package org.springframework.security.context;

import java.lang.reflect.Method;
import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
import javax.portlet.PortletException;
import javax.portlet.PortletRequest;
import javax.portlet.PortletResponse;
import javax.portlet.PortletSession;
import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
import org.springframework.util.ReflectionUtils;
import org.springframework.web.portlet.HandlerInterceptor;
import org.springframework.web.portlet.ModelAndView;

/* loaded from: input_file:WEB-INF/lib/spring-security-portlet-2.0.2.jar:org/springframework/security/context/PortletSessionContextIntegrationInterceptor.class */
public class PortletSessionContextIntegrationInterceptor implements InitializingBean, HandlerInterceptor {
    protected static final Log logger;
    public static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
    private static final String SESSION_EXISTED;
    private static final String CONTEXT_HASHCODE;
    private Class context;
    private Object contextObject;
    private boolean allowSessionCreation;
    private boolean forceEagerSessionCreation;
    private boolean cloneFromPortletSession;
    private boolean useApplicationScopePortletSession;
    static Class class$org$springframework$security$context$PortletSessionContextIntegrationInterceptor;
    static Class class$org$springframework$security$context$SecurityContextImpl;
    static Class class$org$springframework$security$context$SecurityContext;
    static Class class$java$lang$Cloneable;

    public PortletSessionContextIntegrationInterceptor() throws PortletException {
        Class cls;
        if (class$org$springframework$security$context$SecurityContextImpl == null) {
            cls = class$("org.springframework.security.context.SecurityContextImpl");
            class$org$springframework$security$context$SecurityContextImpl = cls;
        } else {
            cls = class$org$springframework$security$context$SecurityContextImpl;
        }
        this.context = cls;
        this.allowSessionCreation = true;
        this.forceEagerSessionCreation = false;
        this.cloneFromPortletSession = false;
        this.useApplicationScopePortletSession = true;
        this.contextObject = generateNewContext();
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Class cls;
        if (this.context != null) {
            if (class$org$springframework$security$context$SecurityContext == null) {
                cls = class$("org.springframework.security.context.SecurityContext");
                class$org$springframework$security$context$SecurityContext = cls;
            } else {
                cls = class$org$springframework$security$context$SecurityContext;
            }
            if (cls.isAssignableFrom(this.context)) {
                if (this.forceEagerSessionCreation && !this.allowSessionCreation) {
                    throw new IllegalArgumentException("If using forceEagerSessionCreation, you must set allowSessionCreation to also be true");
                }
                return;
            }
        }
        throw new IllegalArgumentException(new StringBuffer().append("context must be defined and implement SecurityContext (typically use org.springframework.security.context.SecurityContextImpl; existing class is ").append(this.context).append(")").toString());
    }

    @Override // org.springframework.web.portlet.HandlerInterceptor
    public boolean preHandleAction(ActionRequest actionRequest, ActionResponse actionResponse, Object obj) throws Exception {
        return preHandle(actionRequest, actionResponse, obj);
    }

    @Override // org.springframework.web.portlet.HandlerInterceptor
    public boolean preHandleRender(RenderRequest renderRequest, RenderResponse renderResponse, Object obj) throws Exception {
        return preHandle(renderRequest, renderResponse, obj);
    }

    @Override // org.springframework.web.portlet.HandlerInterceptor
    public void postHandleRender(RenderRequest renderRequest, RenderResponse renderResponse, Object obj, ModelAndView modelAndView) throws Exception {
    }

    @Override // org.springframework.web.portlet.HandlerInterceptor
    public void afterActionCompletion(ActionRequest actionRequest, ActionResponse actionResponse, Object obj, Exception exc) throws Exception {
        afterCompletion(actionRequest, actionResponse, obj, exc);
    }

