package org.apereo.cas.config;

import java.util.List;
import java.util.Objects;
import org.apereo.cas.authentication.support.password.PasswordEncoderUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.core.monitor.JdbcSecurityActuatorEndpointsMonitorProperties;
import org.apereo.cas.configuration.support.JpaBeans;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.ProtocolEndpointWebSecurityConfigurer;
import org.apereo.cas.web.flow.CasWebflowConstants;
import org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.actuate.endpoint.web.PathMappedEndpoints;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.jdbc.datasource.init.ScriptUtils;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.JdbcUserDetailsManager;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextHolderFilter;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@AutoConfiguration
@EnableWebSecurity
@ConditionalOnFeatureEnabled(feature = CasFeatureModule.FeatureCatalog.WebApplication)
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
/* loaded from: input_file:WEB-INF/lib/cas-server-webapp-config-6.6.12.jar:org/apereo/cas/config/CasWebAppSecurityConfiguration.class */
public class CasWebAppSecurityConfiguration extends GlobalMethodSecurityConfiguration {

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasWebAppSecurityJdbcConfiguration", proxyBeanMethods = false)
    @ConditionalOnProperty(name = {"cas.monitor.endpoints.jdbc.query"})
    /* loaded from: input_file:WEB-INF/lib/cas-server-webapp-config-6.6.12.jar:org/apereo/cas/config/CasWebAppSecurityConfiguration$CasWebAppSecurityJdbcConfiguration.class */
    public static class CasWebAppSecurityJdbcConfiguration {
        @ConditionalOnMissingBean(name = {"jdbcUserDetailsPasswordEncoder"})
        @Bean
        public static PasswordEncoder jdbcUserDetailsPasswordEncoder(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return PasswordEncoderUtils.newPasswordEncoder(casConfigurationProperties.getMonitor().getEndpoints().getJdbc().getPasswordEncoder(), configurableApplicationContext);
        }

        @ConditionalOnMissingBean(name = {"jdbcUserDetailsManager"})
        @Bean
        public UserDetailsManager jdbcUserDetailsManager(CasConfigurationProperties casConfigurationProperties) {
            JdbcSecurityActuatorEndpointsMonitorProperties jdbc = casConfigurationProperties.getMonitor().getEndpoints().getJdbc();
            JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager(JpaBeans.newDataSource(jdbc));
            jdbcUserDetailsManager.setRolePrefix(jdbc.getRolePrefix());
            jdbcUserDetailsManager.setUsersByUsernameQuery(jdbc.getQuery());
            return jdbcUserDetailsManager;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasWebAppSecurityMvcConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:WEB-INF/lib/cas-server-webapp-config-6.6.12.jar:org/apereo/cas/config/CasWebAppSecurityConfiguration$CasWebAppSecurityMvcConfiguration.class */
    public static class CasWebAppSecurityMvcConfiguration {
        @ConditionalOnMissingBean(name = {"securityContextRepository"})
        @Bean
        public SecurityContextRepository securityContextRepository() {
            return new HttpSessionSecurityContextRepository();
        }

        @Bean
        public FilterRegistrationBean<SecurityContextHolderFilter> securityContextHolderFilter(@Qualifier("securityContextRepository") SecurityContextRepository securityContextRepository) {
            FilterRegistrationBean<SecurityContextHolderFilter> filterRegistrationBean = new FilterRegistrationBean<>();
            filterRegistrationBean.setFilter(new SecurityContextHolderFilter(securityContextRepository));
            filterRegistrationBean.setUrlPatterns(CollectionUtils.wrap(ScriptUtils.DEFAULT_BLOCK_COMMENT_START_DELIMITER));
            filterRegistrationBean.setName("Spring Security Context Holder Filter");
            filterRegistrationBean.setAsyncSupported(true);
            filterRegistrationBean.setOrder(Integer.MIN_VALUE);
            return filterRegistrationBean;
        }

        @ConditionalOnMissingBean(name = {"casWebAppSecurityWebMvcConfigurer"})
        @Bean
        public WebMvcConfigurer casWebAppSecurityWebMvcConfigurer(final CasConfigurationProperties casConfigurationProperties) {
            return new WebMvcConfigurer() { // from class: org.apereo.cas.config.CasWebAppSecurityConfiguration.CasWebAppSecurityMvcConfiguration.1
                @Override // org.springframework.web.servlet.config.annotation.WebMvcConfigurer
                public void addViewControllers(ViewControllerRegistry viewControllerRegistry) {
                    if (casConfigurationProperties.getMonitor().getEndpoints().isFormLoginEnabled()) {
                        viewControllerRegistry.addViewController(CasWebSecurityConfigurerAdapter.ENDPOINT_URL_ADMIN_FORM_LOGIN).setViewName(CasWebflowConstants.VIEW_ID_ENDPOINT_ADMIN_LOGIN_VIEW);
                        viewControllerRegistry.setOrder(Integer.MIN_VALUE);
                    }
                }
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasWebappCoreSecurityConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:WEB-INF/lib/cas-server-webapp-config-6.6.12.jar:org/apereo/cas/config/CasWebAppSecurityConfiguration$CasWebappCoreSecurityConfiguration.class */
    public static class CasWebappCoreSecurityConfiguration {
        @ConditionalOnMissingBean(name = {"casWebSecurityCustomizer"})
        @Bean
        public WebSecurityCustomizer casWebSecurityCustomizer(@Qualifier("securityContextRepository") SecurityContextRepository securityContextRepository, ObjectProvider<PathMappedEndpoints> objectProvider, List<ProtocolEndpointWebSecurityConfigurer> list, SecurityProperties securityProperties, CasConfigurationProperties casConfigurationProperties) {
            CasWebSecurityConfigurerAdapter casWebSecurityConfigurerAdapter = new CasWebSecurityConfigurerAdapter(casConfigurationProperties, securityProperties, objectProvider, list, securityContextRepository);
            Objects.requireNonNull(casWebSecurityConfigurerAdapter);
            return casWebSecurityConfigurerAdapter::configureWebSecurity;
        }

        @ConditionalOnMissingBean(name = {"casWebSecurityConfigurerAdapter"})
        @Bean
        public SecurityFilterChain casWebSecurityConfigurerAdapter(@Qualifier("securityContextRepository") SecurityContextRepository securityContextRepository, HttpSecurity httpSecurity, ObjectProvider<PathMappedEndpoints> objectProvider, List<ProtocolEndpointWebSecurityConfigurer> list, SecurityProperties securityProperties, CasConfigurationProperties casConfigurationProperties) throws Exception {
            return new CasWebSecurityConfigurerAdapter(casConfigurationProperties, securityProperties, objectProvider, list, securityContextRepository).configureHttpSecurity(httpSecurity).build();
        }
    }

    @Bean
    public InitializingBean securityContextHolderInitialization() {
        return () -> {
            SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_THREADLOCAL);
        };
    }
}
