package org.eobjects.datacleaner.monitor.server;

import com.google.gwt.user.server.rpc.RPCRequest;
import com.google.gwt.user.server.rpc.RemoteServiceServlet;
import java.io.IOException;
import java.lang.reflect.Method;
import javax.annotation.security.RolesAllowed;
import org.eobjects.analyzer.util.ReflectionUtils;
import org.eobjects.analyzer.util.StringUtils;
import org.eobjects.datacleaner.monitor.server.security.TenantResolver;
import org.eobjects.datacleaner.monitor.server.security.User;
import org.eobjects.datacleaner.monitor.server.security.UserBean;
import org.eobjects.datacleaner.monitor.shared.model.DCSecurityException;
import org.eobjects.datacleaner.monitor.shared.model.TenantIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.web.context.ContextLoader;

/* loaded from: input_file:org/eobjects/datacleaner/monitor/server/SecureGwtServlet.class */
public class SecureGwtServlet extends RemoteServiceServlet {
    private static final long serialVersionUID = 1;
    private static final Logger logger = LoggerFactory.getLogger(SecureGwtServlet.class);

    protected TenantResolver getTenantResolver() {
        TenantResolver tenantResolver = (TenantResolver) ContextLoader.getCurrentWebApplicationContext().getBean(TenantResolver.class);
        if (tenantResolver == null) {
            throw new IllegalStateException("No TenantResolver found in application context!");
        }
        return tenantResolver;
    }

    protected void doUnexpectedFailure(Throwable th) {
        if (th instanceof DCSecurityException) {
            try {
                getThreadLocalResponse().sendError(401, th.getMessage());
                return;
            } catch (IOException e) {
                logger.error("Failed to send error: " + th.getMessage(), e);
            }
        } else {
            logger.warn("Unexpected exception occurred in GWT servlet: " + th.getClass().getName(), th);
        }
        super.doUnexpectedFailure(th);
    }

    protected boolean hasRole(String str) {
        Authentication userPrincipal = getThreadLocalRequest().getUserPrincipal();
        if (userPrincipal == null) {
            return false;
        }
        Authentication authentication = userPrincipal;
        UserBean userBean = new UserBean(getTenantResolver());
        userBean.updateUser(authentication);
        return userBean.hasRole(str);
    }

    protected void onAfterRequestDeserialized(RPCRequest rPCRequest) {
        Authentication userPrincipal = getThreadLocalRequest().getUserPrincipal();
        if (userPrincipal == null || StringUtils.isNullOrEmpty(userPrincipal.getName())) {
            throw new DCSecurityException("No user principal - log in to use the system");
        }
        if (!(userPrincipal instanceof Authentication)) {
            throw new IllegalStateException("Principal is not an instance of Authentication: " + userPrincipal);
        }
        Authentication authentication = userPrincipal;
        UserBean userBean = new UserBean(getTenantResolver());
        userBean.updateUser(authentication);
        Method method = rPCRequest.getMethod();
        RolesAllowed annotation = ReflectionUtils.getAnnotation(method, RolesAllowed.class);
        if (annotation != null) {
            checkRoles(userBean, annotation.value(), method);
        }
        Class<?>[] parameterTypes = method.getParameterTypes();
        for (int i = 0; i < parameterTypes.length; i++) {
            if (parameterTypes[i] == TenantIdentifier.class) {
                checkTenant(userBean, (TenantIdentifier) rPCRequest.getParameters()[i]);
                return;
            }
        }
    }

    private void checkTenant(User user, TenantIdentifier tenantIdentifier) {
        String tenant = user.getTenant();
        String id = tenantIdentifier.getId();
        if (!tenant.equals(id)) {
            throw new DCSecurityException("User " + user.getUsername() + " (" + tenant + ") is not authorized to access tenant: " + id);
        }
    }

    private void checkRoles(User user, String[] strArr, Method method) {
        for (String str : strArr) {
            if (user.hasRole(str)) {
                return;
            }
        }
        throw new DCSecurityException("User " + user.getUsername() + " is not authorized to invoke " + method);
    }
}