    @Override // org.springframework.web.portlet.HandlerInterceptor
    public void afterRenderCompletion(RenderRequest renderRequest, RenderResponse renderResponse, Object obj, Exception exc) throws Exception {
        afterCompletion(renderRequest, renderResponse, obj, exc);
    }

    private boolean preHandle(PortletRequest portletRequest, PortletResponse portletResponse, Object obj) throws Exception {
        Class cls;
        PortletSession portletSession = null;
        boolean z = false;
        try {
            portletSession = portletRequest.getPortletSession(this.forceEagerSessionCreation);
        } catch (IllegalStateException e) {
        }
        if (portletSession != null) {
            z = true;
            Object attribute = portletSession.getAttribute("SPRING_SECURITY_CONTEXT", portletSessionScope());
            if (attribute != null) {
                if (this.cloneFromPortletSession) {
                    if (class$java$lang$Cloneable == null) {
                        cls = class$("java.lang.Cloneable");
                        class$java$lang$Cloneable = cls;
                    } else {
                        cls = class$java$lang$Cloneable;
                    }
                    Assert.isInstanceOf(cls, attribute, "Context must implement Clonable and provide a Object.clone() method");
                    try {
                        Method method = attribute.getClass().getMethod("clone", new Class[0]);
                        if (!method.isAccessible()) {
                            method.setAccessible(true);
                        }
                        attribute = method.invoke(attribute, new Object[0]);
                    } catch (Exception e2) {
                        ReflectionUtils.handleReflectionException(e2);
                    }
                }
                if (attribute instanceof SecurityContext) {
                    if (logger.isDebugEnabled()) {
                        logger.debug(new StringBuffer().append("Obtained from SPRING_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: '").append(attribute).append("'").toString());
                    }
                    SecurityContextHolder.setContext((SecurityContext) attribute);
                } else {
                    if (logger.isWarnEnabled()) {
                        logger.warn(new StringBuffer().append("SPRING_SECURITY_CONTEXT did not contain a SecurityContext but contained: '").append(attribute).append("'; are you improperly modifying the PortletSession directly ").append("(you should always use SecurityContextHolder) or using the PortletSession attribute ").append("reserved for this class? - new SecurityContext instance associated with ").append("SecurityContextHolder").toString());
                    }
                    SecurityContextHolder.setContext(generateNewContext());
                }
            } else {
                if (logger.isDebugEnabled()) {
                    logger.debug("PortletSession returned null object for SPRING_SECURITY_CONTEXT - new SecurityContext instance associated with SecurityContextHolder");
                }
                SecurityContextHolder.setContext(generateNewContext());
            }
        } else {
            if (logger.isDebugEnabled()) {
                logger.debug("No PortletSession currently exists - new SecurityContext instance associated with SecurityContextHolder");
            }
            SecurityContextHolder.setContext(generateNewContext());
        }
        portletRequest.setAttribute(SESSION_EXISTED, new Boolean(z));
        portletRequest.setAttribute(CONTEXT_HASHCODE, new Integer(SecurityContextHolder.getContext().hashCode()));
        return true;
    }

    private void afterCompletion(PortletRequest portletRequest, PortletResponse portletResponse, Object obj, Exception exc) throws Exception {
        PortletSession portletSession = null;
        boolean booleanValue = ((Boolean) portletRequest.getAttribute(SESSION_EXISTED)).booleanValue();
        int intValue = ((Integer) portletRequest.getAttribute(CONTEXT_HASHCODE)).intValue();
        try {
            portletSession = portletRequest.getPortletSession(false);
        } catch (IllegalStateException e) {
        }
        if (portletSession == null && booleanValue && logger.isDebugEnabled()) {
            logger.debug("PortletSession is now null, but was not null at start of request; session was invalidated, so do not create a new session");
        }
        if (portletSession == null && !booleanValue) {
            if (this.allowSessionCreation) {
                if (!this.contextObject.equals(SecurityContextHolder.getContext())) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("PortletSession being created as SecurityContextHolder contents are non-default");
                    }
                    try {
                        portletSession = portletRequest.getPortletSession(true);
                    } catch (IllegalStateException e2) {
                    }
                } else if (logger.isDebugEnabled()) {
                    logger.debug(new StringBuffer().append("PortletSession is null, but SecurityContextHolder has not changed from default: ' ").append(SecurityContextHolder.getContext()).append("'; not creating PortletSession or storing SecurityContextHolder contents").toString());
                }
            } else if (logger.isDebugEnabled()) {
                logger.debug("The PortletSession is currently null, and the PortletSessionContextIntegrationInterceptor is prohibited from creating a PortletSession (because the allowSessionCreation property is false) - SecurityContext thus not stored for next request");
            }
        }
        if (portletSession != null && SecurityContextHolder.getContext().hashCode() != intValue) {
            portletSession.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext(), portletSessionScope());
            if (logger.isDebugEnabled()) {
                logger.debug(new StringBuffer().append("SecurityContext stored to PortletSession: '").append(SecurityContextHolder.getContext()).append("'").toString());
            }
        }
        SecurityContextHolder.clearContext();
        if (logger.isDebugEnabled()) {
            logger.debug("SecurityContextHolder set to new context, as request processing completed");
        }
    }

