package net.sf.acegisecurity.intercept;

import java.util.HashSet;
import java.util.Iterator;
import net.sf.acegisecurity.AccessDecisionManager;
import net.sf.acegisecurity.AccessDeniedException;
import net.sf.acegisecurity.AfterInvocationManager;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationCredentialsNotFoundException;
import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.AuthenticationManager;
import net.sf.acegisecurity.ConfigAttribute;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.RunAsManager;
import net.sf.acegisecurity.context.ContextHolder;
import net.sf.acegisecurity.context.security.SecureContext;
import net.sf.acegisecurity.intercept.event.AuthenticationCredentialsNotFoundEvent;
import net.sf.acegisecurity.intercept.event.AuthenticationFailureEvent;
import net.sf.acegisecurity.intercept.event.AuthorizationFailureEvent;
import net.sf.acegisecurity.intercept.event.AuthorizedEvent;
import net.sf.acegisecurity.intercept.event.PublicInvocationEvent;
import net.sf.acegisecurity.runas.NullRunAsManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/acegi-security-0.8.2_patched.jar:net/sf/acegisecurity/intercept/AbstractSecurityInterceptor.class */
public abstract class AbstractSecurityInterceptor implements InitializingBean, ApplicationContextAware {
    protected static final Log logger = LogFactory.getLog(AbstractSecurityInterceptor.class);
    private AccessDecisionManager accessDecisionManager;
    private AfterInvocationManager afterInvocationManager;
    private ApplicationContext context;
    private AuthenticationManager authenticationManager;
    private RunAsManager runAsManager = new NullRunAsManager();
    private boolean validateConfigAttributes = true;

    public void setAfterInvocationManager(AfterInvocationManager afterInvocationManager) {
        this.afterInvocationManager = afterInvocationManager;
    }

    public AfterInvocationManager getAfterInvocationManager() {
        return this.afterInvocationManager;
    }

    @Override // org.springframework.context.ApplicationContextAware
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.context = applicationContext;
    }

    public abstract Class getSecureObjectClass();

    public abstract ObjectDefinitionSource obtainObjectDefinitionSource();

    public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
        this.accessDecisionManager = accessDecisionManager;
    }

    public AccessDecisionManager getAccessDecisionManager() {
        return this.accessDecisionManager;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public AuthenticationManager getAuthenticationManager() {
        return this.authenticationManager;
    }

    public void setRunAsManager(RunAsManager runAsManager) {
        this.runAsManager = runAsManager;
    }

    public RunAsManager getRunAsManager() {
        return this.runAsManager;
    }

    public void setValidateConfigAttributes(boolean z) {
        this.validateConfigAttributes = z;
    }

