package org.minbox.framework.on.security.application.service.web;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.minbox.framework.on.security.application.service.authentication.OnSecurityAccessTokenAuthorizationToken;
import org.minbox.framework.on.security.application.service.authentication.context.OnSecurityApplicationContextHolder;
import org.minbox.framework.on.security.application.service.exception.OnSecurityApplicationResourceAuthenticationException;
import org.minbox.framework.on.security.application.service.exception.ResourceAuthenticationErrorCode;
import org.minbox.framework.on.security.application.service.web.convert.OnSecurityAccessTokenAuthorizationConvert;
import org.minbox.framework.on.security.core.authorization.endpoint.resolver.BearerTokenResolver;
import org.minbox.framework.on.security.core.authorization.endpoint.resolver.DefaultBearerTokenResolver;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:BOOT-INF/lib/on-security-application-service-0.0.7.jar:org/minbox/framework/on/security/application/service/web/OnSecurityAccessTokenAuthorizationFilter.class */
public final class OnSecurityAccessTokenAuthorizationFilter extends OncePerRequestFilter {
    private AuthenticationManager authenticationManager;
    private BearerTokenResolver bearerTokenResolver;
    private AuthenticationConverter authenticationConverter;
    private AuthenticationFailureHandler authenticationFailureHandler;

    public OnSecurityAccessTokenAuthorizationFilter(AuthenticationManager authenticationManager) {
        this(authenticationManager, new DefaultBearerTokenResolver(), new OnSecurityApplicationResourceAuthorizationFailureHandler());
    }

    public OnSecurityAccessTokenAuthorizationFilter(AuthenticationManager authenticationManager, BearerTokenResolver bearerTokenResolver, AuthenticationFailureHandler authenticationFailureHandler) {
        Assert.notNull(authenticationManager, "authenticationManager cannot be null");
        Assert.notNull(bearerTokenResolver, "tokenResolver cannot be null");
        Assert.notNull(authenticationFailureHandler, "authenticationFailureHandler cannot be null");
        this.authenticationManager = authenticationManager;
        this.authenticationFailureHandler = authenticationFailureHandler;
        this.bearerTokenResolver = bearerTokenResolver;
        this.authenticationConverter = new OnSecurityAccessTokenAuthorizationConvert(this.bearerTokenResolver);
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        try {
            OnSecurityAccessTokenAuthorizationToken onSecurityAccessTokenAuthorizationToken = (OnSecurityAccessTokenAuthorizationToken) this.authenticationConverter.convert(httpServletRequest);
            if (ObjectUtils.isEmpty(onSecurityAccessTokenAuthorizationToken.getAccessToken())) {
                throw new OnSecurityApplicationResourceAuthenticationException("No valid access_token was extracted.", ResourceAuthenticationErrorCode.NO_ACCESS_TOKEN, new String[0]);
            }
            this.authenticationManager.authenticate(onSecurityAccessTokenAuthorizationToken);
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (AuthenticationException e) {
            SecurityContextHolder.clearContext();
            OnSecurityApplicationContextHolder.clearContext();
            this.authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e);
        }
    }
}
