package org.springframework.security.intercept;

import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.AccessDecisionManager;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AfterInvocationManager;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.RunAsManager;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.event.authorization.AuthenticationCredentialsNotFoundEvent;
import org.springframework.security.event.authorization.AuthorizationFailureEvent;
import org.springframework.security.event.authorization.AuthorizedEvent;
import org.springframework.security.event.authorization.PublicInvocationEvent;
import org.springframework.security.runas.NullRunAsManager;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-core-2.0.1.jar:org/springframework/security/intercept/AbstractSecurityInterceptor.class */
public abstract class AbstractSecurityInterceptor implements InitializingBean, ApplicationEventPublisherAware, MessageSourceAware {
    protected static final Log logger;
    private ApplicationEventPublisher eventPublisher;
    private AccessDecisionManager accessDecisionManager;
    private AfterInvocationManager afterInvocationManager;
    private AuthenticationManager authenticationManager;
    static Class class$org$springframework$security$intercept$AbstractSecurityInterceptor;
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private RunAsManager runAsManager = new NullRunAsManager();
    private boolean alwaysReauthenticate = false;
    private boolean rejectPublicInvocations = false;
    private boolean validateConfigAttributes = true;

    /* JADX INFO: Access modifiers changed from: protected */
    public Object afterInvocation(InterceptorStatusToken interceptorStatusToken, Object obj) {
        if (interceptorStatusToken == null) {
            return obj;
        }
        if (interceptorStatusToken.isContextHolderRefreshRequired()) {
            if (logger.isDebugEnabled()) {
                logger.debug(new StringBuffer().append("Reverting to original Authentication: ").append(interceptorStatusToken.getAuthentication().toString()).toString());
            }
            SecurityContextHolder.getContext().setAuthentication(interceptorStatusToken.getAuthentication());
        }
        if (this.afterInvocationManager != null) {
            try {
                obj = this.afterInvocationManager.decide(interceptorStatusToken.getAuthentication(), interceptorStatusToken.getSecureObject(), interceptorStatusToken.getAttr(), obj);
            } catch (AccessDeniedException e) {
                publishEvent(new AuthorizationFailureEvent(interceptorStatusToken.getSecureObject(), interceptorStatusToken.getAttr(), interceptorStatusToken.getAuthentication(), e));
                throw e;
            }
        }
        return obj;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()");
        Assert.notNull(this.messages, "A message source must be set");
        Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
        Assert.notNull(this.accessDecisionManager, "An AccessDecisionManager is required");
        Assert.notNull(this.runAsManager, "A RunAsManager is required");
        Assert.notNull(obtainObjectDefinitionSource(), "An ObjectDefinitionSource is required");
        Assert.isTrue(obtainObjectDefinitionSource().supports(getSecureObjectClass()), new StringBuffer().append("ObjectDefinitionSource does not support secure object class: ").append(getSecureObjectClass()).toString());
        Assert.isTrue(this.runAsManager.supports(getSecureObjectClass()), new StringBuffer().append("RunAsManager does not support secure object class: ").append(getSecureObjectClass()).toString());
        Assert.isTrue(this.accessDecisionManager.supports(getSecureObjectClass()), new StringBuffer().append("AccessDecisionManager does not support secure object class: ").append(getSecureObjectClass()).toString());
        if (this.afterInvocationManager != null) {
            Assert.isTrue(this.afterInvocationManager.supports(getSecureObjectClass()), new StringBuffer().append("AfterInvocationManager does not support secure object class: ").append(getSecureObjectClass()).toString());
        }
        if (this.validateConfigAttributes) {
            Collection configAttributeDefinitions = obtainObjectDefinitionSource().getConfigAttributeDefinitions();
            if (configAttributeDefinitions == null) {
                logger.warn("Could not validate configuration attributes as the ObjectDefinitionSource did not return a ConfigAttributeDefinition collection");
                return;
            }
            Iterator it = configAttributeDefinitions.iterator();
            HashSet hashSet = new HashSet();
            while (it.hasNext()) {
                for (ConfigAttribute configAttribute : ((ConfigAttributeDefinition) it.next()).getConfigAttributes()) {
                    if (!this.runAsManager.supports(configAttribute) && !this.accessDecisionManager.supports(configAttribute) && (this.afterInvocationManager == null || !this.afterInvocationManager.supports(configAttribute))) {
                        hashSet.add(configAttribute);
                    }
                }
            }
            if (hashSet.size() != 0) {
                throw new IllegalArgumentException(new StringBuffer().append("Unsupported configuration attributes: ").append(hashSet).toString());
            }
            logger.info("Validated configuration attributes");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public InterceptorStatusToken beforeInvocation(Object obj) {
        Assert.notNull(obj, "Object was null");
        if (!getSecureObjectClass().isAssignableFrom(obj.getClass())) {
            throw new IllegalArgumentException(new StringBuffer().append("Security invocation attempted for object ").append(obj.getClass().getName()).append(" but AbstractSecurityInterceptor only configured to support secure objects of type: ").append(getSecureObjectClass()).toString());
        }
        ConfigAttributeDefinition attributes = obtainObjectDefinitionSource().getAttributes(obj);
        if (attributes == null) {
            if (this.rejectPublicInvocations) {
                throw new IllegalArgumentException("No public invocations are allowed via this AbstractSecurityInterceptor. This indicates a configuration error because the AbstractSecurityInterceptor.rejectPublicInvocations property is set to 'true'");
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Public object - authentication not attempted");
            }
            publishEvent(new PublicInvocationEvent(obj));
            return null;
        }
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Secure object: ").append(obj).append("; ConfigAttributes: ").append(attributes).toString());
        }
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            credentialsNotFound(this.messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound", "An Authentication object was not found in the SecurityContext"), obj, attributes);
        }
        Authentication authenticateIfRequired = authenticateIfRequired();
        try {
            this.accessDecisionManager.decide(authenticateIfRequired, obj, attributes);
            if (logger.isDebugEnabled()) {
                logger.debug("Authorization successful");
            }
            publishEvent(new AuthorizedEvent(obj, attributes, authenticateIfRequired));
            Authentication buildRunAs = this.runAsManager.buildRunAs(authenticateIfRequired, obj, attributes);
            if (buildRunAs == null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("RunAsManager did not change Authentication object");
                }
                return new InterceptorStatusToken(authenticateIfRequired, false, attributes, obj);
            }
            if (logger.isDebugEnabled()) {
                logger.debug(new StringBuffer().append("Switching to RunAs Authentication: ").append(buildRunAs).toString());
            }
            SecurityContextHolder.getContext().setAuthentication(buildRunAs);
            return new InterceptorStatusToken(authenticateIfRequired, true, attributes, obj);
        } catch (AccessDeniedException e) {
            publishEvent(new AuthorizationFailureEvent(obj, attributes, authenticateIfRequired, e));
            throw e;
        }
    }

