package org.apache.isis.core.webapp.auth;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.isis.applib.fixtures.LogonFixture;
import org.apache.isis.core.commons.authentication.AuthenticationSession;
import org.apache.isis.core.runtime.authentication.AuthenticationManager;
import org.apache.isis.core.runtime.authentication.exploration.AuthenticationRequestExploration;
import org.apache.isis.core.runtime.fixtures.authentication.AuthenticationRequestLogonFixture;
import org.apache.isis.core.runtime.system.IsisSystem;
import org.apache.isis.core.runtime.system.context.IsisContext;
import org.apache.isis.core.webapp.WebAppConstants;

/* loaded from: input_file:WEB-INF/lib/isis-core-runtime-1.7.0.jar:org/apache/isis/core/webapp/auth/AuthenticationSessionStrategyDefault.class */
public class AuthenticationSessionStrategyDefault extends AuthenticationSessionStrategyAbstract {
    @Override // org.apache.isis.core.webapp.auth.AuthenticationSessionStrategy
    public AuthenticationSession lookupValid(ServletRequest servletRequest, ServletResponse servletResponse) {
        AuthenticationSession authenticate;
        AuthenticationManager authenticationManager = getAuthenticationManager();
        HttpSession httpSession = getHttpSession(servletRequest);
        AuthenticationSession authenticationSession = (AuthenticationSession) httpSession.getAttribute(WebAppConstants.HTTP_SESSION_AUTHENTICATION_SESSION_KEY);
        if (authenticationSession != null && authenticationManager.isSessionValid(authenticationSession)) {
            return authenticationSession;
        }
        IsisSystem isisSystem = (IsisSystem) getServletContext(servletRequest).getAttribute(WebAppConstants.ISIS_SYSTEM_KEY);
        if (isisSystem == null) {
            return null;
        }
        LogonFixture logonFixture = isisSystem.getLogonFixture();
        if (isisSystem.getDeploymentType().isExploring() && (authenticate = authenticationManager.authenticate(new AuthenticationRequestExploration(logonFixture))) != null) {
            return authenticate;
        }
        boolean z = httpSession.getAttribute(WebAppConstants.HTTP_SESSION_LOGGED_ON_PREVIOUSLY_USING_LOGON_FIXTURE_KEY) != null;
        if (logonFixture == null || z) {
            return null;
        }
        httpSession.setAttribute(WebAppConstants.HTTP_SESSION_LOGGED_ON_PREVIOUSLY_USING_LOGON_FIXTURE_KEY, true);
        return authenticationManager.authenticate(new AuthenticationRequestLogonFixture(logonFixture));
    }

    @Override // org.apache.isis.core.webapp.auth.AuthenticationSessionStrategyAbstract, org.apache.isis.core.webapp.auth.AuthenticationSessionStrategy
    public void bind(ServletRequest servletRequest, ServletResponse servletResponse, AuthenticationSession authenticationSession) {
        getHttpSession(servletRequest).setAttribute(WebAppConstants.HTTP_SESSION_AUTHENTICATION_SESSION_KEY, authenticationSession);
    }

    protected AuthenticationManager getAuthenticationManager() {
        return IsisContext.getAuthenticationManager();
    }
}
