package org.alfresco.web.app.servlet;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import net.sf.acegisecurity.context.ContextHolder;
import org.alfresco.repo.security.authentication.AlfrescoSecureContext;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:org/alfresco/web/app/servlet/ClearSecurityContextFilter.class */
public class ClearSecurityContextFilter implements Filter {
    private Log logger = LogFactory.getLog(getClass());

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            filterChain.doFilter(servletRequest, servletResponse);
            logClearContextInfo(servletRequest);
            AuthenticationUtil.clearCurrentSecurityContext();
        } catch (Throwable th) {
            logClearContextInfo(servletRequest);
            AuthenticationUtil.clearCurrentSecurityContext();
            throw th;
        }
    }

    private void logClearContextInfo(ServletRequest servletRequest) {
        if (this.logger.isDebugEnabled()) {
            try {
                String str = null;
                String fullyAuthenticatedUser = AuthenticationUtil.getFullyAuthenticatedUser();
                AlfrescoSecureContext context = ContextHolder.getContext();
                if (context instanceof AlfrescoSecureContext) {
                    str = AuthenticationUtil.getMaskedUsername(context.getRealAuthentication());
                }
                if (context == null && fullyAuthenticatedUser == null) {
                    return;
                }
                String lineSeparator = System.lineSeparator();
                String str2 = null;
                if (servletRequest instanceof HttpServletRequest) {
                    str2 = ((HttpServletRequest) servletRequest).getRequestURL().toString();
                }
                StringBuilder sb = new StringBuilder();
                sb.append("When clearing out the context for request: ");
                sb.append(str2);
                sb.append(lineSeparator);
                sb.append("There was some information still present in the security context for this thread: ");
                sb.append(Thread.currentThread().getName());
                sb.append(lineSeparator);
                if (context != null) {
                    if (str != null) {
                        sb.append("Real authenticated user found: " + AuthenticationUtil.maskUsername(str));
                        sb.append(lineSeparator);
                    } else {
                        sb.append("ContextHolder was not null");
                        sb.append(lineSeparator);
                    }
                }
                if (fullyAuthenticatedUser != null) {
                    sb.append("Fully authenticated user found: " + AuthenticationUtil.maskUsername(fullyAuthenticatedUser));
                    sb.append(lineSeparator);
                }
                sb.append("Other information about leaking ticket and tenant information may follow in the log, if org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl and org.alfresco.repo.tenant.TenantContextHolder loggers are set to 'trace'");
                sb.append(lineSeparator);
                this.logger.debug(sb.toString());
            } catch (Exception e) {
                this.logger.debug("Error building proper logging message:" + e.getMessage(), e);
            }
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
