package org.springframework.security.ui.logout;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.mortbay.jetty.HttpHeaders;
import org.springframework.security.Authentication;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.ui.FilterChainOrder;
import org.springframework.security.ui.SpringSecurityFilter;
import org.springframework.security.util.RedirectUtils;
import org.springframework.security.util.UrlUtils;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/spring-security-core-2.0.7.RELEASE.jar:org/springframework/security/ui/logout/LogoutFilter.class */
public class LogoutFilter extends SpringSecurityFilter {
    private String filterProcessesUrl = "/j_spring_security_logout";
    private String logoutSuccessUrl;
    private LogoutHandler[] handlers;
    private boolean useRelativeContext;

    public LogoutFilter(String str, LogoutHandler[] logoutHandlerArr) {
        Assert.notEmpty(logoutHandlerArr, "LogoutHandlers are required");
        this.logoutSuccessUrl = str;
        Assert.isTrue(UrlUtils.isValidRedirectUrl(str), new StringBuffer().append(str).append(" isn't a valid redirect URL").toString());
        this.handlers = logoutHandlerArr;
    }

    @Override // org.springframework.security.ui.SpringSecurityFilter
    public void doFilterHttp(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!requiresLogout(httpServletRequest, httpServletResponse)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(new StringBuffer().append("Logging out user '").append(authentication).append("' and redirecting to logout page").toString());
        }
        for (int i = 0; i < this.handlers.length; i++) {
            this.handlers[i].logout(httpServletRequest, httpServletResponse, authentication);
        }
        sendRedirect(httpServletRequest, httpServletResponse, determineTargetUrl(httpServletRequest, httpServletResponse));
    }

    protected boolean requiresLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String requestURI = httpServletRequest.getRequestURI();
        int indexOf = requestURI.indexOf(59);
        if (indexOf > 0) {
            requestURI = requestURI.substring(0, indexOf);
        }
        int indexOf2 = requestURI.indexOf(63);
        if (indexOf2 > 0) {
            requestURI = requestURI.substring(0, indexOf2);
        }
        return "".equals(httpServletRequest.getContextPath()) ? requestURI.endsWith(this.filterProcessesUrl) : requestURI.endsWith(new StringBuffer().append(httpServletRequest.getContextPath()).append(this.filterProcessesUrl).toString());
    }

    protected String determineTargetUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter("logoutSuccessUrl");
        if (!StringUtils.hasLength(parameter)) {
            parameter = getLogoutSuccessUrl();
        }
        if (!StringUtils.hasLength(parameter)) {
            parameter = httpServletRequest.getHeader(HttpHeaders.REFERER);
        }
        if (!StringUtils.hasLength(parameter)) {
            parameter = "/";
        }
        return parameter;
    }

    protected void sendRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        RedirectUtils.sendRedirect(httpServletRequest, httpServletResponse, str, this.useRelativeContext);
    }

    public void setFilterProcessesUrl(String str) {
        Assert.hasText(str, "FilterProcessesUrl required");
        Assert.isTrue(UrlUtils.isValidRedirectUrl(str), new StringBuffer().append(str).append(" isn't a valid redirect URL").toString());
        this.filterProcessesUrl = str;
    }

    protected String getLogoutSuccessUrl() {
        return this.logoutSuccessUrl;
    }

    protected String getFilterProcessesUrl() {
        return this.filterProcessesUrl;
    }

    public void setUseRelativeContext(boolean z) {
        this.useRelativeContext = z;
    }

    @Override // org.springframework.security.ui.SpringSecurityFilter, org.springframework.core.Ordered
    public int getOrder() {
        return FilterChainOrder.LOGOUT_FILTER;
    }
}
