package org.activiti.cloud.services.common.security.keycloak.config;

import java.util.List;
import org.activiti.api.runtime.shared.security.PrincipalGroupsProvider;
import org.activiti.api.runtime.shared.security.PrincipalIdentityProvider;
import org.activiti.api.runtime.shared.security.PrincipalRolesProvider;
import org.activiti.api.runtime.shared.security.SecurityContextPrincipalProvider;
import org.activiti.api.runtime.shared.security.SecurityContextTokenProvider;
import org.activiti.api.runtime.shared.security.SecurityManager;
import org.activiti.cloud.services.common.security.keycloak.KeycloakAccessTokenPrincipalGroupsProvider;
import org.activiti.cloud.services.common.security.keycloak.KeycloakAccessTokenPrincipalRolesProvider;
import org.activiti.cloud.services.common.security.keycloak.KeycloakAccessTokenProvider;
import org.activiti.cloud.services.common.security.keycloak.KeycloakAccessTokenValidator;
import org.activiti.cloud.services.common.security.keycloak.KeycloakPrincipalGroupsProviderChain;
import org.activiti.cloud.services.common.security.keycloak.KeycloakPrincipalIdentityProvider;
import org.activiti.cloud.services.common.security.keycloak.KeycloakPrincipalRolesProviderChain;
import org.activiti.cloud.services.common.security.keycloak.KeycloakSecurityContextPrincipalProvider;
import org.activiti.cloud.services.common.security.keycloak.KeycloakSecurityContextTokenProvider;
import org.activiti.cloud.services.common.security.keycloak.KeycloakSecurityManagerImpl;
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.keycloak.adapters.springsecurity.management.HttpSessionManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;

@Configuration
@ConditionalOnMissingBean({KeycloakConfigResolver.class, SessionAuthenticationStrategy.class, SessionAuthenticationStrategy.class})
@KeycloakConfiguration
@ConditionalOnWebApplication
@Import({KeycloakSpringBootConfigResolver.class})
/* loaded from: input_file:org/activiti/cloud/services/common/security/keycloak/config/CommonSecurityAutoConfiguration.class */
public class CommonSecurityAutoConfiguration extends KeycloakWebSecurityConfigurerAdapter {
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder, KeycloakAuthenticationProvider keycloakAuthenticationProvider) throws Exception {
        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
        authenticationManagerBuilder.authenticationProvider(keycloakAuthenticationProvider);
    }

    @ConditionalOnMissingBean
    @Bean
    public KeycloakAuthenticationProvider keycloakAuthenticationProvider() {
        return new KeycloakAuthenticationProvider();
    }

    @ConditionalOnMissingBean
    @Bean
    public SecurityContextPrincipalProvider authenticatedPrincipalProvider() {
        return new KeycloakSecurityContextPrincipalProvider();
    }

    @ConditionalOnMissingBean
    @Bean
    public KeycloakAccessTokenProvider keycloakAccessTokenProvider() {
        return new KeycloakAccessTokenProvider() { // from class: org.activiti.cloud.services.common.security.keycloak.config.CommonSecurityAutoConfiguration.1
        };
    }

    @ConditionalOnMissingBean
    @Bean
    public KeycloakAccessTokenValidator keycloakAccessTokenValidator() {
        return new KeycloakAccessTokenValidator() { // from class: org.activiti.cloud.services.common.security.keycloak.config.CommonSecurityAutoConfiguration.2
        };
    }

    @ConditionalOnMissingBean
    @Bean
    public PrincipalIdentityProvider principalIdentityProvider(KeycloakAccessTokenProvider keycloakAccessTokenProvider, KeycloakAccessTokenValidator keycloakAccessTokenValidator) {
        return new KeycloakPrincipalIdentityProvider(keycloakAccessTokenProvider, keycloakAccessTokenValidator);
    }

    @ConditionalOnMissingBean
    @Bean
    @Order(Integer.MIN_VALUE)
    public KeycloakAccessTokenPrincipalGroupsProvider keycloakAccessTokenPrincipalGroupsProvider(KeycloakAccessTokenProvider keycloakAccessTokenProvider, KeycloakAccessTokenValidator keycloakAccessTokenValidator) {
        return new KeycloakAccessTokenPrincipalGroupsProvider(keycloakAccessTokenProvider, keycloakAccessTokenValidator);
    }

    @ConditionalOnMissingBean
    @Bean
    @Order(Integer.MIN_VALUE)
    public KeycloakAccessTokenPrincipalRolesProvider keycloakAccessTokenPrincipalRolesProvider(KeycloakAccessTokenProvider keycloakAccessTokenProvider, KeycloakAccessTokenValidator keycloakAccessTokenValidator) {
        return new KeycloakAccessTokenPrincipalRolesProvider(keycloakAccessTokenProvider, keycloakAccessTokenValidator);
    }

    @ConditionalOnMissingBean
    @Bean
    public KeycloakPrincipalGroupsProviderChain principalGroupsProviderChain(List<PrincipalGroupsProvider> list) {
        return new KeycloakPrincipalGroupsProviderChain(list);
    }

    @ConditionalOnMissingBean
    @Bean
    public KeycloakPrincipalRolesProviderChain principalRolesProviderChain(List<PrincipalRolesProvider> list) {
        return new KeycloakPrincipalRolesProviderChain(list);
    }

    @ConditionalOnMissingBean
    @Bean
    public SecurityManager securityManager(SecurityContextPrincipalProvider securityContextPrincipalProvider, PrincipalIdentityProvider principalIdentityProvider, KeycloakPrincipalGroupsProviderChain keycloakPrincipalGroupsProviderChain, KeycloakPrincipalRolesProviderChain keycloakPrincipalRolesProviderChain) {
        return new KeycloakSecurityManagerImpl(securityContextPrincipalProvider, principalIdentityProvider, keycloakPrincipalGroupsProviderChain, keycloakPrincipalRolesProviderChain);
    }

    @ConditionalOnMissingBean
    @Bean
    public SecurityContextTokenProvider securityContextTokenProvider() {
        return new KeycloakSecurityContextTokenProvider();
    }

    @ConditionalOnMissingBean
    @Bean
    public KeycloakConfigResolver KeycloakConfigResolver() {
        return new KeycloakSpringBootConfigResolver();
    }

    @ConditionalOnMissingBean({HttpSessionManager.class})
    @Bean
    protected HttpSessionManager httpSessionManager() {
        return new HttpSessionManager();
    }

    @ConditionalOnMissingBean
    @Bean
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        super.configure(httpSecurity);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).permitAll().and().csrf().disable().httpBasic().disable();
    }
}