    public boolean isValidateConfigAttributes() {
        return this.validateConfigAttributes;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()");
        Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
        Assert.notNull(this.accessDecisionManager, "An AccessDecisionManager is required");
        Assert.notNull(this.runAsManager, "A RunAsManager is required");
        Assert.notNull(obtainObjectDefinitionSource(), "An ObjectDefinitionSource is required");
        if (!obtainObjectDefinitionSource().supports(getSecureObjectClass())) {
            throw new IllegalArgumentException("ObjectDefinitionSource does not support secure object class: " + getSecureObjectClass());
        }
        if (!this.runAsManager.supports(getSecureObjectClass())) {
            throw new IllegalArgumentException("RunAsManager does not support secure object class: " + getSecureObjectClass());
        }
        if (!this.accessDecisionManager.supports(getSecureObjectClass())) {
            throw new IllegalArgumentException("AccessDecisionManager does not support secure object class: " + getSecureObjectClass());
        }
        if (this.afterInvocationManager != null && !this.afterInvocationManager.supports(getSecureObjectClass())) {
            throw new IllegalArgumentException("AfterInvocationManager does not support secure object class: " + getSecureObjectClass());
        }
        if (this.validateConfigAttributes) {
            Iterator configAttributeDefinitions = obtainObjectDefinitionSource().getConfigAttributeDefinitions();
            if (configAttributeDefinitions == null) {
                if (logger.isWarnEnabled()) {
                    logger.warn("Could not validate configuration attributes as the MethodDefinitionSource did not return a ConfigAttributeDefinition Iterator");
                    return;
                }
                return;
            }
            HashSet hashSet = new HashSet();
            while (configAttributeDefinitions.hasNext()) {
                Iterator configAttributes = ((ConfigAttributeDefinition) configAttributeDefinitions.next()).getConfigAttributes();
                while (configAttributes.hasNext()) {
                    ConfigAttribute configAttribute = (ConfigAttribute) configAttributes.next();
                    if (!this.runAsManager.supports(configAttribute) && !this.accessDecisionManager.supports(configAttribute) && (this.afterInvocationManager == null || !this.afterInvocationManager.supports(configAttribute))) {
                        hashSet.add(configAttribute);
                    }
                }
            }
            if (hashSet.size() != 0) {
                throw new IllegalArgumentException("Unsupported configuration attributes: " + hashSet.toString());
            }
            if (logger.isInfoEnabled()) {
                logger.info("Validated configuration attributes");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Object afterInvocation(InterceptorStatusToken interceptorStatusToken, Object obj) {
        if (interceptorStatusToken == null) {
            return obj;
        }
        if (interceptorStatusToken.isContextHolderRefreshRequired()) {
            if (logger.isDebugEnabled()) {
                logger.debug("Reverting to original Authentication: " + interceptorStatusToken.getAuthentication().toString());
            }
            SecureContext secureContext = (SecureContext) ContextHolder.getContext();
            secureContext.setAuthentication(interceptorStatusToken.getAuthentication());
            ContextHolder.setContext(secureContext);
        }
        if (this.afterInvocationManager != null) {
            obj = this.afterInvocationManager.decide(interceptorStatusToken.getAuthentication(), interceptorStatusToken.getSecureObject(), interceptorStatusToken.getAttr(), obj);
        }
        return obj;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public InterceptorStatusToken beforeInvocation(Object obj) {
        ConfigAttributeDefinition attributes = obtainObjectDefinitionSource().getAttributes(obj);
        if (attributes == null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Public object - authentication not attempted");
            }
            this.context.publishEvent(new PublicInvocationEvent(obj));
            if (ContextHolder.getContext() == null || !(ContextHolder.getContext() instanceof SecureContext)) {
                return null;
            }
            SecureContext secureContext = (SecureContext) ContextHolder.getContext();
            if (secureContext.getAuthentication() == null) {
                return null;
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Authentication object detected and tagged as unauthenticated");
            }
            Authentication authentication = secureContext.getAuthentication();
            authentication.setAuthenticated(false);
            secureContext.setAuthentication(authentication);
            ContextHolder.setContext(secureContext);
            return null;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Secure object: " + obj.toString() + "; ConfigAttributes: " + attributes.toString());
        }
        if (ContextHolder.getContext() == null || !(ContextHolder.getContext() instanceof SecureContext)) {
            credentialsNotFound("A valid SecureContext was not provided in the RequestContext", obj, attributes);
        }
        SecureContext secureContext2 = (SecureContext) ContextHolder.getContext();
        if (secureContext2.getAuthentication() == null) {
            credentialsNotFound("Authentication credentials were not found in the SecureContext", obj, attributes);
        }
        try {
            Authentication authenticate = this.authenticationManager.authenticate(secureContext2.getAuthentication());
            authenticate.setAuthenticated(true);
            if (logger.isDebugEnabled()) {
                logger.debug("Authenticated: " + authenticate.toString());
            }
            secureContext2.setAuthentication(authenticate);
            ContextHolder.setContext(secureContext2);
            try {
                this.accessDecisionManager.decide(authenticate, obj, attributes);
                if (logger.isDebugEnabled()) {
                    logger.debug("Authorization successful");
                }
                this.context.publishEvent(new AuthorizedEvent(obj, attributes, authenticate));
                Authentication buildRunAs = this.runAsManager.buildRunAs(authenticate, obj, attributes);
                if (buildRunAs == null) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("RunAsManager did not change Authentication object");
                    }
                    return new InterceptorStatusToken(authenticate, false, attributes, obj);
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("Switching to RunAs Authentication: " + buildRunAs.toString());
                }
                secureContext2.setAuthentication(buildRunAs);
                ContextHolder.setContext(secureContext2);
                return new InterceptorStatusToken(authenticate, true, attributes, obj);
            } catch (AccessDeniedException e) {
                this.context.publishEvent(new AuthorizationFailureEvent(obj, attributes, authenticate, e));
                throw e;
            }
        } catch (AuthenticationException e2) {
            this.context.publishEvent(new AuthenticationFailureEvent(obj, attributes, secureContext2.getAuthentication(), e2));
            throw e2;
        }
    }

    private void credentialsNotFound(String str, Object obj, ConfigAttributeDefinition configAttributeDefinition) {
        AuthenticationCredentialsNotFoundException authenticationCredentialsNotFoundException = new AuthenticationCredentialsNotFoundException(str);
        this.context.publishEvent(new AuthenticationCredentialsNotFoundEvent(obj, configAttributeDefinition, authenticationCredentialsNotFoundException));
        throw authenticationCredentialsNotFoundException;
    }
}
