
        } else {
            cls = class$net$sf$jguard$jee$authentication$http$AccessFilter;
        }
        logger = LogFactory.getLog(cls);
        goToLastAccessDeniedUriOnSuccess = true;
    }
}
