package ru.mynewtons.starter.oauth2.config.security.oauth2;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.stereotype.Component;
import ru.mynewtons.starter.oauth2.config.security.CustomLogoutSuccessHandler;

@Component
/* loaded from: input_file:ru/mynewtons/starter/oauth2/config/security/oauth2/UserResourceServerConfiguration.class */
public class UserResourceServerConfiguration {

    @Autowired
    private CustomLogoutSuccessHandler customLogoutSuccessHandler;

    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.exceptionHandling().and().logout().logoutUrl("/api/oauth/logout").logoutSuccessHandler(this.customLogoutSuccessHandler).and().csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable().headers().frameOptions().disable().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        configureAntMatcher(httpSecurity);
    }

    public void configureAntMatcher(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(HttpMethod.POST, new String[]{"/api/register"})).permitAll().antMatchers(HttpMethod.POST, new String[]{"/api/users/recovery-password"})).permitAll().antMatchers(HttpMethod.GET, new String[]{"/api/users/email/test"})).permitAll().antMatchers(HttpMethod.GET, new String[]{"/api/users/confirm-email"})).permitAll().antMatchers(HttpMethod.GET, new String[]{"/api/users-view/change-password"})).permitAll().antMatchers(HttpMethod.POST, new String[]{"/api/users-view/change-password"})).permitAll().antMatchers(HttpMethod.GET, new String[]{"/oauth2/authorize"})).permitAll().antMatchers(new String[]{"/api/**"})).authenticated();
    }
}
