package com.ohaotian.plugin.security.config;

import com.ohaotian.plugin.security.filter.Ajax401Filter;
import com.ohaotian.plugin.security.filter.TokenAuthenticationFilter;
import com.ohaotian.plugin.security.interceptor.CasFilterSecurityInterceptor;
import com.ohaotian.plugin.security.property.FilterStaticConfig;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.switchuser.SwitchUserFilter;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:com/ohaotian/plugin/security/config/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    private static final Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);

    @Autowired
    private CasFilterSecurityInterceptor myFilterSecurityInterceptor;

    @Autowired
    private FilterStaticConfig filterStaticConfig;

    public void configure(WebSecurity webSecurity) throws Exception {
        this.filterStaticConfig.getResources().forEach(str -> {
            try {
                webSecurity.ignoring().antMatchers(new String[]{str});
            } catch (Exception e) {
                logger.error("白名单配置异常：", e);
            }
        });
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.headers().frameOptions().disable();
        httpSecurity.csrf().disable();
        httpSecurity.securityContext().securityContextRepository(new XHttpSessionSecurityContextRepository());
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/users/signup/**"})).permitAll();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).authenticated();
        httpSecurity.logout().permitAll();
        CasAuthenticationEntryPoint casAuthenticationEntryPoint = (CasAuthenticationEntryPoint) getApplicationContext().getBean(CasAuthenticationEntryPoint.class);
        CasAuthenticationFilter casAuthenticationFilter = (CasAuthenticationFilter) getApplicationContext().getBean(CasAuthenticationFilter.class);
        SingleSignOutFilter singleSignOutFilter = (SingleSignOutFilter) getApplicationContext().getBean(SingleSignOutFilter.class);
        LogoutFilter logoutFilter = (LogoutFilter) getApplicationContext().getBean(LogoutFilter.class);
        httpSecurity.addFilterAfter((SwitchUserFilter) getApplicationContext().getBean(SwitchUserFilter.class), FilterSecurityInterceptor.class).exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint).and().addFilter(casAuthenticationFilter).addFilterBefore(logoutFilter, LogoutFilter.class).addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class).addFilterBefore((Ajax401Filter) getApplicationContext().getBean(Ajax401Filter.class), CasAuthenticationFilter.class).addFilterBefore(this.myFilterSecurityInterceptor, FilterSecurityInterceptor.class).addFilterBefore((TokenAuthenticationFilter) getApplicationContext().getBean(TokenAuthenticationFilter.class), UsernamePasswordAuthenticationFilter.class);
        httpSecurity.antMatcher("/**");
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.authenticationProvider((AuthenticationProvider) getApplicationContext().getBean("casProvider"));
    }

    @Bean
    public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() {
        ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> servletListenerRegistrationBean = new ServletListenerRegistrationBean<>();
        servletListenerRegistrationBean.setListener(new SingleSignOutHttpSessionListener());
        return servletListenerRegistrationBean;
    }

    @Bean
    public CasAuthenticationFilter casAuthenticationFilter(ServiceProperties serviceProperties) throws Exception {
        CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
        casAuthenticationFilter.setServiceProperties(serviceProperties);
        casAuthenticationFilter.setFilterProcessesUrl("/login/cas");
        casAuthenticationFilter.setAuthenticationManager(authenticationManager());
        casAuthenticationFilter.setContinueChainBeforeSuccessfulAuthentication(false);
        return casAuthenticationFilter;
    }
}
