package org.pac4j.springframework.annotation;

import java.util.List;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer;
import org.pac4j.core.authorization.authorizer.RequireAllRolesAuthorizer;
import org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.exception.http.ForbiddenAction;
import org.pac4j.core.exception.http.UnauthorizedAction;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.core.profile.UserProfile;
import org.springframework.beans.factory.annotation.Autowired;

@Aspect
/* loaded from: input_file:WEB-INF/lib/spring-webmvc-pac4j-5.1.0.jar:org/pac4j/springframework/annotation/RequireRoleAnnotationAspect.class */
public class RequireRoleAnnotationAspect {
    private static final IsAuthenticatedAuthorizer IS_AUTHENTICATED_AUTHORIZER = new IsAuthenticatedAuthorizer();

    @Autowired
    private JEEContext webContext;

    @Autowired
    private SessionStore sessionStore;

    @Autowired
    private ProfileManager profileManager;

    protected List<UserProfile> isAuthenticated() {
        List<UserProfile> profiles = this.profileManager.getProfiles();
        if (IS_AUTHENTICATED_AUTHORIZER.isAuthorized(this.webContext, this.sessionStore, profiles)) {
            return profiles;
        }
        throw UnauthorizedAction.INSTANCE;
    }

    @Before("@annotation(requireAnyRole)")
    public void beforeRequireAnyRole(RequireAnyRole requireAnyRole) {
        if (!new RequireAnyRoleAuthorizer(requireAnyRole.value()).isAuthorized(this.webContext, this.sessionStore, isAuthenticated())) {
            throw ForbiddenAction.INSTANCE;
        }
    }

    @Before("@annotation(requireAllRoles)")
    public void beforeRequireAllRoles(RequireAllRoles requireAllRoles) {
        if (!new RequireAllRolesAuthorizer(requireAllRoles.value()).isAuthorized(this.webContext, this.sessionStore, isAuthenticated())) {
            throw ForbiddenAction.INSTANCE;
        }
    }
}
