package org.springframework.security.web.access.intercept;

import java.io.IOException;
import java.util.function.Supplier;
import javax.servlet.DispatcherType;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationEventPublisher;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/rewrite/classpath/spring-security-web-6.0.3.jar:org/springframework/security/web/access/intercept/AuthorizationFilter.class
 */
/* loaded from: input_file:META-INF/rewrite/classpath/spring-security-web-5.8.8.jar:org/springframework/security/web/access/intercept/AuthorizationFilter.class */
public class AuthorizationFilter extends GenericFilterBean {
    private final AuthorizationManager<HttpServletRequest> authorizationManager;
    private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder.getContextHolderStrategy();
    private AuthorizationEventPublisher eventPublisher = AuthorizationFilter::noPublish;
    private boolean observeOncePerRequest = true;
    private boolean filterErrorDispatch = false;
    private boolean filterAsyncDispatch = false;

    public AuthorizationFilter(AuthorizationManager<HttpServletRequest> authorizationManager) {
        Assert.notNull(authorizationManager, "authorizationManager cannot be null");
        this.authorizationManager = authorizationManager;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (this.observeOncePerRequest && isApplied(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (skipDispatch(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String alreadyFilteredAttributeName = getAlreadyFilteredAttributeName();
        httpServletRequest.setAttribute(alreadyFilteredAttributeName, Boolean.TRUE);
        try {
            AuthorizationDecision check = this.authorizationManager.check(this::getAuthentication, httpServletRequest);
            this.eventPublisher.publishAuthorizationEvent(this::getAuthentication, httpServletRequest, check);
            if (check != null && !check.isGranted()) {
                throw new AccessDeniedException("Access Denied");
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            httpServletRequest.removeAttribute(alreadyFilteredAttributeName);
        } catch (Throwable th) {
            httpServletRequest.removeAttribute(alreadyFilteredAttributeName);
            throw th;
        }
    }

    private boolean skipDispatch(HttpServletRequest httpServletRequest) {
        if (!DispatcherType.ERROR.equals(httpServletRequest.getDispatcherType()) || this.filterErrorDispatch) {
            return DispatcherType.ASYNC.equals(httpServletRequest.getDispatcherType()) && !this.filterAsyncDispatch;
        }
        return true;
    }

    private boolean isApplied(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getAttribute(getAlreadyFilteredAttributeName()) != null;
    }

    private String getAlreadyFilteredAttributeName() {
        String filterName = getFilterName();
        if (filterName == null) {
            filterName = getClass().getName();
        }
        return filterName + ".APPLIED";
    }

    public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) {
        Assert.notNull(securityContextHolderStrategy, "securityContextHolderStrategy cannot be null");
        this.securityContextHolderStrategy = securityContextHolderStrategy;
    }

    private Authentication getAuthentication() {
        Authentication authentication = this.securityContextHolderStrategy.getContext().getAuthentication();
        if (authentication == null) {
            throw new AuthenticationCredentialsNotFoundException("An Authentication object was not found in the SecurityContext");
        }
        return authentication;
    }

    public void setAuthorizationEventPublisher(AuthorizationEventPublisher authorizationEventPublisher) {
        Assert.notNull(authorizationEventPublisher, "eventPublisher cannot be null");
        this.eventPublisher = authorizationEventPublisher;
    }

    public AuthorizationManager<HttpServletRequest> getAuthorizationManager() {
        return this.authorizationManager;
    }

    public void setShouldFilterAllDispatcherTypes(boolean z) {
        this.observeOncePerRequest = !z;
        this.filterErrorDispatch = z;
        this.filterAsyncDispatch = z;
    }

    private static <T> void noPublish(Supplier<Authentication> supplier, T t, AuthorizationDecision authorizationDecision) {
    }

    public boolean isObserveOncePerRequest() {
        return this.observeOncePerRequest;
    }

    public void setObserveOncePerRequest(boolean z) {
        this.observeOncePerRequest = z;
    }

    public void setFilterErrorDispatch(boolean z) {
        this.filterErrorDispatch = z;
    }

    public void setFilterAsyncDispatch(boolean z) {
        this.filterAsyncDispatch = z;
    }
}