    private Authentication authenticateIfRequired() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication.isAuthenticated() && !this.alwaysReauthenticate) {
            if (logger.isDebugEnabled()) {
                logger.debug(new StringBuffer().append("Previously Authenticated: ").append(authentication).toString());
            }
            return authentication;
        }
        Authentication authenticate = this.authenticationManager.authenticate(authentication);
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Successfully Authenticated: ").append(authenticate).toString());
        }
        SecurityContextHolder.getContext().setAuthentication(authenticate);
        return authenticate;
    }

    private void credentialsNotFound(String str, Object obj, ConfigAttributeDefinition configAttributeDefinition) {
        AuthenticationCredentialsNotFoundException authenticationCredentialsNotFoundException = new AuthenticationCredentialsNotFoundException(str);
        publishEvent(new AuthenticationCredentialsNotFoundEvent(obj, configAttributeDefinition, authenticationCredentialsNotFoundException));
        throw authenticationCredentialsNotFoundException;
    }

    public AccessDecisionManager getAccessDecisionManager() {
        return this.accessDecisionManager;
    }

    public AfterInvocationManager getAfterInvocationManager() {
        return this.afterInvocationManager;
    }

    public AuthenticationManager getAuthenticationManager() {
        return this.authenticationManager;
    }

    public RunAsManager getRunAsManager() {
        return this.runAsManager;
    }

    public abstract Class getSecureObjectClass();

    public boolean isAlwaysReauthenticate() {
        return this.alwaysReauthenticate;
    }

    public boolean isRejectPublicInvocations() {
        return this.rejectPublicInvocations;
    }

    public boolean isValidateConfigAttributes() {
        return this.validateConfigAttributes;
    }

    public abstract ObjectDefinitionSource obtainObjectDefinitionSource();

    public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
        this.accessDecisionManager = accessDecisionManager;
    }

    public void setAfterInvocationManager(AfterInvocationManager afterInvocationManager) {
        this.afterInvocationManager = afterInvocationManager;
    }

    public void setAlwaysReauthenticate(boolean z) {
        this.alwaysReauthenticate = z;
    }

    @Override // org.springframework.context.ApplicationEventPublisherAware
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.eventPublisher = applicationEventPublisher;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Override // org.springframework.context.MessageSourceAware
    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }

    public void setRejectPublicInvocations(boolean z) {
        this.rejectPublicInvocations = z;
    }

    public void setRunAsManager(RunAsManager runAsManager) {
        this.runAsManager = runAsManager;
    }

    public void setValidateConfigAttributes(boolean z) {
        this.validateConfigAttributes = z;
    }

    private void publishEvent(ApplicationEvent applicationEvent) {
        if (this.eventPublisher != null) {
            this.eventPublisher.publishEvent(applicationEvent);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$springframework$security$intercept$AbstractSecurityInterceptor == null) {
            cls = class$("org.springframework.security.intercept.AbstractSecurityInterceptor");
            class$org$springframework$security$intercept$AbstractSecurityInterceptor = cls;
        } else {
            cls = class$org$springframework$security$intercept$AbstractSecurityInterceptor;
        }
        logger = LogFactory.getLog(cls);
    }
}
