package org.ocelotds.security;

import java.io.Serializable;
import java.lang.reflect.Method;
import javax.inject.Inject;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
import org.ocelotds.annotations.OcelotLogger;
import org.ocelotds.annotations.RolesAllowed;
import org.ocelotds.context.OcelotContext;
import org.slf4j.Logger;

@RolesAllowed
@Interceptor
/* loaded from: input_file:org/ocelotds/security/RolesAllowedInterceptor.class */
public class RolesAllowedInterceptor implements Serializable {
    private static final long serialVersionUID = -849762977471230875L;

    @Inject
    @OcelotLogger
    private transient Logger logger;

    @Inject
    private transient OcelotContext ocelotContext;

    @AroundInvoke
    public Object checkRolesAllowed(InvocationContext invocationContext) throws Exception {
        Method method = invocationContext.getMethod();
        String format = String.format("%s.%s", method.getDeclaringClass().getSimpleName(), method.getName());
        for (String str : method.getAnnotation(RolesAllowed.class).value()) {
            if (this.ocelotContext.isUserInRole(str)) {
                this.logger.debug("Check method {} : role {} is allowed", format, str);
                return invocationContext.proceed();
            }
        }
        throw new IllegalAccessException("'" + this.ocelotContext.getPrincipal() + "' is not allowed to execute " + format);
    }
}
