package com.artfess.base.conf;

import com.artfess.base.filter.JwtAuthorizationTokenFilter;
import com.artfess.base.jwt.JwtAuthenticationEntryPoint;
import com.artfess.base.jwt.JwtTokenHandler;
import com.artfess.base.security.CustomAccessDeniedHandler;
import com.artfess.base.security.CustomPwdEncoder;
import com.artfess.base.security.HtDecisionManager;
import com.artfess.base.security.HtFilterSecurityInterceptor;
import com.artfess.base.util.StringUtil;
import com.artfess.base.util.string.StringPool;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Resource;
import org.apache.commons.lang.ArrayUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@EnableWebSecurity
@Configuration
/* loaded from: input_file:com/artfess/base/conf/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    private static final Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);

    @Resource
    UserDetailsService userDetailsService;

    @Resource
    JwtTokenHandler jwtTokenHandler;

    @Resource
    JwtConfig jwtConfig;

    @Value("${feign.encry.key:feignCallEncry}")
    private String encryKey;

    @Value("${artfess.security.ignore.httpUrls:''}")
    String permitAll;

    @Value("${artfess.security.deny.httpUrls:''}")
    String denyAll;

    @Value("${artfess.security.pswd.encoder:}")
    String passwordEncoder;

    @Value("${cors.enable:true}")
    Boolean corsEnable;

    @Resource
    JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;

    @Resource
    HtFilterSecurityInterceptor htFilterSecurityInterceptor;

    @Resource
    CustomAccessDeniedHandler customAccessDeniedHandler;

    @Value("${webjar.context:mvue,fvue,mobilevue}")
    private List<String> resourceContext;

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(this.userDetailsService).passwordEncoder(getCustomPasswordEncoder());
    }

    public PasswordEncoder getCustomPasswordEncoder() {
        CustomPwdEncoder customPwdEncoder = (CustomPwdEncoder) defaultPasswordEncoderBean();
        if (StringUtil.isNotEmpty(this.passwordEncoder)) {
            try {
                logger.info("Use config password encoder : " + this.passwordEncoder);
                customPwdEncoder.setDelegateEncoder((PasswordEncoder) Class.forName(this.passwordEncoder).newInstance());
            } catch (Exception e) {
                logger.error("Create custom password encoder config class[" + this.passwordEncoder + "] failed.");
            }
        }
        return customPwdEncoder;
    }

    @Bean
    public WebSecurityExtend emptyExtend() {
        return new WebSecurityEmptyExtend();
    }

    @Bean
    public PasswordEncoder defaultPasswordEncoderBean() {
        return new CustomPwdEncoder();
    }

    @Bean
    public AccessDecisionManager accessDecisionManager() {
        return new HtDecisionManager();
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        String[] strArr = new String[0];
        String[] strArr2 = new String[0];
        if (StringUtil.isNotEmpty(this.permitAll)) {
            strArr = this.permitAll.split(",");
        }
        Iterator<String> it = this.resourceContext.iterator();
        while (it.hasNext()) {
            strArr = (String[]) ArrayUtils.add(strArr, String.format("/%s/**", it.next()));
        }
        if (StringUtil.isNotEmpty(this.denyAll)) {
            strArr2 = this.denyAll.split(",");
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().exceptionHandling().authenticationEntryPoint(this.jwtAuthenticationEntryPoint).and().exceptionHandling().accessDeniedHandler(this.customAccessDeniedHandler).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers(strArr)).permitAll().antMatchers(strArr2)).denyAll().antMatchers(HttpMethod.OPTIONS, new String[]{"/**"})).permitAll().antMatchers(new String[]{"/auth/**"})).permitAll().antMatchers(new String[]{"/ueditor/**"})).permitAll().anyRequest()).authenticated().accessDecisionManager(accessDecisionManager());
        JwtAuthorizationTokenFilter jwtAuthorizationTokenFilter = new JwtAuthorizationTokenFilter(userDetailsService(), this.jwtTokenHandler, this.jwtConfig.getHeader());
        jwtAuthorizationTokenFilter.setEncryKey(this.encryKey);
        httpSecurity.addFilterBefore(jwtAuthorizationTokenFilter, UsernamePasswordAuthenticationFilter.class);
        httpSecurity.addFilterBefore(this.htFilterSecurityInterceptor, FilterSecurityInterceptor.class);
        httpSecurity.addFilterBefore(corsFilter(), ChannelProcessingFilter.class);
        httpSecurity.headers().frameOptions().sameOrigin().cacheControl();
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) webSecurity.ignoring().antMatchers(HttpMethod.POST, new String[]{"/auth", "/error", "/sys/sysLogs/v1/loginLogs", "/sys/sysLogs/v1/saveLogs", "/api/user/v1/user/loadUserByUsername", "/actuator/cert", "/uc/AuthorizationModel/v1/downloadFileLic", "/uc/AuthorizationModel/v1/uploadAuthorizationFile", "/form/formServiceController/v1/getFormAndBoExportXml", "/biz/scada/pointSystem/v1//saveScadaPointCache"})).antMatchers(HttpMethod.GET, new String[]{"/sso/**", "/sys/sysLogsSettings/v1/getSysLogsSettingStatusMap", "/sys/sysRoleAuth/v1/getMethodRoleAuth", "/file/v1/getLogoFile", "/flow/def/v1/bpmnXml", "/file/onlinePreviewController/v1/getFileByPathAndId**", "/file/onlinePreviewController/v1/getFileById**", "/portal/main/v1/appProperties", "/sys/sysProperties/v1/getByAlias", "/uc/tenantManage/v1/getTenantByCode", "/sys/sysProperties/v1/getDecryptBySysSetting", "/portal/shorturlManage/v1/getLongUrlByShortUrl", "/file/v1/downloadFile", "/jmreport/**", "/interface-ui/**", "/dataway/api/v1/**"})).and().ignoring().antMatchers(HttpMethod.GET, new String[]{StringPool.SLASH, "/error", "/*.jpg", "/*.gif", "/*.html", "/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js", "/**/image", "/**/json", "/**/ftl", "/interface-ui/**", "/jmreport/**"})).and().ignoring().antMatchers(new String[]{"/v2/api-docs", "/swagger-resources/configuration/ui", "/swagger-resources", "/swagger-resources/configuration/security", "/swagger-ui.html", "/proxy.stream", "/hystrix.stream", "/druid/**", "/hystrix/**", "/actuator/**", "/interface-ui/**", "/service/**", "/jmreport/**"});
    }

    @Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        if (this.corsEnable.booleanValue()) {
            CorsConfiguration corsConfiguration = new CorsConfiguration();
            corsConfiguration.addAllowedOrigin("*");
            corsConfiguration.addAllowedHeader("*");
            corsConfiguration.addAllowedMethod("*");
            urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        }
        return new CorsFilter(urlBasedCorsConfigurationSource);
    }

    @Bean
    public HtFilterSecurityInterceptor htFilterSecurityInterceptor(AccessDecisionManager accessDecisionManager) throws Exception {
        HtFilterSecurityInterceptor htFilterSecurityInterceptor = new HtFilterSecurityInterceptor();
        htFilterSecurityInterceptor.setAccessDecisionManager(accessDecisionManager);
        return htFilterSecurityInterceptor;
    }
}
