package org.springframework.webflow.security;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.springframework.security.AccessDecisionManager;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.SecurityConfig;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.vote.AffirmativeBased;
import org.springframework.security.vote.RoleVoter;
import org.springframework.security.vote.UnanimousBased;
import org.springframework.webflow.definition.FlowDefinition;
import org.springframework.webflow.definition.StateDefinition;
import org.springframework.webflow.definition.TransitionDefinition;
import org.springframework.webflow.execution.EnterStateVetoException;
import org.springframework.webflow.execution.FlowExecutionListenerAdapter;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/spring-webflow-2.0.8.RELEASE.jar:org/springframework/webflow/security/SecurityFlowExecutionListener.class */
public class SecurityFlowExecutionListener extends FlowExecutionListenerAdapter {
    private AccessDecisionManager accessDecisionManager;

    public AccessDecisionManager getAccessDecisionManager() {
        return this.accessDecisionManager;
    }

    public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
        this.accessDecisionManager = accessDecisionManager;
    }

    @Override // org.springframework.webflow.execution.FlowExecutionListenerAdapter, org.springframework.webflow.execution.FlowExecutionListener
    public void sessionCreating(RequestContext requestContext, FlowDefinition flowDefinition) {
        SecurityRule securityRule = (SecurityRule) flowDefinition.getAttributes().get(SecurityRule.SECURITY_ATTRIBUTE_NAME);
        if (securityRule != null) {
            decide(securityRule, flowDefinition);
        }
    }

    @Override // org.springframework.webflow.execution.FlowExecutionListenerAdapter, org.springframework.webflow.execution.FlowExecutionListener
    public void stateEntering(RequestContext requestContext, StateDefinition stateDefinition) throws EnterStateVetoException {
        SecurityRule securityRule = (SecurityRule) stateDefinition.getAttributes().get(SecurityRule.SECURITY_ATTRIBUTE_NAME);
        if (securityRule != null) {
            decide(securityRule, stateDefinition);
        }
    }

    @Override // org.springframework.webflow.execution.FlowExecutionListenerAdapter, org.springframework.webflow.execution.FlowExecutionListener
    public void transitionExecuting(RequestContext requestContext, TransitionDefinition transitionDefinition) {
        SecurityRule securityRule = (SecurityRule) transitionDefinition.getAttributes().get(SecurityRule.SECURITY_ATTRIBUTE_NAME);
        if (securityRule != null) {
            decide(securityRule, transitionDefinition);
        }
    }

    protected void decide(SecurityRule securityRule, Object obj) {
        AffirmativeBased unanimousBased;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        ConfigAttributeDefinition configAttributeDefinition = new ConfigAttributeDefinition(getConfigAttributes(securityRule));
        if (this.accessDecisionManager != null) {
            this.accessDecisionManager.decide(authentication, obj, configAttributeDefinition);
            return;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(new RoleVoter());
        if (securityRule.getComparisonType() == 1) {
            unanimousBased = new AffirmativeBased();
        } else {
            if (securityRule.getComparisonType() != 2) {
                throw new IllegalStateException(new StringBuffer("Unknown SecurityRule match type: ").append((int) securityRule.getComparisonType()).toString());
            }
            unanimousBased = new UnanimousBased();
        }
        unanimousBased.setDecisionVoters(arrayList);
        unanimousBased.decide(authentication, obj, configAttributeDefinition);
    }

    protected List getConfigAttributes(SecurityRule securityRule) {
        ArrayList arrayList = new ArrayList();
        Iterator it = securityRule.getAttributes().iterator();
        while (it.hasNext()) {
            arrayList.add(new SecurityConfig((String) it.next()));
        }
        return arrayList;
    }
}
