package org.opensingular.server.commons.spring.security.config.cas;

import java.util.Arrays;
import java.util.Optional;
import javax.inject.Inject;
import javax.inject.Named;
import org.opensingular.lib.commons.base.SingularProperties;
import org.opensingular.server.commons.exception.SingularServerException;
import org.opensingular.server.commons.spring.security.AbstractSingularSpringSecurityAdapter;
import org.opensingular.server.commons.spring.security.SingularUserDetailsService;
import org.opensingular.server.commons.spring.security.config.SingularLogoutHandler;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter;

/* loaded from: input_file:org/opensingular/server/commons/spring/security/config/cas/SingularCASSpringSecurityConfig.class */
public abstract class SingularCASSpringSecurityConfig extends AbstractSingularSpringSecurityAdapter {

    @Inject
    @Named("peticionamentoUserDetailService")
    protected Optional<SingularUserDetailsService> peticionamentoUserDetailService;

    @Bean
    public SingularLogoutHandler singularLogoutHandler() {
        return new SingularCASLogoutHandler(getCASLogoutURL());
    }

    @Override // org.opensingular.server.commons.spring.security.AbstractSingularSpringSecurityAdapter
    public void configure(WebSecurity webSecurity) throws Exception {
        if (SingularProperties.get().isTrue("singular.development")) {
            webSecurity.debug(true);
        }
        super.configure(webSecurity);
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        AuthenticationProvider preAuthenticatedAuthenticationProvider = new PreAuthenticatedAuthenticationProvider();
        preAuthenticatedAuthenticationProvider.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper(this.peticionamentoUserDetailService.orElseThrow(() -> {
            return SingularServerException.rethrow(String.format("Bean %s do tipo %s não pode ser nulo. Para utilizar a configuração de segurança %s é preciso declarar um bean do tipo %s identificado pelo nome %s .", UserDetailsService.class.getName(), "peticionamentoUserDetailService", SingularCASSpringSecurityConfig.class.getName(), UserDetailsService.class.getName(), "peticionamentoUserDetailService"));
        })));
        ProviderManager providerManager = new ProviderManager(Arrays.asList(preAuthenticatedAuthenticationProvider));
        J2eePreAuthenticatedProcessingFilter j2eePreAuthenticatedProcessingFilter = new J2eePreAuthenticatedProcessingFilter();
        j2eePreAuthenticatedProcessingFilter.setAuthenticationManager(providerManager);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.regexMatcher(getContext().getPathRegex()).httpBasic().authenticationEntryPoint(new Http403ForbiddenEntryPoint()).and().csrf().disable().headers().frameOptions().sameOrigin().and().jee().j2eePreAuthenticatedProcessingFilter(j2eePreAuthenticatedProcessingFilter).and().authorizeRequests().antMatchers(new String[]{getContext().getContextPath()})).authenticated();
    }

    public abstract String getCASLogoutURL();
}
