package net.sf.acegisecurity.intercept.web;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.acegisecurity.AccessDeniedException;
import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.AuthenticationTrustResolver;
import net.sf.acegisecurity.AuthenticationTrustResolverImpl;
import net.sf.acegisecurity.InsufficientAuthenticationException;
import net.sf.acegisecurity.context.security.SecureContextUtils;
import net.sf.acegisecurity.ui.AbstractProcessingFilter;
import net.sf.acegisecurity.util.PortResolver;
import net.sf.acegisecurity.util.PortResolverImpl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/acegi-security-0.8.2_patched.jar:net/sf/acegisecurity/intercept/web/SecurityEnforcementFilter.class */
public class SecurityEnforcementFilter implements Filter, InitializingBean {
    private static final Log logger;
    public static final String ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY = "ACEGI_SECURITY_403_EXCEPTION";
    private AuthenticationEntryPoint authenticationEntryPoint;
    private FilterSecurityInterceptor filterSecurityInterceptor;
    static Class class$net$sf$acegisecurity$intercept$web$SecurityEnforcementFilter;
    private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
    private PortResolver portResolver = new PortResolverImpl();

    public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
        this.authenticationEntryPoint = authenticationEntryPoint;
    }

    public AuthenticationEntryPoint getAuthenticationEntryPoint() {
        return this.authenticationEntryPoint;
    }

    public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
        this.authenticationTrustResolver = authenticationTrustResolver;
    }

    public AuthenticationTrustResolver getAuthenticationTrustResolver() {
        return this.authenticationTrustResolver;
    }

    public void setFilterSecurityInterceptor(FilterSecurityInterceptor filterSecurityInterceptor) {
        this.filterSecurityInterceptor = filterSecurityInterceptor;
    }

    public FilterSecurityInterceptor getFilterSecurityInterceptor() {
        return this.filterSecurityInterceptor;
    }

    public void setPortResolver(PortResolver portResolver) {
        this.portResolver = portResolver;
    }

    public PortResolver getPortResolver() {
        return this.portResolver;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.authenticationEntryPoint, "authenticationEntryPoint must be specified");
        Assert.notNull(this.filterSecurityInterceptor, "filterSecurityInterceptor must be specified");
        Assert.notNull(this.portResolver, "portResolver must be specified");
        Assert.notNull(this.authenticationTrustResolver, "authenticationTrustResolver must be specified");
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            throw new ServletException("HttpServletRequest required");
        }
        if (!(servletResponse instanceof HttpServletResponse)) {
            throw new ServletException("HttpServletResponse required");
        }
        FilterInvocation filterInvocation = new FilterInvocation(servletRequest, servletResponse, filterChain);
        try {
            this.filterSecurityInterceptor.invoke(filterInvocation);
            if (logger.isDebugEnabled()) {
                logger.debug("Chain processed normally");
            }
        } catch (AccessDeniedException e) {
            if (this.authenticationTrustResolver.isAnonymous(SecureContextUtils.getSecureContext().getAuthentication())) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Access is denied (user is anonymous); redirecting to authentication entry point", e);
                }
                sendStartAuthentication(filterInvocation, new InsufficientAuthenticationException("Full authentication is required to access this resource"));
            } else {
                if (logger.isDebugEnabled()) {
                    logger.debug("Access is denied (user is not anonymous); sending back forbidden response", e);
                }
                sendAccessDeniedError(filterInvocation, e);
            }
        } catch (AuthenticationException e2) {
            if (logger.isDebugEnabled()) {
                logger.debug("Authentication exception occurred; redirecting to authentication entry point", e2);
            }
            sendStartAuthentication(filterInvocation, e2);
        } catch (Throwable th) {
            throw new ServletException(th);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    protected void sendAccessDeniedError(FilterInvocation filterInvocation, AccessDeniedException accessDeniedException) throws ServletException, IOException {
        filterInvocation.getRequest().getSession().setAttribute(ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY, accessDeniedException);
        filterInvocation.getResponse().sendError(403, accessDeniedException.getMessage());
    }

    protected void sendStartAuthentication(FilterInvocation filterInvocation, AuthenticationException authenticationException) throws ServletException, IOException {
        ServletRequest servletRequest = (HttpServletRequest) filterInvocation.getRequest();
        int serverPort = this.portResolver.getServerPort(servletRequest);
        boolean z = true;
        if ("http".equals(servletRequest.getScheme().toLowerCase()) && serverPort == 80) {
            z = false;
        }
        if ("https".equals(servletRequest.getScheme().toLowerCase()) && serverPort == 443) {
            z = false;
        }
        String stringBuffer = new StringBuffer().append(servletRequest.getScheme()).append("://").append(servletRequest.getServerName()).append(z ? new StringBuffer().append(":").append(serverPort).toString() : "").append(servletRequest.getContextPath()).append(filterInvocation.getRequestUrl()).toString();
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Authentication entry point being called; target URL added to Session: ").append(stringBuffer).toString());
        }
        servletRequest.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY, stringBuffer);
        this.authenticationEntryPoint.commence(servletRequest, filterInvocation.getResponse(), authenticationException);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$net$sf$acegisecurity$intercept$web$SecurityEnforcementFilter == null) {
            cls = class$("net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter");
            class$net$sf$acegisecurity$intercept$web$SecurityEnforcementFilter = cls;
        } else {
            cls = class$net$sf$acegisecurity$intercept$web$SecurityEnforcementFilter;
        }
        logger = LogFactory.getLog(cls);
    }
}