    public SecurityContext generateNewContext() throws PortletException {
        try {
            return (SecurityContext) this.context.newInstance();
        } catch (IllegalAccessException e) {
            throw new PortletException(e);
        } catch (InstantiationException e2) {
            throw new PortletException(e2);
        }
    }

    private int portletSessionScope() {
        return this.useApplicationScopePortletSession ? 1 : 2;
    }

    public Class getContext() {
        return this.context;
    }

    public void setContext(Class cls) {
        this.context = cls;
    }

    public boolean isAllowSessionCreation() {
        return this.allowSessionCreation;
    }

    public void setAllowSessionCreation(boolean z) {
        this.allowSessionCreation = z;
    }

    public boolean isForceEagerSessionCreation() {
        return this.forceEagerSessionCreation;
    }

    public void setForceEagerSessionCreation(boolean z) {
        this.forceEagerSessionCreation = z;
    }

    public boolean isCloneFromPortletSession() {
        return this.cloneFromPortletSession;
    }

    public void setCloneFromPortletSession(boolean z) {
        this.cloneFromPortletSession = z;
    }

    public boolean isUseApplicationScopePortletSession() {
        return this.useApplicationScopePortletSession;
    }

    public void setUseApplicationScopePortletSession(boolean z) {
        this.useApplicationScopePortletSession = z;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        Class cls2;
        Class cls3;
        if (class$org$springframework$security$context$PortletSessionContextIntegrationInterceptor == null) {
            cls = class$("org.springframework.security.context.PortletSessionContextIntegrationInterceptor");
            class$org$springframework$security$context$PortletSessionContextIntegrationInterceptor = cls;
        } else {
            cls = class$org$springframework$security$context$PortletSessionContextIntegrationInterceptor;
        }
        logger = LogFactory.getLog(cls);
        StringBuffer stringBuffer = new StringBuffer();
        if (class$org$springframework$security$context$PortletSessionContextIntegrationInterceptor == null) {
            cls2 = class$("org.springframework.security.context.PortletSessionContextIntegrationInterceptor");
            class$org$springframework$security$context$PortletSessionContextIntegrationInterceptor = cls2;
        } else {
            cls2 = class$org$springframework$security$context$PortletSessionContextIntegrationInterceptor;
        }
        SESSION_EXISTED = stringBuffer.append(cls2.getName()).append(".SESSION_EXISTED").toString();
        StringBuffer stringBuffer2 = new StringBuffer();
        if (class$org$springframework$security$context$PortletSessionContextIntegrationInterceptor == null) {
            cls3 = class$("org.springframework.security.context.PortletSessionContextIntegrationInterceptor");
            class$org$springframework$security$context$PortletSessionContextIntegrationInterceptor = cls3;
        } else {
            cls3 = class$org$springframework$security$context$PortletSessionContextIntegrationInterceptor;
        }
        CONTEXT_HASHCODE = stringBuffer2.append(cls3.getName()).append(".CONTEXT_HASHCODE").toString();
    }
}
