package org.trails.security;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.ui.session.HttpSessionApplicationEvent;
import org.acegisecurity.ui.session.HttpSessionCreatedEvent;
import org.acegisecurity.ui.session.HttpSessionDestroyedEvent;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationListener;
import org.trails.descriptor.IClassDescriptor;
import org.trails.descriptor.TrailsClassDescriptor;

@Aspect
/* loaded from: input_file:org/trails/security/DescriptorSecurity.class */
public class DescriptorSecurity implements ApplicationListener {
    private static final Log log = LogFactory.getLog(DescriptorSecurity.class);
    private static boolean sessionCreationDetected = false;
    private SecurityService securityService;
    Map<String, Map<String, IClassDescriptor>> perUserClassDescriptorCache = new HashMap();

    @Around("execution(public org.trails.descriptor.IClassDescriptor org.trails.descriptor.DescriptorService+.getClassDescriptor(Class))")
    public Object classDescriptorSecurity(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        IClassDescriptor iClassDescriptor = (IClassDescriptor) proceedingJoinPoint.proceed();
        if (iClassDescriptor == null) {
            return null;
        }
        SecurityContext context = SecurityContextHolder.getContext();
        return (context == null || context.getAuthentication() == null) ? iClassDescriptor : applyRestrictions(iClassDescriptor, context);
    }

    @Around("execution(public java.util.List org.trails.descriptor.DescriptorService+.getAllDescriptors())")
    public Object getAllClassDescriptorSecurity(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        List list = (List) proceedingJoinPoint.proceed();
        if (list == null) {
            return null;
        }
        SecurityContext context = SecurityContextHolder.getContext();
        if (context == null || context.getAuthentication() == null) {
            return list;
        }
        ArrayList arrayList = new ArrayList(list.size());
        Iterator it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(applyRestrictions((IClassDescriptor) it.next(), context));
        }
        return arrayList;
    }

    protected IClassDescriptor applyRestrictions(IClassDescriptor iClassDescriptor, SecurityContext securityContext) {
        Map<String, IClassDescriptor> map = this.perUserClassDescriptorCache.get(securityContext.getAuthentication().getName());
        IClassDescriptor iClassDescriptor2 = null;
        if (map != null) {
            iClassDescriptor2 = map.get(iClassDescriptor.getType().getSimpleName());
        } else {
            map = new HashMap();
            this.perUserClassDescriptorCache.put(securityContext.getAuthentication().getName(), map);
            if (!sessionCreationDetected) {
                log.warn("This implementation caches security-enhanced class descriptors for each user\n but no session events are detected. Descriptors for expired sessions cannot be removed from the cache\nCheck that you have configured <listener-class>org.acegisecurity.ui.session.HttpSessionEventPublisher</listener-class>?\n");
            }
        }
        if (iClassDescriptor2 != null) {
            return iClassDescriptor2;
        }
        IClassDescriptor trailsClassDescriptor = new TrailsClassDescriptor(iClassDescriptor);
        map.put(iClassDescriptor.getType().getSimpleName(), trailsClassDescriptor);
        List findRestrictions = this.securityService.findRestrictions(iClassDescriptor);
        if (findRestrictions != null) {
            Iterator it = findRestrictions.iterator();
            while (it.hasNext()) {
                ((SecurityRestriction) it.next()).restrict(securityContext.getAuthentication().getAuthorities(), trailsClassDescriptor);
            }
        }
        return trailsClassDescriptor;
    }

    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    public void onApplicationEvent(ApplicationEvent applicationEvent) {
        if (applicationEvent instanceof HttpSessionApplicationEvent) {
            if (!(applicationEvent instanceof HttpSessionDestroyedEvent)) {
                if (applicationEvent instanceof HttpSessionCreatedEvent) {
                    sessionCreationDetected = true;
                    return;
                }
                return;
            }
            SecurityContext context = SecurityContextHolder.getContext();
            if (context == null || context.getAuthentication() == null || this.perUserClassDescriptorCache.remove(context.getAuthentication().getName()) == null || !log.isDebugEnabled()) {
                return;
            }
            log.debug("Removing cached descriptors for user " + context.getAuthentication().getName());
        }
    }
}
