package org.minbox.framework.on.security.application.service.web;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.minbox.framework.on.security.application.service.authentication.ApplicationResourceRoleBasedAccessControlAuthenticationToken;
import org.minbox.framework.on.security.application.service.authentication.context.OnSecurityApplicationContextHolder;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:BOOT-INF/lib/on-security-application-service-0.1.0.jar:org/minbox/framework/on/security/application/service/web/ApplicationResourceRoleBasedAccessControlFilter.class */
public final class ApplicationResourceRoleBasedAccessControlFilter extends OncePerRequestFilter {
    private AuthenticationManager authenticationManager;
    private AuthenticationFailureHandler authenticationFailureHandler;

    public ApplicationResourceRoleBasedAccessControlFilter(AuthenticationManager authenticationManager) {
        this(authenticationManager, new OnSecurityApplicationResourceAuthorizationFailureHandler());
    }

    public ApplicationResourceRoleBasedAccessControlFilter(AuthenticationManager authenticationManager, AuthenticationFailureHandler authenticationFailureHandler) {
        this.authenticationManager = authenticationManager;
        this.authenticationFailureHandler = authenticationFailureHandler;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        try {
            this.authenticationManager.authenticate(new ApplicationResourceRoleBasedAccessControlAuthenticationToken(httpServletRequest, OnSecurityApplicationContextHolder.getContext().getUserAuthorizationResource()));
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (AuthenticationException e) {
            this.authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e);
        }
    }
}
