package org.webswing.server.services.security.login;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.HttpMethod;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.webswing.server.base.AbstractUrlHandler;
import org.webswing.server.base.UrlHandler;
import org.webswing.server.model.exception.WsException;
import org.webswing.server.services.security.LoginTokenAdapter;
import org.webswing.server.services.security.api.AbstractWebswingUser;
import org.webswing.server.util.SecurityUtil;

/* loaded from: input_file:WEB-INF/classes/org/webswing/server/services/security/login/LoginHandlerImpl.class */
public class LoginHandlerImpl extends AbstractUrlHandler implements LoginHandler {
    private static final Logger log = LoggerFactory.getLogger(LoginHandlerImpl.class);

    public LoginHandlerImpl(UrlHandler urlHandler) {
        super(urlHandler);
    }

    @Override // org.webswing.server.base.AbstractUrlHandler
    protected String getPath() {
        return "login";
    }

    @Override // org.webswing.server.base.AbstractUrlHandler, org.webswing.server.base.UrlHandler
    public boolean serve(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws WsException {
        try {
            if (HttpMethod.OPTIONS.equals(httpServletRequest.getMethod())) {
                return true;
            }
            login(httpServletRequest, httpServletResponse);
            return true;
        } catch (Exception e) {
            log.error("Failed to process login request. " + getFullPathMapping(), (Throwable) e);
            throw new WsException("Failed to login", e);
        }
    }

    protected void login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        AbstractWebswingUser user = getUser();
        Subject subject = SecurityUtils.getSubject();
        if (user != null) {
            getSecurityProvider().get().doServeAuthenticated(user, getPathInfo(httpServletRequest), httpServletRequest, httpServletResponse);
            return;
        }
        try {
            AbstractWebswingUser doLogin = getSecurityProvider().get().doLogin(httpServletRequest, httpServletResponse);
            if (doLogin != null) {
                subject.login(new LoginTokenAdapter(getSecuredPath(), doLogin));
                subject.getSession().setAttribute(SecurityUtil.CLIENT_IP_SESSION_ATTR, SecurityUtil.getClientIp(httpServletRequest));
            }
        } catch (Exception e) {
            log.error("Unexpected authentication error.", (Throwable) e);
        }
    }
}
