package com.ohaotian.plugin.security.config;

import com.ohaotian.plugin.security.auth.XHttpSessionSecurityContextRepository;
import com.ohaotian.plugin.security.config.filter.CustomFilter;
import com.ohaotian.plugin.security.constants.SercurityConstants;
import com.ohaotian.plugin.security.filter.TokenAuthenticationFilter;
import com.ohaotian.plugin.security.property.FilterStaticConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
/* loaded from: input_file:com/ohaotian/plugin/security/config/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    private static final Logger log = LoggerFactory.getLogger(WebSecurityConfig.class);

    @Value("${app.server.host.url}")
    private String appUrl;

    @Autowired
    private FilterStaticConfig filterStaticConfig;

    public void configure(WebSecurity webSecurity) throws Exception {
        this.filterStaticConfig.getResources().forEach(str -> {
            try {
                webSecurity.ignoring().antMatchers(new String[]{str});
            } catch (Exception e) {
                log.error("白名单配置异常：{}", e);
            }
        });
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.headers().frameOptions().disable();
        httpSecurity.csrf().disable();
        httpSecurity.securityContext().securityContextRepository(new XHttpSessionSecurityContextRepository());
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{SercurityConstants.SIGNUP, SercurityConstants.NOAUTH})).permitAll();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).authenticated();
        httpSecurity.logout().permitAll();
        TokenAuthenticationFilter tokenAuthenticationFilter = (TokenAuthenticationFilter) getApplicationContext().getBean(TokenAuthenticationFilter.class);
        CustomFilter customFilter = (CustomFilter) getApplicationContext().getBean(CustomFilter.class);
        httpSecurity.addFilterBefore(tokenAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
        httpSecurity.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
        httpSecurity.antMatcher("/**");
    }
}
