package org.beangle.security.authz;

import org.beangle.commons.bean.Initializing;
import org.beangle.commons.security.Request;
import org.beangle.security.core.context.SecurityContext;
import org.beangle.security.core.session.Session;
import org.beangle.security.core.userdetail.DefaultAccount;
import org.beangle.security.util.SessionDaemon;

/* loaded from: input_file:org/beangle/security/authz/AbstractRoleBasedAuthorizer.class */
public abstract class AbstractRoleBasedAuthorizer implements Authorizer, Initializing {
    protected AuthorityDomain domain = AuthorityDomain.empty();
    protected boolean unknownIsProtected = true;
    protected int refreshSeconds = 300;

    @Override // org.beangle.security.authz.Authorizer
    public boolean isPermitted(SecurityContext securityContext) {
        return isPermitted(securityContext, securityContext.getRequest());
    }

    @Override // org.beangle.security.authz.Authorizer
    public boolean isPermitted(SecurityContext securityContext, Request request) {
        if (securityContext.isRoot()) {
            return true;
        }
        Authority authority = this.domain.authorities.get(request.getResource().toString());
        if (null == authority) {
            if (this.unknownIsProtected) {
                return securityContext.isValid();
            }
            return false;
        }
        if (authority.scope.equals("Public")) {
            return true;
        }
        if (authority.scope.equals("Protected")) {
            return securityContext.isValid();
        }
        Session session = securityContext.getSession();
        if (null == session) {
            return false;
        }
        return authority.match(((DefaultAccount) session.getPrincipal()).getAuthorities());
    }

    @Override // org.beangle.security.authz.Authorizer
    public String getScope(String str) {
        Authority authority = this.domain.authorities.get(str);
        return null == authority ? this.unknownIsProtected ? "Protected" : "Private" : authority.scope;
    }

    @Override // org.beangle.security.authz.Authorizer
    public boolean isRoot(String str) {
        return this.domain.roots.contains(str);
    }

    public void init() throws Exception {
        SessionDaemon.start("Beangle Authority", this.refreshSeconds, new DomainFetcher(this));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract AuthorityDomain fetchDomain();

    public void setDomain(AuthorityDomain authorityDomain) {
        this.domain = authorityDomain;
    }

    public void setUnknownIsProtected(boolean z) {
        this.unknownIsProtected = z;
    }

    public void setRefreshSeconds(int i) {
        this.refreshSeconds = i;
    }
}
