package leap.web.api.security;

import leap.core.annotation.Inject;
import leap.lang.Strings;
import leap.lang.path.Paths;
import leap.web.Request;
import leap.web.Response;
import leap.web.api.Api;
import leap.web.api.config.ApiConfigProcessor;
import leap.web.api.mvc.ApiErrorHandler;
import leap.web.security.SecurityConfigurator;
import leap.web.security.SecurityContextHolder;
import leap.web.security.SecurityFailureHandler;

/* loaded from: input_file:leap/web/api/security/SecurityConfigProcessor.class */
public class SecurityConfigProcessor implements ApiConfigProcessor {

    @Inject
    protected ApiErrorHandler eh;

    @Inject
    protected SecurityConfigurator sc;

    /* loaded from: input_file:leap/web/api/security/SecurityConfigProcessor$ApiSecurityFailureHandler.class */
    protected final class ApiSecurityFailureHandler implements SecurityFailureHandler {
        protected ApiSecurityFailureHandler() {
        }

        public boolean handleAuthenticationDenied(Request request, Response response, SecurityContextHolder securityContextHolder) throws Throwable {
            if (Strings.isEmpty(securityContextHolder.getDenyMessage())) {
                SecurityConfigProcessor.this.eh.unauthorized(response);
                return true;
            }
            SecurityConfigProcessor.this.eh.unauthorized(response, securityContextHolder.getDenyMessage());
            return true;
        }

        public boolean handleAuthorizationDenied(Request request, Response response, SecurityContextHolder securityContextHolder) throws Throwable {
            if (Strings.isEmpty(securityContextHolder.getDenyMessage())) {
                SecurityConfigProcessor.this.eh.forbidden(response);
                return true;
            }
            SecurityConfigProcessor.this.eh.forbidden(response, securityContextHolder.getDenyMessage());
            return true;
        }
    }

    @Override // leap.web.api.config.ApiConfigProcessor
    public void preProcess(Api api) {
        this.sc.setPathPrefixFailureHandler(Paths.suffixWithSlash(api.getBasePath()), new ApiSecurityFailureHandler());
    }
}
