package org.apache.nifi.web.api.config;

import javax.ws.rs.core.Response;
import javax.ws.rs.ext.ExceptionMapper;
import javax.ws.rs.ext.Provider;
import org.apache.nifi.authorization.AccessDeniedException;
import org.apache.nifi.authorization.user.NiFiUser;
import org.apache.nifi.authorization.user.NiFiUserUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/web/api/config/AccessDeniedExceptionMapper.class */
public class AccessDeniedExceptionMapper implements ExceptionMapper<AccessDeniedException> {
    private static final Logger logger = LoggerFactory.getLogger(AccessDeniedExceptionMapper.class);

    public Response toResponse(AccessDeniedException accessDeniedException) {
        NiFiUser niFiUser = NiFiUserUtils.getNiFiUser();
        Response.Status status = (niFiUser == null || niFiUser.isAnonymous()) ? Response.Status.UNAUTHORIZED : Response.Status.FORBIDDEN;
        logger.info(String.format("%s does not have permission to access the requested resource. %s Returning %s response.", niFiUser == null ? "<no user found>" : niFiUser.toString(), accessDeniedException.getMessage(), status));
        if (logger.isDebugEnabled()) {
            logger.debug("", accessDeniedException);
        }
        return Response.status(status).entity(String.format("%s Contact the system administrator.", accessDeniedException.getMessage())).type("text/plain").build();
    }
}
