package org.codehaus.plexus.redback.xwork.filter.authorization;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.spi.LocationInfo;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.xwork.filter.PlexusServletFilter;
import org.codehaus.plexus.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/redback-xwork-integration-1.0-alpha-2.jar:org/codehaus/plexus/redback/xwork/filter/authorization/SimpleAuthorizationFilter.class */
public class SimpleAuthorizationFilter extends PlexusServletFilter {
    private String permission;
    private String resource;
    private String accessDeniedLocation;
    static Class class$org$codehaus$plexus$redback$xwork$filter$authorization$SimpleAuthorizationFilter;

    @Override // org.codehaus.plexus.redback.xwork.filter.PlexusServletFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        Class cls;
        super.init(filterConfig);
        this.permission = filterConfig.getInitParameter("permission");
        this.resource = filterConfig.getInitParameter("resource");
        this.accessDeniedLocation = filterConfig.getInitParameter("accessDeniedLocation");
        if (StringUtils.isEmpty(this.accessDeniedLocation)) {
            StringBuffer append = new StringBuffer().append("Missing parameter 'accessDeniedLocation' from ");
            if (class$org$codehaus$plexus$redback$xwork$filter$authorization$SimpleAuthorizationFilter == null) {
                cls = class$("org.codehaus.plexus.redback.xwork.filter.authorization.SimpleAuthorizationFilter");
                class$org$codehaus$plexus$redback$xwork$filter$authorization$SimpleAuthorizationFilter = cls;
            } else {
                cls = class$org$codehaus$plexus$redback$xwork$filter$authorization$SimpleAuthorizationFilter;
            }
            throw new ServletException(append.append(cls.getName()).append(" configuration.").toString());
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        SecuritySession securitySession = (SecuritySession) lookup(SecuritySession.ROLE);
        if (securitySession == null) {
            getLogger().warn("Security Session is null.");
            return;
        }
        SecuritySystem securitySystem = (SecuritySystem) lookup(SecuritySystem.ROLE);
        try {
            if (StringUtils.isEmpty(this.resource) ? securitySystem.isAuthorized(securitySession, this.permission) : securitySystem.isAuthorized(securitySession, this.permission, this.resource)) {
                filterChain.doFilter(servletRequest, servletResponse);
            } else {
                accessDenied(servletResponse);
            }
        } catch (AuthorizationException e) {
            accessDenied(servletResponse);
        }
    }

    protected void accessDenied(ServletResponse servletResponse) throws IOException {
        String str = this.accessDeniedLocation;
        ((HttpServletResponse) servletResponse).sendRedirect(new StringBuffer().append(str.indexOf(63) == -1 ? new StringBuffer().append(str).append(LocationInfo.NA).toString() : new StringBuffer().append(str).append("&").toString()).append("resource=").append(this.resource).toString());
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
