package net.yadaframework.security;

import jakarta.servlet.DispatcherType;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.regex.Pattern;
import net.yadaframework.components.YadaWebUtil;
import net.yadaframework.core.YadaConfiguration;
import net.yadaframework.security.components.YadaAuthenticationFailureHandler;
import net.yadaframework.security.components.YadaAuthenticationSuccessHandler;
import net.yadaframework.security.components.YadaLogoutSuccessHandler;
import net.yadaframework.security.components.YadaUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.multipart.MultipartResolver;
import org.springframework.web.multipart.commons.YadaCommonsMultipartResolver;

@EnableWebSecurity
@ComponentScan(basePackages = {"net.yadaframework.security.components", "net.yadaframework.security.persistence.repository"})
@Order(10)
/* loaded from: input_file:net/yadaframework/security/YadaSecurityConfig.class */
public class YadaSecurityConfig {

    @Autowired
    private YadaUserDetailsService userDetailsService;

    @Autowired
    private YadaConfiguration yadaConfiguration;

    @Autowired
    private YadaWebUtil yadaWebUtil;

    @Autowired
    protected YadaAuthenticationFailureHandler failureHandler;

    @Autowired
    protected YadaAuthenticationSuccessHandler successHandler;

    @Autowired
    protected YadaLogoutSuccessHandler logoutSuccessHandler;

    @Autowired
    protected PasswordEncoder passwordEncoder;
    public static final String DEFAULT_LOGIN_URL = "/login";
    public static final String DEFAULT_LOGIN_URL_AJAX = "/ajaxLogin";
    public static final String DEFAULT_LOGIN_POST = "/loginPost";
    protected String loginUrl = DEFAULT_LOGIN_URL;
    protected String loginUrlAjax = DEFAULT_LOGIN_URL_AJAX;
    protected String loginPost = DEFAULT_LOGIN_POST;

    /* loaded from: input_file:net/yadaframework/security/YadaSecurityConfig$CustomAuthenticationEntryPoint.class */
    public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {
        public CustomAuthenticationEntryPoint() {
        }

        public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
            String str = YadaSecurityConfig.this.yadaWebUtil.isAjaxRequest(httpServletRequest) ? YadaSecurityConfig.this.loginUrlAjax : YadaSecurityConfig.this.loginUrl;
            if (YadaSecurityConfig.this.yadaConfiguration.isLocalePathVariableEnabled()) {
                str = YadaSecurityConfig.this.yadaWebUtil.enhanceUrl(str, LocaleContextHolder.getLocale(), new String[0]);
            }
            httpServletResponse.sendRedirect(str);
        }
    }

    /* loaded from: input_file:net/yadaframework/security/YadaSecurityConfig$MyRequestMatcher.class */
    private static class MyRequestMatcher implements RequestMatcher {
        private Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
        private AntPathRequestMatcher apiMatcher = new AntPathRequestMatcher("/ajaxStoryBunch*", (String) null);

        private MyRequestMatcher() {
        }

        public boolean matches(HttpServletRequest httpServletRequest) {
            return (this.allowedMethods.matcher(httpServletRequest.getMethod()).matches() || this.apiMatcher.matches(httpServletRequest)) ? false : true;
        }
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        this.failureHandler.setFailureUrlAjaxRequest(this.loginUrlAjax);
        this.failureHandler.setFailureUrlNormalRequest(this.loginUrl);
        this.successHandler.setDefaultTargetUrlAjaxRequest("/yadaLoginSuccess");
        this.successHandler.setDefaultTargetUrlNormalRequest("/");
        this.logoutSuccessHandler.setDefaultTargetUrl("/");
        httpSecurity.headers(headersConfigurer -> {
            headersConfigurer.disable();
        }).csrf(csrfConfigurer -> {
            csrfConfigurer.disable();
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
        }).logout(logoutConfigurer -> {
            logoutConfigurer.logoutUrl("/logout").logoutSuccessHandler(this.logoutSuccessHandler);
        }).formLogin(formLoginConfigurer -> {
            formLoginConfigurer.loginPage(this.loginUrl).loginProcessingUrl(this.loginPost).failureHandler(this.failureHandler).successHandler(this.successHandler);
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(new CustomAuthenticationEntryPoint());
        }).requestCache(requestCacheConfigurer -> {
            if (this.yadaConfiguration.isLocalePathVariableEnabled()) {
                requestCacheConfigurer.requestCache(new YadaLocalePathRequestCache());
            } else {
                requestCacheConfigurer.requestCache(new HttpSessionRequestCache());
            }
        }).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.dispatcherTypeMatchers(new DispatcherType[]{DispatcherType.FORWARD})).permitAll();
        });
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(this.userDetailsService).addObjectPostProcessor(new ObjectPostProcessor<DaoAuthenticationProvider>() { // from class: net.yadaframework.security.YadaSecurityConfig.1
            public DaoAuthenticationProvider postProcess(DaoAuthenticationProvider daoAuthenticationProvider) {
                daoAuthenticationProvider.setHideUserNotFoundExceptions(false);
                if (YadaSecurityConfig.this.yadaConfiguration.encodePassword()) {
                    daoAuthenticationProvider.setPasswordEncoder(YadaSecurityConfig.this.passwordEncoder);
                }
                return daoAuthenticationProvider;
            }
        });
    }

    @Bean(name = {"filterMultipartResolver"})
    public MultipartResolver multipartResolver() {
        return new YadaCommonsMultipartResolver();
    }
}
