package org.apache.geode.management.internal.rest.security;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.util.Arrays;
import javax.servlet.Filter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadBase;
import org.apache.geode.management.api.ClusterManagementResult;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.web.multipart.MultipartResolver;
import org.springframework.web.multipart.commons.CommonsMultipartResolver;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ComponentScan({"org.apache.geode.management.internal.rest"})
/* loaded from: input_file:WEB-INF/classes/org/apache/geode/management/internal/rest/security/RestSecurityConfiguration.class */
public class RestSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private GeodeAuthenticationProvider authProvider;

    @Autowired
    private ObjectMapper objectMapper;

    /* loaded from: input_file:WEB-INF/classes/org/apache/geode/management/internal/rest/security/RestSecurityConfiguration$AuthenticationFailedHandler.class */
    private class AuthenticationFailedHandler implements AuthenticationEntryPoint {
        private static final String CONTENT_TYPE = "application/json";

        private AuthenticationFailedHandler() {
        }

        @Override // org.springframework.security.web.AuthenticationEntryPoint
        public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
            httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=\"GEODE\"");
            httpServletResponse.setStatus(401);
            httpServletResponse.setContentType("application/json");
            RestSecurityConfiguration.this.objectMapper.writeValue(httpServletResponse.getWriter(), new ClusterManagementResult(ClusterManagementResult.StatusCode.UNAUTHENTICATED, authenticationException.getMessage()));
        }
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.authenticationProvider((AuthenticationProvider) this.authProvider);
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public MultipartResolver multipartResolver() {
        return new CommonsMultipartResolver() { // from class: org.apache.geode.management.internal.rest.security.RestSecurityConfiguration.1
            @Override // org.springframework.web.multipart.commons.CommonsMultipartResolver, org.springframework.web.multipart.MultipartResolver
            public boolean isMultipart(HttpServletRequest httpServletRequest) {
                String contentType;
                return Arrays.asList("put", "post").contains(httpServletRequest.getMethod().toLowerCase()) && (contentType = httpServletRequest.getContentType()) != null && contentType.toLowerCase().startsWith(FileUploadBase.MULTIPART);
            }
        };
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((HttpSecurity) ((HttpSecurity) httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()).authorizeRequests().antMatchers("/docs/**", "/swagger-ui.html", "/", "/v1/api-docs/**", "/webjars/springfox-swagger-ui/**", "/swagger-resources/**").permitAll().and()).csrf().disable();
        if (this.authProvider.getSecurityService().isIntegratedSecurity()) {
            httpSecurity.authorizeRequests().anyRequest().authenticated();
            if (this.authProvider.isAuthTokenEnabled()) {
                JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter();
                jwtAuthenticationFilter.setAuthenticationSuccessHandler((httpServletRequest, httpServletResponse, authentication) -> {
                });
                jwtAuthenticationFilter.setAuthenticationFailureHandler((httpServletRequest2, httpServletResponse2, authenticationException) -> {
                });
                httpSecurity.addFilterBefore((Filter) jwtAuthenticationFilter, BasicAuthenticationFilter.class);
            }
            httpSecurity.httpBasic().authenticationEntryPoint(new AuthenticationFailedHandler());
        }
    }
}
