package org.flowable.admin.conf;

import java.util.Collections;
import org.flowable.admin.security.AjaxLogoutSuccessHandler;
import org.flowable.admin.security.RemoteIdmAuthenticationProvider;
import org.flowable.app.filter.FlowableCookieFilterRegistrationBean;
import org.flowable.app.properties.FlowableCommonAppProperties;
import org.flowable.app.security.ClearFlowableCookieLogoutHandler;
import org.flowable.app.service.idm.RemoteIdmService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.boot.actuate.health.HealthEndpoint;
import org.springframework.boot.actuate.info.InfoEndpoint;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:org/flowable/admin/conf/SecurityConfiguration.class */
public class SecurityConfiguration {

    @Autowired
    private RemoteIdmAuthenticationProvider authenticationProvider;

    @ConditionalOnClass({EndpointRequest.class})
    @Configuration
    @Order(15)
    /* loaded from: input_file:org/flowable/admin/conf/SecurityConfiguration$ActuatorWebSecurityConfigurationAdapter.class */
    public static class ActuatorWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable();
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().requestMatchers(new RequestMatcher[]{EndpointRequest.to(new Class[]{InfoEndpoint.class, HealthEndpoint.class})})).authenticated().requestMatchers(new RequestMatcher[]{EndpointRequest.toAnyEndpoint()})).hasAnyAuthority(new String[]{"access-admin"}).and().httpBasic();
        }
    }

    @Configuration
    @Order(10)
    /* loaded from: input_file:org/flowable/admin/conf/SecurityConfiguration$FormLoginWebSecurityConfigurerAdapter.class */
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        protected FlowableCookieFilterRegistrationBean flowableCookieFilterRegistrationBean;

        @Autowired
        private AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler;

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.addFilterBefore(this.flowableCookieFilterRegistrationBean.getFilter(), UsernamePasswordAuthenticationFilter.class).logout().logoutUrl("/app/logout").logoutSuccessHandler(this.ajaxLogoutSuccessHandler).addLogoutHandler(new ClearFlowableCookieLogoutHandler()).deleteCookies(new String[]{"FLOWABLE_REMEMBER_ME"}).and().csrf().disable().authorizeRequests().antMatchers(new String[]{"/app/rest/**"})).hasAuthority("access-admin");
        }
    }

    @Bean
    public FlowableCookieFilterRegistrationBean flowableCookieFilterRegistrationBean(RemoteIdmService remoteIdmService, FlowableCommonAppProperties flowableCommonAppProperties) {
        FlowableCookieFilterRegistrationBean flowableCookieFilterRegistrationBean = new FlowableCookieFilterRegistrationBean(remoteIdmService, flowableCommonAppProperties);
        flowableCookieFilterRegistrationBean.setRequiredPrivileges(Collections.singletonList("access-admin"));
        return flowableCookieFilterRegistrationBean;
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) {
        authenticationManagerBuilder.authenticationProvider(this.authenticationProvider);
    }
}
