package org.onetwo.boot.module.oauth2.resouce;

import java.util.List;
import org.onetwo.boot.module.oauth2.JFishOauth2Properties;
import org.onetwo.common.utils.LangUtils;
import org.onetwo.ext.security.DefaultUrlSecurityConfigurer;
import org.onetwo.ext.security.method.DefaultMethodSecurityConfigurer;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.oauth2.provider.token.TokenStore;

@EnableConfigurationProperties({JFishOauth2Properties.class})
@Configuration
@EnableResourceServer
@ConditionalOnProperty(name = {JFishOauth2Properties.ResourceServerProps.ENABLED_KEY}, matchIfMissing = true)
/* loaded from: input_file:org/onetwo/boot/module/oauth2/resouce/ResourceServerConfiguration.class */
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    @Autowired
    private JFishOauth2Properties oauth2Properties;

    @Autowired(required = false)
    private TokenStore tokenStore;

    @Autowired(required = false)
    private OAuth2AuthenticationEntryPoint oauth2AuthenticationEntryPoint;

    @Autowired(required = false)
    private OAuth2AccessDeniedHandler oauth2AccessDeniedHandler;

    public void configure(HttpSecurity httpSecurity) throws Exception {
        JFishOauth2Properties.ResourceServerProps resourceServer = this.oauth2Properties.getResourceServer();
        if (!LangUtils.isEmpty(resourceServer.getRequestMatchers())) {
            httpSecurity.requestMatchers().antMatchers(resourceServer.getRequestMatchers());
        }
        DefaultUrlSecurityConfigurer.configIntercepterUrls(httpSecurity, resourceServer.getIntercepterUrls(), (List) null);
        DefaultMethodSecurityConfigurer.defaultAnyRequest(httpSecurity, resourceServer.getAnyRequest());
        httpSecurity.headers().frameOptions().sameOrigin().xssProtection().xssProtectionEnabled(true).and();
    }

    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) throws Exception {
        if (this.tokenStore != null) {
            resourceServerSecurityConfigurer.tokenStore(this.tokenStore);
        }
        String resourceId = this.oauth2Properties.getResourceServer().getResourceId();
        if (resourceId != null) {
            resourceServerSecurityConfigurer.resourceId(resourceId);
        }
        if (this.oauth2AuthenticationEntryPoint != null) {
            resourceServerSecurityConfigurer.authenticationEntryPoint(this.oauth2AuthenticationEntryPoint);
        }
        if (this.oauth2AccessDeniedHandler != null) {
            resourceServerSecurityConfigurer.accessDeniedHandler(this.oauth2AccessDeniedHandler);
        }
    }
}
