package org.fabric3.security.authorization;

import java.util.List;
import org.fabric3.api.SecuritySubject;
import org.fabric3.spi.invocation.Message;
import org.fabric3.spi.security.AuthorizationException;
import org.fabric3.spi.security.AuthorizationService;
import org.fabric3.spi.wire.Interceptor;
import org.oasisopen.sca.ServiceRuntimeException;

/* loaded from: input_file:org/fabric3/security/authorization/RoleBasedAuthorizationInterceptor.class */
public class RoleBasedAuthorizationInterceptor implements Interceptor {
    private Interceptor next;
    private final List<String> roles;
    private final AuthorizationService authorizationService;

    public RoleBasedAuthorizationInterceptor(List<String> list, AuthorizationService authorizationService) {
        this.roles = list;
        this.authorizationService = authorizationService;
    }

    public Interceptor getNext() {
        return this.next;
    }

    public void setNext(Interceptor interceptor) {
        this.next = interceptor;
    }

    public Message invoke(Message message) {
        try {
            SecuritySubject subject = message.getWorkContext().getSubject();
            if (subject == null) {
                message.setBodyWithFault(new ServiceRuntimeException("Subject not authenticated"));
                return message;
            }
            this.authorizationService.checkRoles(subject, this.roles);
            return this.next.invoke(message);
        } catch (AuthorizationException e) {
            message.setBodyWithFault(new ServiceRuntimeException(e));
            return message;
        }
    }
}
